security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
14,241 Commits 1 Branch 57 Tags
1c0c29f45f554d65d30a1dfbf8fd9cb77c192546
Commit Graph

283 Commits

Author SHA1 Message Date
Nasreddine Bencherchali df2c86f941 fix: separate selection and add missing modified 2023-01-06 17:41:01 +01:00
Nasreddine Bencherchali e56d3763b5 fix: unused selection 2023-01-06 17:16:20 +01:00
Nasreddine Bencherchali 7e73028c5e feat: updates and enhancements 2023-01-06 16:35:34 +01:00
Nasreddine Bencherchali 711ba956e3 feat: updates and enhancements 2023-01-04 17:49:32 +01:00
Nasreddine Bencherchali 6819d264cc fix: update evtx tamper rules 2023-01-02 15:25:19 +01:00
vadim 440706e971 Rules for detecting changes in the storage paths of evtx logs 2023-01-02 13:21:33 +03:00
frack113 aee5ca7afc Fix invalid field cast or name (#3841) 2022-12-30 11:46:21 +01:00
frack113 7060db3d47 Promotion rules (#3821) 
* Promotion rules

* fix missing null

* fix: modified date

Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-27 12:29:10 +01:00
Nasreddine Bencherchali 03cc78e916 feat: filename test enhancements (#3812) 2022-12-23 09:25:16 +01:00
Nasreddine Bencherchali 4b6f5f143d feat: add more suspicious cases 
Co-authored-by: Florian Roth <venom14@gmail.com>
 2022-12-21 00:18:44 +01:00
Florian Roth 2580b84de3 fix: typo 2022-12-21 00:07:51 +01:00
Nasreddine Bencherchali beccf416da feat: add two new rules 2022-12-20 23:44:44 +01:00
Nasreddine Bencherchali ba3e985bed feat: multiple update and enhancements 2022-12-19 17:41:40 +01:00
Florian Roth c98e9ec3cc fix: list with one element issue 2022-12-14 13:23:28 +01:00
Florian Roth 232d7f840a fix: FPs noticed with Aurora 2022-12-14 13:05:58 +01:00
frack113 0328946e69 Merge pull request #3774 from frack113/redcanary_20221211 
Redcannary rules
 2022-12-12 13:30:20 +01:00
frack113 d797bf0eb1 Apply suggestions from code review 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-12 13:23:59 +01:00
frack113 89d2d00a5b Redcannary 2022-12-11 16:46:32 +01:00
Nasreddine Bencherchali 1a9d7960e7 fix: add dword version 2022-12-09 19:44:44 +01:00
Nasreddine Bencherchali fb988ab25e fix: typos and errors 2022-12-09 19:15:35 +01:00
Nasreddine Bencherchali a8472bf4df fix: add missing selection 2022-12-09 19:13:59 +01:00
Nasreddine Bencherchali fa1cbb314a feat: more updates to etw tamper rules 2022-12-09 19:09:24 +01:00
Nasreddine Bencherchali 7c7057d9d3 fix: rename .net etw tamper rules 2022-12-09 18:06:58 +01:00
Nasreddine Bencherchali 89e44d46cb feat: update .net etw tamper rules 2022-12-09 18:06:20 +01:00
Nasreddine Bencherchali fa318243c2 Merge branch 'SigmaHQ:master' into nasbench-rule-devel 2022-12-08 19:22:11 +01:00
Florian Roth e78cb13cfd Merge pull request #3764 from pbssubhash/master 
Detection for LSASS Shtinkering
 2022-12-08 17:36:18 +01:00
Nasreddine Bencherchali 80ef3b70dc fix: broken single item lists 2022-12-08 16:23:58 +01:00
Nasreddine Bencherchali edc99c92a2 fix: enhance rules related to Lsass-Shtinkering 2022-12-08 11:02:56 +01:00
pbssubhash bea46b2b9e Update to modify FP and UUID 2022-12-08 12:13:25 +05:30
pbssubhash 4bb1df9f6e Update to remove FP 2022-12-08 12:03:02 +05:30
pbssubhash d393b57c36 Detection for LSASS Shtinkering 2022-12-08 11:49:53 +05:30
Nasreddine Bencherchali a425ef65e5 feat: update metadata and add more cases for rules 2022-12-07 02:26:21 +01:00
Nasreddine Bencherchali a7bfb349ee fix: fix fp found in testing 2022-12-07 02:25:52 +01:00
Nasreddine Bencherchali 42b99b165d feat: new rules and fixes (#3759) 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2022-12-06 12:13:20 +01:00
Florian Roth e493a41bc6 Merge pull request #3757 from SigmaHQ/aurora-false-positive-fixing 
fix: FPs noticed in Nextron testing CI
 2022-12-05 18:54:31 +01:00
Florian Roth 1796502b90 fix: FPs noticed in Nextron testing CI 2022-12-05 17:39:42 +01:00
Florian Roth 9375fe95b4 Merge pull request #3748 from SigmaHQ/rule-devel 
Rule refactoring, improvements
 2022-12-04 17:55:14 +01:00
Florian Roth de0561edba Update rules/windows/registry/registry_set/registry_set_creation_service_susp_folder.yml 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-03 09:09:51 +01:00
Florian Roth 8fd31d5d11 Merge branch 'master' into aurora-false-positive-fixing 2022-12-02 12:18:17 +01:00
Florian Roth 9b5560844f fix: FP with Avast software 2022-12-02 12:18:11 +01:00
Florian Roth ce803476de refactor: rule with ??? causing issues in some backends 2022-12-01 14:02:15 +01:00
frack113 a674ee246b Update Title (#3739) 2022-11-30 11:44:15 +01:00
frack113 c820216541 Update Title (#3733) 2022-11-28 06:43:17 +01:00
frack113 cd4121d966 Update Title (#3731) 
Co-authored-by: Florian Roth <venom14@gmail.com>
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-11-27 19:19:27 +01:00
jstnk9 3572e9d9ea titles modified (#3730) 2022-11-26 08:49:30 +01:00
jstnk9 a573a8e1bc Title modified in several rules (#3728) 2022-11-25 15:34:38 +01:00
Nasreddine Bencherchali b6dce4b6a5 feat: general fixes 2022-11-22 01:22:36 +01:00
frack113 cc340f2247 Apply suggestions from code review 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-11-18 15:43:08 +01:00
frack113 4bd0cd07ea .NET CLR Usage Log 2022-11-18 13:24:58 +01:00
Nasreddine Bencherchali 20b0a6bad8 Rule Dev 2022-11-18 11:15:28 +01:00