security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,807 Commits 1 Branch 57 Tags
291ca18d22f720f2ebcd30cf468f4434cecccdaa
Commit Graph

53 Commits

Author SHA1 Message Date
Ryan Plas cda0fbff62 fix:F multiple 404 links in references (#4332) 2023-06-26 10:10:04 +01:00
Nasreddine Bencherchali 3d9372bef3 feat: new rules, updates and fp fixes (#4136) 2023-04-03 12:06:14 +02:00
Nasreddine Bencherchali 7c38a5c496 chore: add nextron authors tag 2023-02-01 11:14:59 +01:00
frack113 f7b159350d Merge pull request #3954 from nasbench/nasbench-rule-devel 
feat: updates and enhancements
 2023-01-25 13:21:44 +01:00
Nasreddine Bencherchali f42eb77f29 fix: rule logic 2023-01-25 12:03:11 +01:00
Nasreddine Bencherchali d47215d469 fix: single element selection 2023-01-25 01:35:47 +01:00
Nasreddine Bencherchali 7d2b70cb91 feat: add bpf related rules 2023-01-25 01:14:49 +01:00
Nick Moore 0312c481d9 Change rules using all of required-lists to |all 
When a Sigma rule writer wants to create a list of values where all of
them must be matched for the rule to trigger, the approach used
previously was to have an `all of` condition for a single selector.
However, this has now changed, and the new approach is to use an empty
key and the |all modifier (i.e., `'|all'`).

This commit (tries to) identify all the rules that used the old
approach and modifies them to use the new approach instead.

See SigmaHQ/sigma-specification#53 for further discussion.
 2023-01-23 14:37:25 +00:00
frack113 4023bf2c83 Remove mitre url 2023-01-10 18:09:04 +01:00
frack113 d6059d801b Filename normalisation 2023-01-07 08:52:11 +01:00
Nasreddine Bencherchali ea4b844c8e fix: broken selections 2023-01-06 17:28:29 +01:00
Nasreddine Bencherchali 7e73028c5e feat: updates and enhancements 2023-01-06 16:35:34 +01:00
frack113 01e7adeb30 order linux file 2023-01-05 08:14:19 +01:00
frack113 7060db3d47 Promotion rules (#3821) 
* Promotion rules

* fix missing null

* fix: modified date

Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-27 12:29:10 +01:00
Nasreddine Bencherchali 4c7db89847 fix: improve overall structure 2022-12-21 20:40:29 +01:00
zakibro a0c07b2fba Update rules/linux/builtin/lnx_privileged_user_creation.yml 
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2022-12-21 19:31:34 +01:00
zakibro 14f006382a Update rules/linux/builtin/lnx_privileged_user_creation.yml 
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2022-12-21 19:31:24 +01:00
zakibro 0fa4f8a454 Create lnx_privileged_user_creation.yml 
Adding new use case for tracking of Creation of privileged user in linux
 2022-12-21 18:16:20 +01:00
frack113 cd4121d966 Update Title (#3731) 
Co-authored-by: Florian Roth <venom14@gmail.com>
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-11-27 19:19:27 +01:00
Nasreddine Bencherchali 6674ed0554 fix: add removed comments 2022-11-17 00:57:24 +01:00
phantinuss 8c209f0ed1 Update lnx_shell_priv_esc_prep.yml 2022-11-01 12:32:46 +01:00
securepeacock f6acf8e4cc Update lnx_shell_priv_esc_prep.yml 
Added ip6tables
 2022-10-31 09:38:45 -04:00
frack113 11cb03181e Order yaml field 2022-10-25 08:53:44 +02:00
frack113 931fb30853 old experimental rule promotion 2022-10-09 16:54:04 +02:00
Nasreddine Bencherchali 7176d672b5 Fix wildcard 2022-10-05 17:21:34 +02:00
nasreddine.bencherchali@nextron-systems.com 4fc62dee7c Linux rules update 2022-09-16 09:22:57 +02:00
Nasreddine Bencherchali d6a2c13738 Update rules (desc, selection, logic) 2022-08-04 18:08:08 +01:00
Nasreddine Bencherchali aec95b6d65 Update selections and indentation 2022-07-07 20:13:45 +01:00
Nasreddine Bencherchali d03f6df250 Reference Update [Batch 1] 2022-07-07 15:24:15 +01:00
Florian Roth f728893364 refactor: rule level adjustments - critical to high 2022-06-18 17:43:22 +02:00
frack113 8de0027ca3 refactor condition 2022-06-03 15:35:24 +02:00
frack113 a305a0be45 Merge pull request #2983 from d4rk-d4nph3/master 
Added rule for Nimbuspwn exploitation
 2022-05-05 20:41:30 +02:00
Bhabesh a70e96355c Beautify the rule 2022-05-05 23:48:41 +05:45
Bhabesh 7f2ad6df89 Fix for error 2022-05-05 11:24:20 +05:45
Bhabesh 46827e2655 Added rule for Nimbuspwn exploitation 2022-05-04 20:30:40 +05:45
zakibro 0bb96b323d Update lnx_crontab_file_modification.yml 2022-04-19 19:47:12 +02:00
zakibro 4212e24424 Update lnx_crontab_file_modification.yml 
fixing title
 2022-04-16 17:44:43 +02:00
Pawel Mazur c1db0b4fed Adding Linxu crontab rule 2022-04-16 17:36:11 +02:00
Florian Roth 3114433944 fix: product unix > linux 2022-03-24 11:40:51 +01:00
phantinuss 043747822f fix: more falsepositives harmonization 2022-03-16 14:57:06 +01:00
frack113 c3c13d6089 add lnx_pwnkit_local_privilege_escalation 2022-01-29 10:07:54 +01:00
frack113 4631d0c482 remove invalid tag 2022-01-19 18:23:30 +01:00
frack113 f7e670d55e Simple Quote 2022-01-11 13:40:53 +01:00
frack113 9092958019 fix quote 2022-01-10 22:25:47 +01:00
frack113 a885d95aa3 Update pattern 2021-12-10 16:45:42 +01:00
frack113 b56630ced1 Add lnx_susp_dev_tcp 2021-12-10 13:39:06 +01:00
frack113 01dc930c17 Change status for old rules 2021-11-27 11:33:14 +01:00
Florian Roth 4a69c71b2f Update lnx_shell_clear_cmd_history.yml 2021-11-24 09:31:12 +01:00
Florian Roth 94c61bf07a Update lnx_shell_clear_cmd_history.yml 2021-11-24 09:29:48 +01:00
secjunkie b76d000f26 Update lnx_shell_clear_cmd_history.yml 
cat and ln can use zero or null
chattr does not clear but stops further logging
 2021-11-23 23:06:23 +00:00