security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,589 Commits 1 Branch 57 Tags
3034d626ea43d29d59f2fb7b4e6a89f08e69da0f
Commit Graph

8025 Commits

Author SHA1 Message Date
phantinuss 3034d626ea chore: promote status of rules 2022-03-30 11:24:24 +02:00
Florian Roth 0b4bfad074 Merge branch 'master' into aurora-false-positive-fixing 2022-03-29 21:06:30 +02:00
Florian Roth 567cdad7b5 fix: cleanmgr.exe FPs 2022-03-29 19:48:40 +02:00
Florian Roth 4b5a9db68a Merge pull request #2864 from SigmaHQ/rule-devel 
refactor: more robust reg add ImagePath rule
 2022-03-29 19:47:24 +02:00
Florian Roth 9d0483697c fix: wpad decision matches 2022-03-29 19:46:45 +02:00
Florian Roth 7cd65a737d Merge pull request #2861 from redsand/fp_msiexec_sccm 
FP filter to include without quotes
 2022-03-29 16:00:12 +02:00
Florian Roth cc45743669 refactor: more robust reg add ImagePath rule 2022-03-29 15:21:47 +02:00
Max Altgelt 36ba148616 fix: filter null image in process creation rule 2022-03-29 08:56:47 +02:00
Tim Shelton f4776fb081 FP filter to include without quotes 2022-03-28 18:50:00 +00:00
Florian Roth 658f4c48ee refactor: less relevant FW event 2022-03-28 17:06:00 +02:00
frack113 14ec2e7d7c Merge pull request #2859 from redsand/fp_msiexec_sccm 
Adding FP filter for ccm
 2022-03-27 08:44:50 +02:00
frack113 e34bbfa7f2 Merge pull request #2857 from frack113/fix_logsource 
Update Registry logsource
 2022-03-27 08:42:49 +02:00
Tim Shelton 35bbd3727e Adding FP filter for ccm 2022-03-26 18:35:31 +00:00
Florian Roth a9bf73f33c Merge pull request #2856 from redsand/fp_filter_ccm_setup 
Filtering of ccm setup executables
 2022-03-26 19:07:53 +01:00
Florian Roth df2cbc9765 refactor: single element list 2022-03-26 18:42:47 +01:00
Tim Shelton 2918383643 OOps... syntax err... early morning 2022-03-26 16:09:09 +00:00
frack113 c13532aea6 Update logsource 2022-03-26 16:57:58 +01:00
Tim Shelton a587d4145e Filtering of ccm setup executables 2022-03-26 15:23:57 +00:00
frack113 3190840f40 Registry_delete category 2022-03-26 12:02:37 +01:00
frack113 f1b8bc9479 Registry_add 2022-03-26 11:56:39 +01:00
frack113 5a1e2c91e0 fix date 2022-03-26 11:39:32 +01:00
frack113 fb55e0e7b3 Catagorie registry add delete 2022-03-26 11:21:53 +01:00
frack113 e2fbbb319d Categorie registry_set 2022-03-26 10:55:05 +01:00
frack113 b425d04944 order registry rules 2022-03-26 10:24:10 +01:00
Florian Roth 952f14d851 Merge pull request #2853 from SigmaHQ/aurora-false-positive-fixing 
Aurora false positive fixing
 2022-03-25 17:14:06 +01:00
Florian Roth 016265169d docs: changed description and title of two rules 2022-03-25 13:42:56 +01:00
Florian Roth 15c6fad973 Merge pull request #2850 from hieuttmmo/master 
Rule to detect when any MFA Denied recorded by Azure SigninLogs
 2022-03-25 11:35:49 +01:00
Florian Roth 7d48d0e838 Merge pull request #2852 from drasti-mehta/fix_win_susp_service_install 
Fix win_susp_service_ rules causing Sigmac error
 2022-03-25 08:27:55 +01:00
Florian Roth 9028600878 Merge branch 'aurora-false-positive-fixing' of https://github.com/SigmaHQ/sigma into aurora-false-positive-fixing 2022-03-25 00:05:51 +01:00
Florian Roth 68f3e6328e fix: FP with different procs on less relevant keys 2022-03-25 00:05:49 +01:00
Florian Roth 0dfd802579 Merge pull request #2837 from SigmaHQ/log-source-cleanup 
Log source cleanup
 2022-03-24 21:26:46 +01:00
Florian Roth 0b97d37faf Update azure_mfa_denies.yml 2022-03-24 21:26:13 +01:00
Florian Roth 37437c7f3d Update win_susp_service_installation_script.yml 2022-03-24 21:22:26 +01:00
Florian Roth 76710a1d86 Update win_susp_service_installation.yml 2022-03-24 21:19:36 +01:00
Drasti Mehta ae4c01142e add modified and date 2022-03-24 15:57:47 -04:00
Drasti Mehta 77f5a6f4d8 Fix win_susp_service_ rules causing sigmac error 2022-03-24 15:24:01 -04:00
Florian Roth 507551c631 fix: typo in modifier 2022-03-24 19:08:53 +01:00
Florian Roth 6970223872 fix: bug in modifier 2022-03-24 19:05:04 +01:00
Florian Roth f1b91ba8ac refactor: more powershell loader rules 2022-03-24 16:44:35 +01:00
Florian Roth a06b599bec rule: IEX patterns 2022-03-24 16:31:50 +01:00
Florian Roth c331195637 fix: empty query in rule > bug 2022-03-24 15:17:29 +01:00
hieuttmmo 1fe45bd593 Merge branch 'SigmaHQ:master' into master 2022-03-24 16:53:41 +04:00
Tran Trung Hieu 713bc24750 Add new MFA Denied rule 2022-03-24 16:53:01 +04:00
Florian Roth 213f7fff5c refactor: make antivirus a category 2022-03-24 11:59:33 +01:00
Florian Roth f7cd8e3424 fix: duplicate id 2022-03-24 11:41:26 +01:00
Florian Roth 3114433944 fix: product unix > linux 2022-03-24 11:40:51 +01:00
Florian Roth f3abef8b5f fix: indentation 2022-03-24 11:34:00 +01:00
Florian Roth a10011cd03 Merge branch 'master' into rule-devel 2022-03-24 10:08:43 +01:00
Florian Roth fb7d0b5469 refactor: move macos rules to separate dir 2022-03-24 09:17:05 +01:00
Florian Roth 53b450d377 rule: PowerShell Downloads 2022-03-24 09:16:12 +01:00