da8d42fa2b
Merge pull request #4385 from @phantinuss - Update Workflow Pipeline
...
- fix: Devil Bait Potential C2 Communication Traffic
- chore: update workflow to run on all rules
- chore: unpin the sigma-cli version from the workflow
2023-08-23 14:18:49 +02:00
d28b15cee2
Update .github/workflows/known-FPs.csv
2023-08-18 15:34:11 +02:00
41c4a6029e
Update .github/workflows/known-FPs.csv
...
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com >
2023-08-18 15:21:09 +02:00
be9abb9364
feat: update cl diag script rules
2023-08-17 19:26:21 +02:00
9a1d0932e9
use new path of validate script
2023-08-15 13:15:16 +02:00
04121f1920
Rename sigma-validation.yaml to sigma-validation.yml
2023-08-15 11:52:05 +02:00
21d7be9708
Use the latest version of checkout action
2023-08-02 14:29:33 +02:00
e57f5943a4
Add workflow to validate all rules
2023-08-02 11:41:28 +02:00
1c1aa09d4b
Update known-FPs.csv
2023-07-31 10:20:15 +02:00
e1d07780b3
fix: fp
2023-07-24 14:08:45 +02:00
08e0a297f3
feat: new rules and updates
2023-07-13 17:31:13 +02:00
827d687fdb
fix: add ntlmv1 to known-fps
2023-06-07 10:48:34 +02:00
715cc0589c
Merge pull request #4232 from swachchhanda000/master
...
feat: extended coverage of existing defender tampering rules
2023-06-05 13:26:03 +02:00
899c2ff23a
chore: update defender rules
2023-06-05 11:50:43 +02:00
62caac4708
feat: multiple updates and new rules ( #4242 )
2023-05-17 17:21:59 +02:00
0e8e5a0bd5
Restored thor.yml and fixed reference to it
2023-04-02 01:22:10 +02:00
b36fb603e0
fix: fp found in testing
2023-03-09 22:53:30 +01:00
73293ce625
feat: update workflow
2023-02-22 14:49:09 +01:00
6a0b38291f
fix: fp found in baseline
2023-02-17 23:16:42 +01:00
7ea3db18f7
Fix test errors
2023-01-27 15:09:43 +01:00
dd9987527a
fix: final fp
2023-01-19 00:49:32 +01:00
6819d264cc
fix: update evtx tamper rules
2023-01-02 15:25:19 +01:00
3c2e1a6a3e
add new test
2022-12-30 16:00:42 +01:00
aee5ca7afc
Fix invalid field cast or name ( #3841 )
2022-12-30 11:46:21 +01:00
3b54304ac6
Update Workflow action ( #3829 )
2022-12-28 13:58:10 +01:00
e6baac1bf2
fix: exclude teamviewer fp & reduce severity
2022-12-23 20:50:38 +01:00
75c6f44f12
Update Workflow ( #3752 )
2022-12-04 11:18:11 +01:00
20ef4b880c
Exclude SetupFrontEnd.exe
2022-10-31 18:49:53 +01:00
f78e9e9034
Add rule
...
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com >
2022-10-24 17:52:05 +02:00
736ba904b0
fix: add new FP to whitelist, no tuning possible
2022-10-21 17:41:32 +02:00
c5fb5e1c95
fix: remove FPs found in goodlogs
2022-10-12 17:04:31 +02:00
48cb48306e
Update known-FPs.csv
2022-10-04 11:41:17 +02:00
f940a43d8f
workflow: use correct rule title
2022-09-21 13:51:20 +02:00
54add15167
workflow: fix wrong filename
2022-09-21 13:51:20 +02:00
40e0dfcb29
chore: add new known FPs
2022-09-21 13:45:28 +02:00
e5e5cdd3b3
workflow: update evtx-baseline to v0.7 and add a new test for the data
2022-09-21 13:45:28 +02:00
35f102f8a0
Update known-FPs.csv
2022-08-31 11:40:39 +02:00
475bb1a90b
Update known-FPs.csv
2022-08-31 11:12:18 +02:00
b0768ed5cd
Update known-FPs.csv
2022-08-31 11:05:41 +02:00
b7fe798a8d
Update known-FPs.csv
2022-08-31 10:24:04 +02:00
6f467656fe
chore: Get Submodules for test_rules.py test
2022-08-12 14:33:31 +02:00
acbc9110e4
Add short name path
2022-08-07 08:38:11 +02:00
f1eba85780
Add short name path
2022-08-07 08:37:58 +02:00
c38bfe86da
Add short path and Image
2022-08-06 11:25:44 +02:00
b18184a58f
workflow: add baseline chack for Windows 2022 domain controller
2022-04-21 10:48:59 +02:00
0aabb53bd6
chore: update to evtx-baseline v0.6
2022-04-21 10:48:58 +02:00
8a8226317f
fix: indentation
2022-04-07 14:15:44 +02:00
25de8a926c
workflow: new baseline check against Windows 2022
2022-04-07 14:15:44 +02:00
d323753abd
workflow: new baseline check against Windows 7 32-bit
2022-04-06 17:06:54 +02:00
49a38185b2
workflow: add known FP
2022-04-06 16:09:53 +02:00
phantinuss