security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
12,212 Commits 1 Branch 57 Tags
2ea7fc0c51ffa01ccfa1a1ece2c8d3d270b830a1
Commit Graph

180 Commits

Author SHA1 Message Date
frack113 2ea7fc0c51 Update proxy_turla_comrat.yml 2022-08-15 17:32:34 +02:00
frack113 f50de1d4e1 Update proxy_chafer_malware.yml 2022-08-15 17:32:20 +02:00
frack113 29901228fd Update proxy_baby_shark.yml 2022-08-15 17:32:07 +02:00
Tomasuh 2bcb6abd72 Escape ? character 2022-08-12 12:46:21 +02:00
Tomasuh 5c549a2825 Escape ? character 2022-08-12 12:45:52 +02:00
Tomasuh 08d25bd065 Escape ? character 2022-08-12 12:44:53 +02:00
Tomasuh b189122287 Escape ? character 2022-08-12 12:44:23 +02:00
Tomasuh 75b9b7b1a9 Escape ? character 2022-08-12 12:43:58 +02:00
Tomasuh 4ccb8d9ca0 Escape question mark 2022-08-12 12:38:07 +02:00
Tomasuh 7f86fcf89d Update to use cs-host instead of r-dns 2022-08-11 08:36:23 +02:00
Tomasuh 61c2e6b532 Update proxy_susp_flash_download_loc.yml 2022-08-11 08:33:07 +02:00
Tomasuh a15044bc1c Avoid Adobe related false-positives 
Avoid Adobe related false-positives such as Adobe Synchronizer
 2022-08-08 14:03:34 +02:00
Tomasuh 946b0205a2 Revert to correct rule id 2022-08-08 08:54:50 +02:00
Tomasuh 9f347bc322 Restore title from previous mistake edit 2022-08-08 08:53:38 +02:00
Tomasuh 9f8c4a4d44 Update proxy_susp_flash_download_loc.yml 2022-08-08 08:43:35 +02:00
Tomasuh 58c6068484 uri inst. of uri-query, r-dns inst of uri-stem 2022-08-08 08:41:41 +02:00
Tomasuh 8bd1108b01 From cs-uri-query to cs-uri to enable matching 
Rule should be applied on uri and not the uri-query
 2022-08-05 09:49:24 +02:00
Florian Roth b3dd9f51f0 some rule improvements 2022-07-21 18:16:22 +02:00
Florian Roth d15f3d738b Merge pull request #3207 from SigmaHQ/rule-devel 
fix: missing Windows Defender source, rule: Proxy UA Base64
 2022-07-08 11:14:00 +02:00
Florian Roth 9b47c868bc fix: list and add base64 encoded Mozilla keyword 2022-07-08 10:50:52 +02:00
Florian Roth 6fc782958a rule: Proxy UA Base64 value 2022-07-08 10:40:35 +02:00
Nasreddine Bencherchali 5b352ee34c Update proxy_cobalt_amazon.yml 2022-07-07 15:29:46 +01:00
Nasreddine Bencherchali d03f6df250 Reference Update [Batch 1] 2022-07-07 15:24:15 +01:00
Florian Roth f728893364 refactor: rule level adjustments - critical to high 2022-06-18 17:43:22 +02:00
Florian Roth ed2ab816be refactor: BITS rules new and reworked 2022-06-10 13:16:40 +02:00
David ANDRE 74b9f97b9c Renamed suspicious in filenames to susp 2022-05-19 09:37:04 +02:00
Florian Roth d74d287bac Merge pull request #2998 from redsand/spotify_co_for_bits_admin 
Adds allow for spotify streaming, which uses this service
 2022-05-12 13:02:48 +02:00
phantinuss 112b715dd6 chore: test rules: reactivate single value list check 2022-05-10 17:13:04 +02:00
Tim Shelton 574df099f9 Adds allow for spotify streaming, which uses this service 2022-05-09 20:38:25 +00:00
Florian Roth c8f9577ee9 refactor: new user name 2022-05-06 19:37:47 +02:00
frack113 4631d0c482 remove invalid tag 2022-01-19 18:23:30 +01:00
frack113 f7e670d55e Simple Quote 2022-01-11 13:40:53 +01:00
Florian Roth e055ec1d52 refactor: change all " of them" expressions 2022-01-11 10:59:57 +01:00
frack113 c6014b1205 Change status to test 2022-01-07 07:04:24 +01:00
frack113 73f258e2d1 Change double quote to quote 2022-01-06 14:02:35 +01:00
Florian Roth c842b12970 Update proxy_java_class_download.yml 2021-12-21 13:22:47 +01:00
Andreas Hunkeler c0a6de06c4 rule: Add Java class proxy download rule 2021-12-21 11:25:08 +01:00
Florian Roth 7fad4768e4 rule: APT UA - new user agent 2021-12-01 14:20:05 +01:00
frack113 01dc930c17 Change status for old rules 2021-11-27 11:33:14 +01:00
Florian Roth d43f845157 Update proxy_cobalt_malformed_uas.yml 2021-11-08 11:21:49 +01:00
frack113 b8a1f4c63b Merge pull request #1961 from SigmaHQ/rule-devel 
SideWalk User-Agent used by Sparkling Goblin
 2021-09-01 08:06:15 +02:00
Florian Roth 9b20060275 SideWalk UA 2021-08-31 17:14:19 +02:00
Austin Songer c9128687ee Spelling Errors on Rules 2021-08-18 18:58:20 +00:00
frack113 fc64b8b937 Split PR 1802 fix net rules 2021-08-09 17:23:15 +02:00
Florian Roth 7f820c7b29 rule updates 2021-07-28 16:20:21 +02:00
Florian Roth 9b93165ece BackdoorDiplomacy UA 2021-06-15 10:39:08 +02:00
Florian Roth f52ed7604c BabyShark Pattern 2021-06-10 09:41:36 +02:00
Florian Roth 416030a85f rule: cobaltstrike malformed UAs 2021-05-10 12:43:14 +02:00
Anton Kutepov 3f45269296 Merge branch 'oscd' 
B
B
B
B
A
 2021-03-02 22:58:41 +03:00
jaegeral e1f43f17c2 fixed various spelling errors all over rules and source code 2021-02-24 14:43:13 +00:00