security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,807 Commits 1 Branch 57 Tags
291ca18d22f720f2ebcd30cf468f4434cecccdaa
Commit Graph

277 Commits

Author SHA1 Message Date
phantinuss 2f6b8cd03a fix path to schema json 2023-08-15 13:18:33 +02:00
phantinuss 373c458184 Rename validate.sh to tests/validate-sigma-schema/validate.sh 2023-08-15 13:14:07 +02:00
phantinuss 7ed0930f8f Rename sigma-schema.json to tests/validate-sigma-schema/sigma-schema.json 2023-08-15 13:13:29 +02:00
Nasreddine Bencherchali 67d0d2afff chore: change service name to lowercase 2023-08-08 15:41:08 +02:00
frack113 a66b38d3df Fix to pass the tests 2023-08-08 06:47:08 +02:00
phantinuss 0055269b8e chore: update submodule tests/cti 2023-07-19 14:10:39 +02:00
Nasreddine Bencherchali 9f82e581a1 fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-06-20 11:26:41 +02:00
frack113 8c5dba3740 Update tags 
Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-06-20 07:31:54 +02:00
Nasreddine Bencherchali 098746574c feat: add typo check for related field 2023-06-07 12:29:02 +02:00
Nasreddine Bencherchali 1299b21561 feat: rule and tests update 2023-05-31 13:46:13 +02:00
phantinuss 24aae4d4d3 chore: update submodule tests/cti 2023-05-22 16:03:18 +02:00
Nasreddine Bencherchali 7f00ce042a chore: order event ids 2023-05-19 14:44:53 +02:00
phantinuss 12cd1f989e feat: map antivirus categoriy to Windows Defender logs 2023-05-19 14:27:56 +02:00
frack113 e42c66557e Merge pull request #4234 from YamatoSecurity/new-rule-certificate-exported 
new rule: Certificate Exported
 2023-05-19 09:33:12 +02:00
Nasreddine Bencherchali de9f3a3521 feat: update logsource and rule 
- Add 2 new event log
  - Microsoft-Windows-CAPI2/Operational
  - Microsoft-Windows-CertificateServicesClient-Lifecycle-System/Operational
- Update required tests and rules
 2023-05-19 00:05:05 +02:00
Josh 1cd3005159 fix: add new edge case to test_logsource.py (#4247) 
Improve the condition of the log source test to check for "NULL" values
 2023-05-18 22:36:01 +02:00
Nasreddine Bencherchali e51b548938 fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-05-12 10:33:05 +02:00
Nasreddine Bencherchali cab7dcc9f4 fix: unused selection and increase filename size 2023-05-11 20:51:33 +02:00
frack113 c1a9712558 Review Web logsource 2023-05-08 11:04:16 +02:00
phantinuss e6d734e7fc chore: use relative paths for rules test again 2023-04-26 13:22:01 +02:00
Nasreddine Bencherchali 1ed9743e7c fix: test issues 2023-04-25 19:18:38 +02:00
Nasreddine Bencherchali 16d4d0b6ea Update test_rules.py 2023-04-25 18:59:24 +02:00
phantinuss 1d6ad79f06 fix: adding executable bit 2023-04-24 08:41:56 +02:00
Nasreddine Bencherchali 7f88625c3c feat: update tests for new folder struct 2023-04-21 15:01:47 +02:00
Nasreddine Bencherchali d591bf662a fix: update tests 2023-04-21 15:01:47 +02:00
Nasreddine Bencherchali 9890de995a feat: update tests for new folder struct 2023-04-21 15:00:37 +02:00
Nasreddine Bencherchali f4e406c1b6 fix: update tests 2023-04-21 15:00:37 +02:00
Tess 0ade5feae9 add test for duplicate references 2023-04-20 10:45:51 -04:00
Nasreddine Bencherchali 2710bf4710 feat: new rules, updates and fp fixes (#4162) 2023-04-11 13:04:22 +02:00
phantinuss 6aa1e64062 chore: reactivate cti submodule 2023-04-05 16:12:22 +02:00
Nick Moore 463d9fff82 feat: new rule Potential Okta Password in AlternateID Field (#4158) 2023-04-05 13:21:03 +02:00
Thomas Patzke 0e8e5a0bd5 Restored thor.yml and fixed reference to it 2023-04-02 01:22:10 +02:00
Thomas Patzke fb05fe3485 Removal of sigmatools 2023-04-02 01:15:46 +02:00
Nasreddine Bencherchali 2883c2e714 fix: test errors 2023-03-07 14:23:44 +01:00
Nasreddine Bencherchali 05adb156e7 feat: update test 2023-03-07 14:14:21 +01:00
phantinuss 2530cd72de chore: update submodule cti 2023-02-21 16:38:33 +01:00
Nasreddine Bencherchali f0afc4cce6 fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-02-20 12:06:37 +01:00
Nasreddine Bencherchali 6a0b38291f fix: fp found in baseline 2023-02-17 23:16:42 +01:00
Moti-H ff4242dadd feat: add new application vulnerability rules (#4034) 2023-02-15 12:29:53 +01:00
Nasreddine Bencherchali 82d0b9e10c fix: add missing modified and improve test 2023-02-10 00:56:07 +01:00
Thomas Patzke ef9d4f702d Merge pull request #3878 from DCSO/rule_test_add_re_escape_tests 
Test: Check 're' rules against unwanted/unneeded escapes
 2023-02-04 08:59:16 +01:00
Nasreddine Bencherchali f2643c6043 Merge pull request #3940 from mbabinski/master 
feat: add external remote service logon from public IP rule.
 2023-01-31 11:04:50 +01:00
Nasreddine Bencherchali 2817c6085c feat: add cidr modifier to the test 2023-01-31 10:58:29 +01:00
Nasreddine Bencherchali 6de8009c88 fix: update metadata and prefix test 2023-01-30 10:23:13 +01:00
frack113 2bd14e4953 Small update 
- Change service to audit
- Add operation
 2023-01-22 08:55:24 +01:00
Nasreddine Bencherchali 5416935cec feat: update logsource with new service 2023-01-21 11:33:48 +01:00
Nasreddine Bencherchali 1c340493c6 fix: broken logsource 2023-01-17 01:13:50 +01:00
Nasreddine Bencherchali e5fe4d5f46 feat: update config files 
- Update indentation of config files to 4
- Add new event logs
 2023-01-17 01:00:24 +01:00
frack113 2b0b680775 Merge pull request #3925 from frack113/lsa-server 
Microsoft-Windows-LSA
 2023-01-13 18:24:43 +01:00
Nasreddine Bencherchali c7f1f52b7b fix: apply suggestions from code review 2023-01-13 18:19:32 +01:00