security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,368 Commits 1 Branch 57 Tags
2c0e89ccc8584b59bee3ae4c8aabd2a9df87f8af
Commit Graph

8368 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Roberto Rodriguez 2c0e89ccc8 added indentation to lists per request 2021-10-15 16:24:26 -04:00
Roberto Rodriguez 7b11987155 Fixed format indentation to fix block error 2021-10-15 16:12:51 -04:00
Roberto Rodriguez d391eccd32 split commandline arguments in a few rules 2021-10-15 16:10:42 -04:00
Roberto Rodriguez eed86077ab updated rules schema and added Clipboard Collection with Xclip Tool 2021-10-15 15:59:11 -04:00
Roberto Rodriguez 04ff9ae692 Updated at command rule to use Image field 2021-10-15 15:46:59 -04:00
Roberto Rodriguez aa0a5b8204 commands to clear or remove the syslog rule 2021-10-15 15:43:42 -04:00
Roberto Rodriguez f8cb0883d5 OMI SCX Execute RunAsProvider rules 2021-10-15 15:38:09 -04:00
Roberto Rodriguez ca99394e46 detect overwriting and deletion of files via dd 2021-10-15 15:28:15 -04:00
frack113 2930c1624c Merge pull request #2142 from austinsonger/aws 
Aws
 2021-10-15 08:17:24 +01:00
Austin Songer 7ad0887704 Update passed_role_to_glue_development_endpoint.yml 2021-10-14 12:10:48 -05:00
Austin Songer 70b55f2c2d Update aws_lambda_function_created_or_invoked.yml 2021-10-14 12:10:29 -05:00
frack113 87f2326402 Merge pull request #2133 from hieuttmmo/master 
Sigma Rules for Privileged Accounts Activities Monitoring in Azure
 2021-10-14 16:53:53 +01:00
Florian Roth 7e02555e22 refactor: credential dumper level increased 2021-10-14 14:24:56 +02:00
Tran Trung Hieu a7e6eb576c Delete .DS_Store file 2021-10-14 15:55:05 +04:00
frack113 5f5b57504b Merge pull request #2144 from frack113/fix_2140 
fix status in filter
 2021-10-14 08:12:05 +01:00
frack113 c202d39acd Merge pull request #2138 from frack113/conti_ransomware 
Conti ransomware commandline
 2021-10-14 06:31:36 +01:00
frack113 468cac031d fix status 2021-10-14 07:19:41 +02:00
Austin Songer 40879252a8 Update aws_lambda_function_created_or_invoked.yml 2021-10-13 16:25:28 -05:00
Austin Songer f7dba3fbff Update passed_role_to_glue_development_endpoint.yml 2021-10-13 12:34:16 -05:00
Austin Songer 503a4bc72b Update and rename aws_pass_role_to_lambda_function.yml to aws_lambda_function_created_or_invoked.yml 2021-10-13 12:27:24 -05:00
frack113 1e0fde6975 Merge pull request #2135 from austinsonger/onelogin 
Onelogin Rules
 2021-10-13 16:35:27 +01:00
frack113 a10d100d87 Merge pull request #2137 from austinsonger/powershell_windows_firewall_disabled.yml 
powershell_windows_firewall_profile_disabled.yml
 2021-10-13 16:29:37 +01:00
Austin Songer 756d5b5aa6 Update onelogin_user_account_locked.yml 2021-10-13 07:02:01 -05:00
Austin Songer 4e43fce629 Update powershell_windows_firewall_profile_disabled.yml 2021-10-13 07:01:04 -05:00
Austin Songer e08f6333b8 Update aws_pass_role_to_lambda_function.yml 2021-10-13 06:59:13 -05:00
Austin Songer 010b0e2868 Update passed_role_to_glue_development_endpoint.yml 2021-10-13 06:58:57 -05:00
Tran Trung Hieu 15c472ee19 Merge branch 'master' of https://github.com/hieuttmmo/sigma 2021-10-13 15:12:45 +04:00
Tran Trung Hieu 7c01710d9d Change the service to the form service: azure._a_name_ and add falsepositives field 2021-10-13 15:12:36 +04:00
frack113 5aa62bd342 fix yml 2021-10-12 21:02:15 +02:00
frack113 37c637066b add process_creation_conti_cmd_ransomware.yml 2021-10-12 20:57:12 +02:00
Austin Songer 40eed2ec59 Rename powershell_windows_firewall_disabled.yml to powershell_windows_firewall_profile_disabled.yml 2021-10-12 11:57:37 -05:00
Austin Songer d273bc25ea Create powershell_windows_firewall_disabled.yml 2021-10-12 11:56:37 -05:00
Austin Songer 9faca2f3dc Update onelogin_assumed_another_user.yml 2021-10-11 22:54:05 -05:00
Austin Songer 0978ca92d8 Update onelogin_assumed_another_user.yml 2021-10-11 21:18:31 -05:00
austinsonger 0bf9f1cfd6 Onelogin Rules 2021-10-11 21:03:48 -05:00
frack113 9b2b8dd2c3 Merge pull request #2134 from frack113/new_category 
New category for powershell rules
 2021-10-11 15:43:55 +01:00
frack113 b9fc29bc05 Merge pull request #2131 from frack113/Powershell 
Powershell order
 2021-10-11 15:43:32 +01:00
frack113 f1d5605f10 fix yml space 2021-10-11 07:44:48 +02:00
frack113 9810a9fe73 add powershell.yml 2021-10-11 07:42:04 +02:00
hieuttmmo be314ae8bb Merge branch 'SigmaHQ:master' into master 2021-10-10 16:06:54 +04:00
Tran Trung Hieu 5fdaefc77d Azure Security Operations for Priveleged Accounts 2021-10-10 16:06:28 +04:00
frack113 d081d20a13 Merge pull request #2119 from austinsonger/privilege_escalation_pass_role_to_lambda_function.yml 
passed_role_to_glue_development_endpoint.yml and passed_role_to_lambda_function.yml
 2021-10-10 11:01:36 +02:00
frack113 7497fdb484 Merge pull request #2129 from d4rk-d4nph3/master 
Added rule for possible persistence via VMTools
 2021-10-10 10:55:06 +02:00
frack113 1337116d84 Cleanup selection name 2021-10-10 10:17:24 +02:00
Bhabesh Rai a241f526ef Added more strict path 2021-10-10 07:54:40 +05:45
Austin Songer 1987897a76 Update aws_pass_role_to_lambda_function.yml 2021-10-09 15:26:38 -05:00
Austin Songer de52890a62 Update passed_role_to_glue_development_endpoint.yml 2021-10-09 15:24:49 -05:00
Florian Roth 30213dba87 Merge pull request #2132 from SigmaHQ/rule-devel 
New Rules
 2021-10-09 19:19:45 +02:00
Florian Roth 195db4cffc refactor: made Apache RCE rule more robust 2021-10-09 18:48:02 +02:00
Florian Roth 4ab3ebf6b2 Merge pull request #2128 from OTRF/feature/Susp-ADFS-NamedPipe 
Detect suspicious named pipe connections to an AD FS WID
 2021-10-09 16:47:25 +02:00