security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
14,815 Commits 1 Branch 57 Tags
362f4e4e603a4ade05c0bfac2274f1dafa5bb28e
Commit Graph

50 Commits

Author SHA1 Message Date
Nasreddine Bencherchali 0795ed6469 feat: additional updates and fixes 2023-02-04 21:06:47 +01:00
frack113 9ad58353a7 Update from review 2023-02-01 18:30:45 +01:00
frack113 c1ef84fd66 Merge remote-tracking branch 'upstream/master' into pr/3989 2023-02-01 18:27:51 +01:00
frack113 3d8b82805c Merge pull request #3992 from D4rkCiph3r/osacompile 
Create proc_creation_macos_osacompile_run-only_execution.yml
 2023-02-01 18:17:00 +01:00
frack113 f121041cf0 Merge pull request #3991 from D4rkCiph3r/macro-osa 
Create proc_creation_macos_macros_execution.yml
 2023-02-01 18:16:23 +01:00
Nasreddine Bencherchali 55f16c3f84 fix: update metadata and logic 2023-02-01 17:45:01 +01:00
Nasreddine Bencherchali d8b17f1d9f fix: add ref and update description 2023-02-01 17:23:36 +01:00
Nasreddine Bencherchali 0cddb6194c Merge pull request #3993 from D4rkCiph3r/patch-1 
feat: add new extension to osascript rule
 2023-02-01 17:22:08 +01:00
Nasreddine Bencherchali 04227055e4 fix: add reference 2023-02-01 17:15:10 +01:00
Nasreddine Bencherchali 7c38a5c496 chore: add nextron authors tag 2023-02-01 11:14:59 +01:00
frack113 cd58c1baef fix title case 2023-02-01 06:35:26 +01:00
frack113 26575cc2e0 Update proc_creation_macos_applescript.yml 2023-01-31 17:46:43 +01:00
D4rkCiph3r 596f5471f4 Merge branch 'SigmaHQ:master' into osacompile 2023-01-31 19:22:47 +05:30
D4rkCiph3r ce577987a2 Update and rename proc_creation_macos_osacompile_run-only_execution.yml to proc_creation_macos_osacompile_runonly_execution.yml 2023-01-31 19:20:06 +05:30
D4rkCiph3r c3b826a76c Update proc_creation_macos_applescript.yml 
minor updates to the CLI parameters, based on real-world observations
 2023-01-31 19:16:15 +05:30
D4rkCiph3r 440649b087 Create proc_creation_macos_osacompile_run-only_execution.yml 2023-01-31 19:03:35 +05:30
D4rkCiph3r 4c28487480 New Rule for T1115 macOS (#3988) 
feat: add new rule related to osascript reading clipboard
 2023-01-31 14:32:08 +01:00
D4rkCiph3r e4ace3d363 Create proc_creation_macos_macros_execution.yml 2023-01-31 18:48:03 +05:30
D4rkCiph3r 21ac747d36 Update proc_creation_macos_jxa_payoad_execution.yml 
updated the formats wrt fields structuring
 2023-01-31 17:35:27 +05:30
D4rkCiph3r 98250cba9c Create proc_creation_macos_jxa_payoad_execution.yml 2023-01-31 17:23:24 +05:30
Nasreddine Bencherchali 4006145b8d fix: filename 2023-01-31 12:53:04 +01:00
Nasreddine Bencherchali eb26d94c14 fix: order fields and optimize selection 2023-01-31 12:42:20 +01:00
D4rkCiph3r f67072fddc Update proc_creation_macos_jxa_in-memory_execution.yml 2023-01-31 16:54:29 +05:30
D4rkCiph3r 87879f69cf Update proc_creation_macos_jxa_in-memory_execution.yml 
Indentation corrections and comments
 2023-01-31 16:52:17 +05:30
D4rkCiph3r aa3fa9b7e4 Create proc_creation_macos_jxa_in-memory_execution.yml 2023-01-31 16:06:39 +05:30
TheLawsOfChaos 52e40d10ef feat: updates multiple mitre tech/sub-tech/tactics (#3913) 2023-01-12 17:04:38 +01:00
frack113 756a248032 update logsource 2023-01-04 18:52:24 +01:00
Nasreddine Bencherchali d38195ea31 fix: remove folder start 2022-12-29 11:32:37 +01:00
Nasreddine Bencherchali 425c29cf1c feat: add new linux rules 2022-12-29 11:17:42 +01:00
frack113 7060db3d47 Promotion rules (#3821) 
* Promotion rules

* fix missing null

* fix: modified date

Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-27 12:29:10 +01:00
frack113 c820216541 Update Title (#3733) 2022-11-28 06:43:17 +01:00
frack113 cd4121d966 Update Title (#3731) 
Co-authored-by: Florian Roth <venom14@gmail.com>
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-11-27 19:19:27 +01:00
jstnk9 a573a8e1bc Title modified in several rules (#3728) 2022-11-25 15:34:38 +01:00
Nasreddine Bencherchali 20b0a6bad8 Rule Dev 2022-11-18 11:15:28 +01:00
Gude5 a3e6856764 new rules: Sigma rules based on Elastic rules (#3632) 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-10-28 10:13:44 +02:00
frack113 ad3a3e3b71 Order yaml field 4 (#3628) 2022-10-25 09:30:05 +02:00
frack113 931fb30853 old experimental rule promotion 2022-10-09 16:54:04 +02:00
nasreddine.bencherchali@nextron-systems.com 33271e9034 Quick update 2022-09-16 09:29:45 +02:00
Nasreddine Bencherchali 1392ca1ec5 Fix review 2022-07-11 20:27:42 +01:00
Nasreddine Bencherchali 238e0ecd7d Update Ref+Selection 2022-07-11 14:11:53 +01:00
Nasreddine Bencherchali aec95b6d65 Update selections and indentation 2022-07-07 20:13:45 +01:00
Nasreddine Bencherchali 7e25625976 Update 2 2022-07-07 15:46:49 +01:00
Nasreddine Bencherchali 851d55a41f Update 2022-07-07 15:37:28 +01:00
Nasreddine Bencherchali 8fc9209250 Update proc_creation_macos_system_network_discovery.yml 2022-07-07 15:28:45 +01:00
Nasreddine Bencherchali d03f6df250 Reference Update [Batch 1] 2022-07-07 15:24:15 +01:00
frack113 8de0027ca3 refactor condition 2022-06-03 15:35:24 +02:00
David ANDRE 74b9f97b9c Renamed suspicious in filenames to susp 2022-05-19 09:37:04 +02:00
phantinuss 112b715dd6 chore: test rules: reactivate single value list check 2022-05-10 17:13:04 +02:00
phantinuss b991a5be52 chore: test rules: warn on errors or invalid FP reasons 
also adapted the existing rules to pass the tests
 2022-05-09 16:07:55 +02:00
Florian Roth fb7d0b5469 refactor: move macos rules to separate dir 2022-03-24 09:17:05 +01:00