blue-team-tools

Author	SHA1	Message	Date
Nasreddine Bencherchali	d38195ea31	fix: remove folder start	2022-12-29 11:32:37 +01:00
Nasreddine Bencherchali	425c29cf1c	feat: add new linux rules	2022-12-29 11:17:42 +01:00
$frack113$ frack113	7060db3d47	Promotion rules (#3821 ) * Promotion rules * fix missing null * fix: modified date Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>	2022-12-27 12:29:10 +01:00
$frack113$ frack113	c820216541	Update Title (#3733 )	2022-11-28 06:43:17 +01:00
$frack113$ frack113	cd4121d966	Update Title (#3731 ) Co-authored-by: Florian Roth <venom14@gmail.com> Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>	2022-11-27 19:19:27 +01:00
jstnk9	a573a8e1bc	Title modified in several rules (#3728 )	2022-11-25 15:34:38 +01:00
Nasreddine Bencherchali	20b0a6bad8	Rule Dev	2022-11-18 11:15:28 +01:00
Gude5	a3e6856764	new rules: Sigma rules based on Elastic rules (#3632 ) Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>	2022-10-28 10:13:44 +02:00
$frack113$ frack113	ad3a3e3b71	Order yaml field 4 (#3628 )	2022-10-25 09:30:05 +02:00
$frack113$ frack113	931fb30853	old experimental rule promotion	2022-10-09 16:54:04 +02:00
nasreddine.bencherchali@nextron-systems.com	33271e9034	Quick update	2022-09-16 09:29:45 +02:00
Nasreddine Bencherchali	1392ca1ec5	Fix review	2022-07-11 20:27:42 +01:00
Nasreddine Bencherchali	238e0ecd7d	Update Ref+Selection	2022-07-11 14:11:53 +01:00
Nasreddine Bencherchali	aec95b6d65	Update selections and indentation	2022-07-07 20:13:45 +01:00
Nasreddine Bencherchali	7e25625976	Update 2	2022-07-07 15:46:49 +01:00
Nasreddine Bencherchali	851d55a41f	Update	2022-07-07 15:37:28 +01:00
Nasreddine Bencherchali	8fc9209250	Update proc_creation_macos_system_network_discovery.yml	2022-07-07 15:28:45 +01:00
Nasreddine Bencherchali	d03f6df250	Reference Update [Batch 1]	2022-07-07 15:24:15 +01:00
$frack113$ frack113	8de0027ca3	refactor condition	2022-06-03 15:35:24 +02:00
David ANDRE	74b9f97b9c	Renamed suspicious in filenames to susp	2022-05-19 09:37:04 +02:00
phantinuss	112b715dd6	chore: test rules: reactivate single value list check	2022-05-10 17:13:04 +02:00
phantinuss	b991a5be52	chore: test rules: warn on errors or invalid FP reasons also adapted the existing rules to pass the tests	2022-05-09 16:07:55 +02:00
Florian Roth	fb7d0b5469	refactor: move macos rules to separate dir	2022-03-24 09:17:05 +01:00

23 Commits