blue-team-tools

Author	SHA1	Message	Date
Roberto Rodriguez	2c0e89ccc8	added indentation to lists per request	2021-10-15 16:24:26 -04:00
Roberto Rodriguez	7b11987155	Fixed format indentation to fix block error	2021-10-15 16:12:51 -04:00
Roberto Rodriguez	d391eccd32	split commandline arguments in a few rules	2021-10-15 16:10:42 -04:00
Roberto Rodriguez	eed86077ab	updated rules schema and added Clipboard Collection with Xclip Tool	2021-10-15 15:59:11 -04:00
Roberto Rodriguez	04ff9ae692	Updated at command rule to use Image field	2021-10-15 15:46:59 -04:00
Roberto Rodriguez	aa0a5b8204	commands to clear or remove the syslog rule	2021-10-15 15:43:42 -04:00
Roberto Rodriguez	f8cb0883d5	OMI SCX Execute RunAsProvider rules	2021-10-15 15:38:09 -04:00
Roberto Rodriguez	ca99394e46	detect overwriting and deletion of files via dd	2021-10-15 15:28:15 -04:00
$frack113$ frack113	2930c1624c	Merge pull request #2142 from austinsonger/aws Aws	2021-10-15 08:17:24 +01:00
Austin Songer	7ad0887704	Update passed_role_to_glue_development_endpoint.yml	2021-10-14 12:10:48 -05:00
Austin Songer	70b55f2c2d	Update aws_lambda_function_created_or_invoked.yml	2021-10-14 12:10:29 -05:00
$frack113$ frack113	87f2326402	Merge pull request #2133 from hieuttmmo/master Sigma Rules for Privileged Accounts Activities Monitoring in Azure	2021-10-14 16:53:53 +01:00
Florian Roth	7e02555e22	refactor: credential dumper level increased	2021-10-14 14:24:56 +02:00
$frack113$ frack113	c202d39acd	Merge pull request #2138 from frack113/conti_ransomware Conti ransomware commandline	2021-10-14 06:31:36 +01:00
Austin Songer	40879252a8	Update aws_lambda_function_created_or_invoked.yml	2021-10-13 16:25:28 -05:00
Austin Songer	f7dba3fbff	Update passed_role_to_glue_development_endpoint.yml	2021-10-13 12:34:16 -05:00
Austin Songer	503a4bc72b	Update and rename aws_pass_role_to_lambda_function.yml to aws_lambda_function_created_or_invoked.yml	2021-10-13 12:27:24 -05:00
$frack113$ frack113	1e0fde6975	Merge pull request #2135 from austinsonger/onelogin Onelogin Rules	2021-10-13 16:35:27 +01:00
Austin Songer	756d5b5aa6	Update onelogin_user_account_locked.yml	2021-10-13 07:02:01 -05:00
Austin Songer	4e43fce629	Update powershell_windows_firewall_profile_disabled.yml	2021-10-13 07:01:04 -05:00
Austin Songer	e08f6333b8	Update aws_pass_role_to_lambda_function.yml	2021-10-13 06:59:13 -05:00
Austin Songer	010b0e2868	Update passed_role_to_glue_development_endpoint.yml	2021-10-13 06:58:57 -05:00
Tran Trung Hieu	15c472ee19	Merge branch 'master' of https://github.com/hieuttmmo/sigma	2021-10-13 15:12:45 +04:00
Tran Trung Hieu	7c01710d9d	Change the service to the form service: azure._a_name_ and add falsepositives field	2021-10-13 15:12:36 +04:00
$frack113$ frack113	5aa62bd342	fix yml	2021-10-12 21:02:15 +02:00
$frack113$ frack113	37c637066b	add process_creation_conti_cmd_ransomware.yml	2021-10-12 20:57:12 +02:00
Austin Songer	40eed2ec59	Rename powershell_windows_firewall_disabled.yml to powershell_windows_firewall_profile_disabled.yml	2021-10-12 11:57:37 -05:00
Austin Songer	d273bc25ea	Create powershell_windows_firewall_disabled.yml	2021-10-12 11:56:37 -05:00
Austin Songer	9faca2f3dc	Update onelogin_assumed_another_user.yml	2021-10-11 22:54:05 -05:00
Austin Songer	0978ca92d8	Update onelogin_assumed_another_user.yml	2021-10-11 21:18:31 -05:00
austinsonger	0bf9f1cfd6	Onelogin Rules	2021-10-11 21:03:48 -05:00
$frack113$ frack113	b9fc29bc05	Merge pull request #2131 from frack113/Powershell Powershell order	2021-10-11 15:43:32 +01:00
hieuttmmo	be314ae8bb	Merge branch 'SigmaHQ:master' into master	2021-10-10 16:06:54 +04:00
Tran Trung Hieu	5fdaefc77d	Azure Security Operations for Priveleged Accounts	2021-10-10 16:06:28 +04:00
$frack113$ frack113	d081d20a13	Merge pull request #2119 from austinsonger/privilege_escalation_pass_role_to_lambda_function.yml passed_role_to_glue_development_endpoint.yml and passed_role_to_lambda_function.yml	2021-10-10 11:01:36 +02:00
$frack113$ frack113	7497fdb484	Merge pull request #2129 from d4rk-d4nph3/master Added rule for possible persistence via VMTools	2021-10-10 10:55:06 +02:00
$frack113$ frack113	1337116d84	Cleanup selection name	2021-10-10 10:17:24 +02:00
Bhabesh Rai	a241f526ef	Added more strict path	2021-10-10 07:54:40 +05:45
Austin Songer	1987897a76	Update aws_pass_role_to_lambda_function.yml	2021-10-09 15:26:38 -05:00
Austin Songer	de52890a62	Update passed_role_to_glue_development_endpoint.yml	2021-10-09 15:24:49 -05:00
Florian Roth	30213dba87	Merge pull request #2132 from SigmaHQ/rule-devel New Rules	2021-10-09 19:19:45 +02:00
Florian Roth	195db4cffc	refactor: made Apache RCE rule more robust	2021-10-09 18:48:02 +02:00
Florian Roth	4ab3ebf6b2	Merge pull request #2128 from OTRF/feature/Susp-ADFS-NamedPipe Detect suspicious named pipe connections to an AD FS WID	2021-10-09 16:47:25 +02:00
Florian Roth	2379907f26	docs: extended the description by a word	2021-10-09 16:42:42 +02:00
Florian Roth	f475b90ee3	fix: typo in description	2021-10-09 16:41:48 +02:00
$frack113$ frack113	5c68c42058	order powershell_script	2021-10-09 10:30:36 +02:00
Florian Roth	6c4e24d0de	rule: coin miner param --cpu-priority	2021-10-09 10:28:16 +02:00
$frack113$ frack113	77749510b7	fix yml	2021-10-09 10:01:40 +02:00
$frack113$ frack113	41d098b253	fix yml error	2021-10-09 09:59:21 +02:00
$frack113$ frack113	9b0f744f75	order powershell_script	2021-10-09 09:57:45 +02:00

1 2 3 4 5 ...

6247 Commits