security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
14,175 Commits 1 Branch 57 Tags
3da07164ce0d651bf72691bac1cfcafbf20249de
Commit Graph

50 Commits

Author SHA1 Message Date
frack113 e1707c8f50 rewrite issue 1555 (#3818) 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-27 19:28:34 +01:00
frack113 7060db3d47 Promotion rules (#3821) 
* Promotion rules

* fix missing null

* fix: modified date

Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-27 12:29:10 +01:00
frack113 646351808e Refractor (#3794) 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-18 21:00:14 +01:00
Nasreddine Bencherchali 80ef3b70dc fix: broken single item lists 2022-12-08 16:23:58 +01:00
Florian Roth 18a44625fc Merge pull request #3702 from nasbench/nasbench-rule-devel 
fix: fix issues and deprecate rule
 2022-11-17 14:49:43 +01:00
Nasreddine Bencherchali ef91852c44 fix: update modified date 2022-11-17 10:15:58 +01:00
Nasreddine Bencherchali b03ccf6844 fix: fix #3699 2022-11-16 23:41:16 +01:00
Florian Roth eefa2da8b4 Merge pull request #3700 from jstnk9/master 
Update rpc_firewall_eventlog_recon.yml
 2022-11-16 08:55:49 +01:00
jstnk9 9ec8d40b42 Update rpc_firewall_eventlog_recon.yml 
removed duplicated ref
 2022-11-15 21:58:53 +01:00
frack113 7b55972146 Order yaml field 2022-10-25 06:48:55 +02:00
frack113 931fb30853 old experimental rule promotion 2022-10-09 16:54:04 +02:00
Nasreddine Bencherchali 62574e9b0c Update Ref+Selection 3 2022-07-11 18:12:51 +01:00
Nasreddine Bencherchali d03f6df250 Reference Update [Batch 1] 2022-07-07 15:24:15 +01:00
Florian Roth f728893364 refactor: rule level adjustments - critical to high 2022-06-18 17:43:22 +02:00
frack113 c79fd95f66 refactor condition 2022-06-03 15:39:41 +02:00
frack113 8de0027ca3 refactor condition 2022-06-03 15:35:24 +02:00
Florian Roth 2a11e5bafa refactor: rule addition 2022-05-12 18:10:06 +02:00
Florian Roth 1b9ce19b2c fix: several issues 2022-05-12 17:30:30 +02:00
Florian Roth 2cd5a93fb6 refactor: update antivirus rules 2022-05-12 17:19:46 +02:00
Florian Roth 0dfd802579 Merge pull request #2837 from SigmaHQ/log-source-cleanup 
Log source cleanup
 2022-03-24 21:26:46 +01:00
Florian Roth 213f7fff5c refactor: make antivirus a category 2022-03-24 11:59:33 +01:00
Tim Shelton 6ab396fd66 FP another variation of symantec submitting file for analysis, reduced words to catch both 2022-03-22 21:43:33 +00:00
Florian Roth e3839ac282 removed: overlapping, unharmonised rule 
already covered in 04f5363a-6bca-42ff-be70-0d28bf629ead
 2022-03-22 09:58:29 +01:00
frack113 becf3baeb4 Merge pull request #2813 from phantinuss/master 
Changes to falsepositives metadata
 2022-03-17 14:31:27 +01:00
Tim Shelton c58f3d0351 Filtering of symantec submission for analysis 2022-03-16 19:07:15 +00:00
phantinuss 043747822f fix: more falsepositives harmonization 2022-03-16 14:57:06 +01:00
phantinuss 4585133325 fix: remove penetration testing as a valid false positive 2022-03-16 13:51:26 +01:00
phantinuss b23eee6ebf fix: unknown --> Unknown 2022-03-16 13:43:54 +01:00
markus-nclose 4c2a3c3036 CobaltStrike typo 
This typo keeps sneaking back in - critical for detection. 
Spelling correct according to https://www.nextron-systems.com/wp-content/uploads/2018/09/Antivirus_Event_Analysis_CheatSheet_1.5-2.pdf
 2022-02-02 07:31:48 +02:00
frack113 43690233fb Merge pull request #2572 from zeronetworks/master 
feat(rules): Adding rules for the rpc_firewall
 2022-01-24 18:18:22 +01:00
sagiezero 83afc12875 fix(rules): changed "product" and "service" to suggested values. 2022-01-23 09:44:24 +02:00
frack113 eb22807ddc Order rules 2022-01-20 22:06:55 +01:00
sagiezero 929711f5c1 fix(rules): missed stuff from previous fix 2022-01-20 17:27:47 +02:00
sagiezero eb5578fa33 fix(rules): fixed capital in rule names, removed unknown mitre tags, removed unknown tag in logsource. 2022-01-20 16:53:01 +02:00
frack113 b7b95f9055 Order application folder 2022-01-20 14:57:57 +01:00
sagiezero c76443051a feat(rules): changing location to "application" folder 2022-01-20 11:57:10 +02:00
frack113 01dc930c17 Change status for old rules 2021-11-27 11:33:14 +01:00
Mike Wade 52ab677798 Fixed my git issue 2020-09-13 22:03:04 -06:00
aw350m3 b00047a4e8 att&ck tags review: application, apt, cloud, generic, proxy 2020-09-03 14:16:54 +00:00
Florian Roth d42e87edd7 fix: fixed casing and long rule titles 2020-01-30 17:26:09 +01:00
Florian Roth efd3af0812 fix: fixed missing date fields in other files 2020-01-30 15:32:39 +01:00
Thomas Patzke 0592cbb67a Added UUIDs to rules 2019-11-12 23:12:27 +01:00
Thomas Patzke 788111f174 Fixes for Elasticsearch query correctness CI tests 
* Quoting in rule
* Reading queries without special processing of backslashes

Unfortunately, backslashes still cause breaks caused by Bash handling of
them.
 2018-04-09 22:33:29 +02:00
SherifEldeeb 48441962cc Change All "str" references to be "list"to mach schema update 2018-01-28 02:24:16 +03:00
SherifEldeeb 112a0939d7 Change "reference" to "references" to match new schema 2018-01-28 02:12:19 +03:00
Thomas Patzke 9adaf4c411 Cleanup 2017-12-07 16:21:02 +01:00
Thomas Patzke 9b65f250a8 Renamed rule file (typo) 2017-09-17 00:32:57 +02:00
Thomas Patzke 238f27fa0d Added OperationalError to relevant Python DB exceptions 2017-08-13 00:10:00 +02:00
Thomas Patzke 33b2ff16cf Rule for generic Python SQL exceptuons 
according to PEP 249
 2017-08-12 00:44:18 +02:00
Thomas Patzke 7ba62b791c Application security rules 
* reorganization into separate folder
* adding category
* minor tweaks
 2017-08-12 00:43:10 +02:00