40 Commits

Author	SHA1	Message	Date
frack113	7060db3d47	Promotion rules (#3821) ... * Promotion rules * fix missing null * fix: modified date Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>	2022-12-27 12:29:10 +01:00
Nasreddine Bencherchali	4c7db89847	fix: improve overall structure	2022-12-21 20:40:29 +01:00
zakibro	a0c07b2fba	Update rules/linux/builtin/lnx_privileged_user_creation.yml ... Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>	2022-12-21 19:31:34 +01:00
zakibro	14f006382a	Update rules/linux/builtin/lnx_privileged_user_creation.yml ... Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>	2022-12-21 19:31:24 +01:00
zakibro	0fa4f8a454	Create lnx_privileged_user_creation.yml ... Adding new use case for tracking of Creation of privileged user in linux	2022-12-21 18:16:20 +01:00
frack113	cd4121d966	Update Title (#3731) ... Co-authored-by: Florian Roth <venom14@gmail.com> Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>	2022-11-27 19:19:27 +01:00
Nasreddine Bencherchali	6674ed0554	fix: add removed comments	2022-11-17 00:57:24 +01:00
phantinuss	8c209f0ed1	Update lnx_shell_priv_esc_prep.yml	2022-11-01 12:32:46 +01:00
securepeacock	f6acf8e4cc	Update lnx_shell_priv_esc_prep.yml ... Added ip6tables	2022-10-31 09:38:45 -04:00
frack113	11cb03181e	Order yaml field	2022-10-25 08:53:44 +02:00
frack113	931fb30853	old experimental rule promotion	2022-10-09 16:54:04 +02:00
Nasreddine Bencherchali	7176d672b5	Fix wildcard	2022-10-05 17:21:34 +02:00
nasreddine.bencherchali@nextron-systems.com	4fc62dee7c	Linux rules update	2022-09-16 09:22:57 +02:00
Nasreddine Bencherchali	d6a2c13738	Update rules (desc, selection, logic)	2022-08-04 18:08:08 +01:00
Nasreddine Bencherchali	aec95b6d65	Update selections and indentation	2022-07-07 20:13:45 +01:00
Nasreddine Bencherchali	d03f6df250	Reference Update [Batch 1]	2022-07-07 15:24:15 +01:00
Florian Roth	f728893364	refactor: rule level adjustments - critical to high	2022-06-18 17:43:22 +02:00
frack113	8de0027ca3	refactor condition	2022-06-03 15:35:24 +02:00
frack113	a305a0be45	Merge pull request #2983 from d4rk-d4nph3/master ... Added rule for Nimbuspwn exploitation	2022-05-05 20:41:30 +02:00
Bhabesh	a70e96355c	Beautify the rule	2022-05-05 23:48:41 +05:45
Bhabesh	7f2ad6df89	Fix for error	2022-05-05 11:24:20 +05:45
Bhabesh	46827e2655	Added rule for Nimbuspwn exploitation	2022-05-04 20:30:40 +05:45
zakibro	0bb96b323d	Update lnx_crontab_file_modification.yml	2022-04-19 19:47:12 +02:00
zakibro	4212e24424	Update lnx_crontab_file_modification.yml ... fixing title	2022-04-16 17:44:43 +02:00
Pawel Mazur	c1db0b4fed	Adding Linxu crontab rule	2022-04-16 17:36:11 +02:00
Florian Roth	3114433944	fix: product unix > linux	2022-03-24 11:40:51 +01:00
phantinuss	043747822f	fix: more falsepositives harmonization	2022-03-16 14:57:06 +01:00
frack113	c3c13d6089	add lnx_pwnkit_local_privilege_escalation	2022-01-29 10:07:54 +01:00
frack113	4631d0c482	remove invalid tag	2022-01-19 18:23:30 +01:00
frack113	f7e670d55e	Simple Quote	2022-01-11 13:40:53 +01:00
frack113	9092958019	fix quote	2022-01-10 22:25:47 +01:00
frack113	a885d95aa3	Update pattern	2021-12-10 16:45:42 +01:00
frack113	b56630ced1	Add lnx_susp_dev_tcp	2021-12-10 13:39:06 +01:00
frack113	01dc930c17	Change status for old rules	2021-11-27 11:33:14 +01:00
Florian Roth	4a69c71b2f	Update lnx_shell_clear_cmd_history.yml	2021-11-24 09:31:12 +01:00
Florian Roth	94c61bf07a	Update lnx_shell_clear_cmd_history.yml	2021-11-24 09:29:48 +01:00
secjunkie	b76d000f26	Update lnx_shell_clear_cmd_history.yml ... cat and ln can use zero or null chattr does not clear but stops further logging	2021-11-23 23:06:23 +00:00
frack113	1cfca93354	Missing status in rules (#2284) ... * add missing status	2021-11-19 22:32:26 +01:00
frack113	c682c12ecf	Add sudo service	2021-11-11 10:21:21 +01:00
frack113	c8f488eabf	move to builtin	2021-11-09 13:27:20 +01:00