security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
14,241 Commits 1 Branch 57 Tags
1c0c29f45f554d65d30a1dfbf8fd9cb77c192546
Commit Graph

93 Commits

Author SHA1 Message Date
Fukusuke Takahashi 1ab7324ca0 fix: remove unneeded double backslash escape (#3844) 2022-12-31 08:32:46 +01:00
Nasreddine Bencherchali a25027fef8 fix: rename links from old repo to SigmaHQ 2022-12-27 21:05:16 +01:00
fukusuket 9c76aac1fc refactor: remove unnesessary escape. 2022-12-03 21:56:00 +09:00
unknown 0b1a0beff8 Update PR 2022-11-03 10:57:56 -04:00
unknown 6196cb4236 Merge branch 'master' of https://github.com/SigmaHQ/sigma into cobalt-pipenames-redcanary 2022-11-03 10:53:26 -04:00
Nasreddine Bencherchali fb50c78531 Optimize selection 2022-10-31 20:57:48 +01:00
Nasreddine Bencherchali 2aff1acccd Fix typo in selection 2022-10-27 00:12:58 +02:00
Nasreddine Bencherchali 4be6af3c08 Add/Update PAExec Rules 2022-10-26 23:27:17 +02:00
Nasreddine Bencherchali 388624e279 Update PsExec Rules 2022-10-26 23:15:01 +02:00
frack113 dfdaecc52c Order yaml field 2022-10-25 12:00:56 +02:00
unknown a25ac9c4d9 Fix date and modified field duplication 2022-10-19 12:04:04 -04:00
unknown 490c148bca Merge branch 'master' of https://github.com/SigmaHQ/sigma into cobalt-pipenames-redcanary 2022-10-19 11:50:00 -04:00
Nasreddine Bencherchali bf28e42f01 Fix FP Found In Testing 2022-10-10 17:33:14 +02:00
frack113 cf7a348028 Fix related 2022-10-09 17:28:05 +02:00
frack113 931fb30853 old experimental rule promotion 2022-10-09 16:54:04 +02:00
unknown a0275ab124 New pipename criteria from redcanary 2022-09-27 15:37:14 -04:00
Nasreddine Bencherchali fb44c6fa87 Update meta info 2022-09-13 22:14:45 +02:00
Florian Roth 66f829c371 rule: CsExec 2022-08-22 17:43:49 +02:00
Nasreddine Bencherchali fb1deb7fb2 Update pipe_created_psexec_default_pipe_from_susp_location.yml 2022-08-04 19:18:42 +01:00
Nasreddine Bencherchali 307f9c6a35 New rules 2022-08-04 19:11:16 +01:00
Nasreddine Bencherchali 2d46263054 Renamed rule filename for conformity 2022-08-04 15:57:43 +01:00
Nasreddine Bencherchali df74e42243 Add missing definition for named pipe rules 2022-08-04 15:56:47 +01:00
Nasreddine Bencherchali 48a90c6342 DiagTrackEoP rules 2022-08-03 15:45:39 +01:00
Florian Roth 6dde3012cc refactor: some changes 2022-07-11 19:55:54 +02:00
Nasreddine Bencherchali 238e0ecd7d Update Ref+Selection 2022-07-11 14:11:53 +01:00
Nasreddine Bencherchali d2f08cca5d New Rules 2022-07-11 10:22:45 +01:00
phantinuss 9475153292 fix: FPs found in testing environment 2022-06-20 16:17:54 +02:00
Florian Roth accf27b771 fix: FPs 2022-06-20 13:39:47 +02:00
frack113 8de0027ca3 refactor condition 2022-06-03 15:35:24 +02:00
phantinuss 13e31e8383 fix: FPs found in win2022 domain controller baseline 2022-04-21 10:48:59 +02:00
Paul Hager 68659cf5fd new susp service installation rules 2022-03-18 16:08:40 +01:00
phantinuss b23eee6ebf fix: unknown --> Unknown 2022-03-16 13:43:54 +01:00
frack113 7fb8272f94 Name Normalization 
Name Normalization
 2022-02-27 10:58:14 +01:00
Florian Roth 05763aea3f docs: level adjusted 2022-02-17 13:02:18 +01:00
Florian Roth 57271c3c00 fix: bugs in rules 2022-02-16 17:26:57 +01:00
Florian Roth 51bbe21c70 fix: more Aurora FP fixes 2022-02-16 17:16:50 +01:00
Florian Roth 2500c16aea fix: FPs noticed with Aurora 2022-02-16 17:00:27 +01:00
Florian Roth d6af219bed Merge branch 'master' into pr/2573 2022-01-19 19:42:49 +01:00
frack113 4631d0c482 remove invalid tag 2022-01-19 18:23:30 +01:00
Tim Shelton 37243f5902 Updating formatting for more accurate mssql sqlps.exe detection 2022-01-19 14:49:00 +00:00
Tim Shelton dc1e150a46 adding support for mssql sqlps.exe 2022-01-18 23:55:04 +00:00
Tim Shelton ec51cf6698 Allow wmi service to also perform, since winrm is being allowed 2022-01-18 22:20:55 +00:00
Tim Shelton a0983a3659 Allow dsac to perform powershell execution over named pipes. DSAC - Active Directory Admin Client 2022-01-18 19:55:00 +00:00
Florian Roth e055ec1d52 refactor: change all " of them" expressions 2022-01-11 10:59:57 +01:00
Florian Roth c7c4130c04 Update sysmon_alternate_powershell_hosts_pipe.yml 2021-12-17 12:31:08 +01:00
Tim Shelton 0dea125a82 Adding filter for calls using \WINDOWS\System32\sdiagnhost.exe, used rule 867613fb-fa60-4497-a017-a82df74a172c as filter reference 2021-12-03 16:53:20 +00:00
frack113 01dc930c17 Change status for old rules 2021-11-27 11:33:14 +01:00
Florian Roth 11fc576103 fix: FPs with rules 2021-11-25 19:04:27 +01:00
frack113 f47d0da3f7 add missing MITRE Techniques 2021-11-20 12:26:01 +01:00
David André 7ad901fce1 Corrected typo in HyperBro malware name 2021-11-12 08:36:13 +01:00