blue-team-tools

Author	SHA1	Message	Date
Nasreddine Bencherchali	18a77e79e3	fix: multiple issues	2023-01-06 18:04:04 +01:00
Nasreddine Bencherchali	2e85903a59	fix: broken condition	2023-01-06 17:41:30 +01:00
Nasreddine Bencherchali	df2c86f941	fix: separate selection and add missing modified	2023-01-06 17:41:01 +01:00
Nasreddine Bencherchali	7e73028c5e	feat: updates and enhancements	2023-01-06 16:35:34 +01:00
Nasreddine Bencherchali	711ba956e3	feat: updates and enhancements	2023-01-04 17:49:32 +01:00
Nasreddine Bencherchali	9f2b1e081b	Merge pull request #3853 from D3F7A5105/master Rules for detecting changes in the storage paths of evtx logs	2023-01-02 15:55:35 +01:00
Nasreddine Bencherchali	6819d264cc	fix: update evtx tamper rules	2023-01-02 15:25:19 +01:00
Nasreddine Bencherchali	3749416a30	Merge branch 'SigmaHQ:master' into nasbench-rule-devel	2023-01-02 14:50:27 +01:00
Nasreddine Bencherchali	a99b5082e1	feat: updates and enhancements	2023-01-02 14:49:45 +01:00
vadim	440706e971	Rules for detecting changes in the storage paths of evtx logs	2023-01-02 13:21:33 +03:00
$frack113$ frack113	e09850f968	fix field name	2023-01-02 11:06:57 +01:00
$frack113$ frack113	0e8d1f9b0d	Check field name	2023-01-02 10:59:51 +01:00
$frack113$ frack113	aee5ca7afc	Fix invalid field cast or name (#3841 )	2022-12-30 11:46:21 +01:00
Nasreddine Bencherchali	a25027fef8	fix: rename links from old repo to SigmaHQ	2022-12-27 21:05:16 +01:00
$frack113$ frack113	7060db3d47	Promotion rules (#3821 ) * Promotion rules * fix missing null * fix: modified date Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>	2022-12-27 12:29:10 +01:00
Nasreddine Bencherchali	68f1ce8b9e	Merge branch 'SigmaHQ:master' into nasbench-rule-devel	2022-12-20 22:24:56 +01:00
Nasreddine Bencherchali	05bdb9af74	fix: rename files to fit logic	2022-12-19 19:28:23 +01:00
Nasreddine Bencherchali	9c308642c7	fix: apply suggestions from code review Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>	2022-12-19 19:21:55 +01:00
Nasreddine Bencherchali	c374413664	fix: change to permalink	2022-12-19 18:15:57 +01:00
Nasreddine Bencherchali	060174e2dd	fix: small fixes - Added modified date - Updated DLL sideload version	2022-12-19 18:14:01 +01:00
pbssubhash	8a9f1ee273	Update file_event_win_wermgr_local_privilege_escalation.yml	2022-12-19 22:39:05 +05:30
pbssubhash	ae974d8f15	Modifying existing rule instead of a new one	2022-12-19 22:35:36 +05:30
pbssubhash	b763ddd7c7	Update file_event_win_dircreate2system_privesc.yml	2022-12-19 22:21:37 +05:30
pbssubhash	8d617d2587	Create file_event_win_dircreate2system_privesc.yml	2022-12-19 22:14:25 +05:30
Nasreddine Bencherchali	ba3e985bed	feat: multiple update and enhancements	2022-12-19 17:41:40 +01:00
$frack113$ frack113	646351808e	Refractor (#3794 ) Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>	2022-12-18 21:00:14 +01:00
Nasreddine Bencherchali	a606223568	fix: add missing filename to the logic	2022-12-16 19:47:13 +01:00
Nasreddine Bencherchali	3868dd91c6	feat: updates and enhancements	2022-12-16 16:52:12 +01:00
Nasreddine Bencherchali	26cd02cff4	fix: add modified date	2022-12-09 19:24:44 +01:00
Nasreddine Bencherchali	14d174e218	feat: update rules related to dll sideloading	2022-12-09 17:36:24 +01:00
Nasreddine Bencherchali	9f346ce7d1	fix: typo in rule filename	2022-12-09 16:41:36 +01:00
Nasreddine Bencherchali	fa318243c2	Merge branch 'SigmaHQ:master' into nasbench-rule-devel	2022-12-08 19:22:11 +01:00
Florian Roth	e78cb13cfd	Merge pull request #3764 from pbssubhash/master Detection for LSASS Shtinkering	2022-12-08 17:36:18 +01:00
Nasreddine Bencherchali	80ef3b70dc	fix: broken single item lists	2022-12-08 16:23:58 +01:00
Nasreddine Bencherchali	edc99c92a2	fix: enhance rules related to Lsass-Shtinkering	2022-12-08 11:02:56 +01:00
pbssubhash	d393b57c36	Detection for LSASS Shtinkering	2022-12-08 11:49:53 +05:30
Nasreddine Bencherchali	b59566ad0f	fix: fix FP found in testing	2022-12-07 11:52:38 +01:00
Nasreddine Bencherchali	a425ef65e5	feat: update metadata and add more cases for rules	2022-12-07 02:26:21 +01:00
gs3cl	122cb47d71	Gs3cl patch 1 (#3753 )	2022-12-05 10:39:58 +01:00
Nasreddine Bencherchali	b6492e731b	feat: general updates and fixes	2022-12-02 23:16:03 +01:00
$frack113$ frack113	0f3eefdc9c	Update title (#3746 ) Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>	2022-12-02 18:10:43 +01:00
$frack113$ frack113	a674ee246b	Update Title (#3739 )	2022-11-30 11:44:15 +01:00
Nasreddine Bencherchali	1d7ee1cd19	feat: enhance duplicate test (#3736 ) Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2022-11-29 13:47:09 +01:00
Florian Roth	b56537bffb	fix: some rules using ??? placeholders	2022-11-29 10:31:18 +01:00
jstnk9	647f6dc2ef	Update title (#3734 )	2022-11-29 07:36:45 +01:00
Aurakal	c536b262c9	Create file_event_win_remote_cred_dump.yml (#3732 )	2022-11-27 19:31:48 +01:00
Nasreddine Bencherchali	b6dce4b6a5	feat: general fixes	2022-11-22 01:22:36 +01:00
$frack113$ frack113	cc340f2247	Apply suggestions from code review Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>	2022-11-18 15:43:08 +01:00
$frack113$ frack113	58a732e4b6	Update rules/windows/file/file_event/file_event_win_net_cli_artefact.yml Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>	2022-11-18 15:42:37 +01:00
$frack113$ frack113	4bd0cd07ea	.NET CLR Usage Log	2022-11-18 13:24:58 +01:00

1 2

84 Commits