security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,927 Commits 1 Branch 57 Tags
1fcdeffadaa01d19bbbfec2691b72612199aef70
Commit Graph

9143 Commits

Author SHA1 Message Date
Florian Roth 1fcdeffada Merge pull request #3283 from Yaxxine7/master 
Replace commandline by parentcommandline and add fp
 2022-07-27 15:08:35 +02:00
Florian Roth 1b824982ed fix: wrong modifier 2022-07-27 14:58:27 +02:00
Florian Roth 9da0386119 make filter more generic 2022-07-27 14:58:02 +02:00
Florian Roth 30ad5d2c44 Merge pull request #3278 from frack113/fp_aurora 
file_access_win_browser_credential_stealing FP
 2022-07-27 14:56:30 +02:00
Florian Roth f5571b65af Merge pull request #3279 from SigmaHQ/rule-devel 
refactor: UACME Akagi
 2022-07-27 14:56:16 +02:00
Florian Roth 050e605cba Merge pull request #3281 from nasbench/nasbench-rule-dev 
Fix typos
 2022-07-27 14:56:04 +02:00
Yaxxine7 706a83868c Replace commandline by parentcommandline and add fp 2022-07-27 14:37:58 +02:00
phantinuss b40d9951c4 fix: FP found in testing 2022-07-27 14:18:29 +02:00
phantinuss dbfd439ce4 fix: too many FPs 
with e.g. =select-billing-address and many more
 2022-07-27 14:18:29 +02:00
Nasreddine Bencherchali f80d8a83da Fix typos 2022-07-27 12:52:51 +01:00
Florian Roth ff6cea7ae5 fix: another list with 1 element 2022-07-27 12:14:18 +02:00
Florian Roth b8700b7a72 fix: list with 1 element 2022-07-27 11:51:34 +02:00
phantinuss e7a4a71e33 Merge pull request #3280 from frack113/computerdefaults 
Update title
 2022-07-27 11:24:24 +02:00
phantinuss 0bd33e9944 add UACMe reference Id 2022-07-27 11:13:48 +02:00
frack113 884b2fc3b7 Update title 2022-07-27 11:08:55 +02:00
Florian Roth 4b326181a8 Merge pull request #3255 from Corissalea/master 
Adding CA Policy Removed Sec Ops Rule
 2022-07-27 10:59:29 +02:00
Florian Roth 994d81162f refactor: UACME Akagi 2022-07-27 10:59:15 +02:00
frack113 90b505a275 System FP 2022-07-27 10:52:08 +02:00
Florian Roth 29ab0cda08 Update azure_aad_secops_ca_policy_updatedby_bad_actor.yml 2022-07-27 10:43:44 +02:00
Florian Roth 9f65836403 Update azure_aad_secops_ca_policy_removedby_bad_actor.yml 2022-07-27 10:43:27 +02:00
Florian Roth 57c87e16cf fix: wrong fields 2022-07-27 10:34:11 +02:00
Florian Roth 48d1a0bccc Merge pull request #3276 from frack113/aurora_fp 
Aurora fp
 2022-07-27 09:05:15 +02:00
Florian Roth 31ff352d6b Merge pull request #3277 from SigmaHQ/rule-devel 
refactor: driver loads, docs: description change
 2022-07-27 09:04:34 +02:00
Florian Roth 27061cd0ac refactor: windivert driver load update 2022-07-27 08:58:46 +02:00
Florian Roth c2ea6079e7 refactor: Dell driver refactoring 2022-07-27 08:52:40 +02:00
Florian Roth df8da70eb4 docs: description change 2022-07-27 08:48:44 +02:00
frack113 69d954138f Update FP 2022-07-27 08:38:49 +02:00
frack113 71f037b9be MS Update FP 2022-07-27 08:12:32 +02:00
frack113 acd2cbf1dc MS Update FP 2022-07-27 08:11:17 +02:00
frack113 bbf07649b1 MS Update FP 2022-07-27 08:09:11 +02:00
Florian Roth 591f715db6 Merge pull request #3275 from SigmaHQ/rule-devel 
refactor: vulnerable driver loads
 2022-07-26 18:25:05 +02:00
Florian Roth 70d84f972c Merge pull request #3272 from redsand/fp_manage_engine_elastic 
False positive when running Manage Engine and elastic
 2022-07-26 18:24:45 +02:00
Florian Roth 108bffa1ad Merge pull request #3274 from pH-T/master 
new rules: lnx susp shell exec
 2022-07-26 18:24:26 +02:00
Florian Roth 324513c90e refactor: vulnerable driver loads 2022-07-26 18:09:52 +02:00
Florian Roth 3895bdbed1 Merge pull request #3273 from SigmaHQ/rule-devel 
Vulnerable Driver Loads - Update
 2022-07-26 17:52:17 +02:00
Paul Hager ecf12bf6af new rules: lnx susp shell exec 2022-07-26 16:40:12 +02:00
Florian Roth 66679ce315 refactor: imphash winring0 2022-07-26 15:01:28 +02:00
Florian Roth da1ad54a41 refactor: vulnerable driver loads 2022-07-26 14:56:28 +02:00
Florian Roth 88eca559b9 fix: wrong condition 2022-07-26 13:34:10 +02:00
Tim Shelton fb95703685 False positive when running Manage Engine and elastic 2022-07-25 21:33:39 +00:00
Florian Roth add077b8f5 Merge pull request #3270 from nasbench/nasbench-rule-dev 
Rule Update
 2022-07-25 19:03:41 +02:00
Nasreddine Bencherchali 38543ff5d9 Update proc_creation_win_lolbin_winword.yml 2022-07-25 17:53:23 +01:00
Florian Roth e170be9f45 Merge pull request #3269 from nasbench/windowsTerminal-persistence 
WindowsTerminal Rule
 2022-07-25 18:26:20 +02:00
Nasreddine Bencherchali 236587ee7a Rule Update 2022-07-25 16:50:19 +01:00
Nasreddine Bencherchali f897cae1b0 Create proc_creation_win_windows_terminal_susp_children.yml 2022-07-25 15:54:21 +01:00
Nasreddine Bencherchali 524ea4bfeb Fix typo 2022-07-25 11:12:00 +01:00
Florian Roth e1afd68f40 docs: wording 2022-07-25 10:22:36 +02:00
Florian Roth 7d875ed05c Merge pull request #3267 from SigmaHQ/rule-devel 
rule: vulnerable gigabyte driver load
 2022-07-25 10:21:34 +02:00
Florian Roth 2cbdd50927 rule: vulnerable gigabyte driver load 2022-07-25 10:08:05 +02:00
Florian Roth 4af35c6794 Merge pull request #3263 from RomaissaAdjailia/master 
Suspicious processes Started From PSExec service
 2022-07-25 07:50:52 +02:00