security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
14,175 Commits 1 Branch 57 Tags
3da07164ce0d651bf72691bac1cfcafbf20249de
Commit Graph

69 Commits

Author SHA1 Message Date
Nasreddine Bencherchali 6819d264cc fix: update evtx tamper rules 2023-01-02 15:25:19 +01:00
frack113 3c2e1a6a3e add new test 2022-12-30 16:00:42 +01:00
frack113 aee5ca7afc Fix invalid field cast or name (#3841) 2022-12-30 11:46:21 +01:00
frack113 3b54304ac6 Update Workflow action (#3829) 2022-12-28 13:58:10 +01:00
Nasreddine Bencherchali e6baac1bf2 fix: exclude teamviewer fp & reduce severity 2022-12-23 20:50:38 +01:00
frack113 75c6f44f12 Update Workflow (#3752) 2022-12-04 11:18:11 +01:00
frack113 20ef4b880c Exclude SetupFrontEnd.exe 2022-10-31 18:49:53 +01:00
frack113 f78e9e9034 Add rule 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-10-24 17:52:05 +02:00
phantinuss 736ba904b0 fix: add new FP to whitelist, no tuning possible 2022-10-21 17:41:32 +02:00
phantinuss c5fb5e1c95 fix: remove FPs found in goodlogs 2022-10-12 17:04:31 +02:00
Nasreddine Bencherchali 48cb48306e Update known-FPs.csv 2022-10-04 11:41:17 +02:00
phantinuss f940a43d8f workflow: use correct rule title 2022-09-21 13:51:20 +02:00
phantinuss 54add15167 workflow: fix wrong filename 2022-09-21 13:51:20 +02:00
phantinuss 40e0dfcb29 chore: add new known FPs 2022-09-21 13:45:28 +02:00
phantinuss e5e5cdd3b3 workflow: update evtx-baseline to v0.7 and add a new test for the data 2022-09-21 13:45:28 +02:00
Nasreddine Bencherchali 35f102f8a0 Update known-FPs.csv 2022-08-31 11:40:39 +02:00
Nasreddine Bencherchali 475bb1a90b Update known-FPs.csv 2022-08-31 11:12:18 +02:00
Nasreddine Bencherchali b0768ed5cd Update known-FPs.csv 2022-08-31 11:05:41 +02:00
Nasreddine Bencherchali b7fe798a8d Update known-FPs.csv 2022-08-31 10:24:04 +02:00
Tobias Michalski 6f467656fe chore: Get Submodules for test_rules.py test 2022-08-12 14:33:31 +02:00
frack113 acbc9110e4 Add short name path 2022-08-07 08:38:11 +02:00
frack113 f1eba85780 Add short name path 2022-08-07 08:37:58 +02:00
frack113 c38bfe86da Add short path and Image 2022-08-06 11:25:44 +02:00
Thomas Patzke 58f1d6fa2c Create FUNDING.yml 2022-05-13 08:20:30 +02:00
phantinuss b18184a58f workflow: add baseline chack for Windows 2022 domain controller 2022-04-21 10:48:59 +02:00
phantinuss 0aabb53bd6 chore: update to evtx-baseline v0.6 2022-04-21 10:48:58 +02:00
phantinuss 8a8226317f fix: indentation 2022-04-07 14:15:44 +02:00
phantinuss 25de8a926c workflow: new baseline check against Windows 2022 2022-04-07 14:15:44 +02:00
phantinuss d323753abd workflow: new baseline check against Windows 7 32-bit 2022-04-06 17:06:54 +02:00
phantinuss 49a38185b2 workflow: add known FP 2022-04-06 16:09:53 +02:00
phantinuss b0c1c3e726 workflow: new baseline check against Windows 11 2022-04-06 16:09:51 +02:00
Florian Roth fd6d2d7b65 fix: disable truthy check in yamllint 2022-03-22 18:11:11 +01:00
phantinuss 470bdd5252 hotfix: reenable rules check, might be refined later 2022-03-21 13:35:30 +01:00
Thomas Patzke 2d44696464 Replaced sigmatools tests with sigma-cli check 2022-03-16 00:19:16 +01:00
Florian Roth d3d6771599 Merge pull request #2725 from phantinuss/checkbaseline 
Workflow: Overview of matching rules and case insensitive FP filtering
 2022-02-22 16:54:10 +01:00
phantinuss 41bd6f4945 workflow: exclude FPs case insensitively 2022-02-22 15:23:05 +01:00
phantinuss c0b0facc5b workflow: add overview over triggered rules at the end 2022-02-22 15:23:05 +01:00
Florian Roth cc9a5b4b07 fix: FPs with new rules 2022-02-22 13:32:34 +01:00
phantinuss 62949b0437 workflow: output cosmetics 2022-02-21 11:01:44 +01:00
phantinuss 3961774991 workflow: show error on sigma matches 2022-02-21 11:01:44 +01:00
phantinuss fc8cf7d4a0 workflow: fix: missing . in path 2022-02-21 11:01:44 +01:00
phantinuss a1c0c1c03d workflow: add shebang to matchgrep.sh 2022-02-21 11:01:44 +01:00
phantinuss 2cecd0e6ef workflow: rename steps 2022-02-21 11:01:44 +01:00
phantinuss 0c473a3e77 workflow: evaluate findings, exclude known FPs 2022-02-21 11:01:44 +01:00
phantinuss 20761d0332 workflow: link to latest release 2022-02-21 11:01:44 +01:00
phantinuss 48eefe29f7 workflow: verbose remove of deprecated rules 2022-02-21 11:01:43 +01:00
phantinuss 00f1f561dd workflow: fix: missing -l grep flag 2022-02-21 11:01:43 +01:00
phantinuss d3397929b4 workflow: fix: quote command with pipe 2022-02-21 11:01:43 +01:00
phantinuss e6fe8fdedd workflow: execute evtx-sigma-checker 2022-02-21 11:01:43 +01:00
frack113 8ed456258f Use correct pipenv version 2021-11-08 18:22:23 +01:00