security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
14,175 Commits 1 Branch 57 Tags
3da07164ce0d651bf72691bac1cfcafbf20249de
Commit Graph

31 Commits

Author SHA1 Message Date
frack113 aee5ca7afc Fix invalid field cast or name (#3841) 2022-12-30 11:46:21 +01:00
Florian Roth e493a41bc6 Merge pull request #3757 from SigmaHQ/aurora-false-positive-fixing 
fix: FPs noticed in Nextron testing CI
 2022-12-05 18:54:31 +01:00
Florian Roth 1796502b90 fix: FPs noticed in Nextron testing CI 2022-12-05 17:39:42 +01:00
Nasreddine Bencherchali b6492e731b feat: general updates and fixes 2022-12-02 23:16:03 +01:00
Florian Roth c6d02d6fe2 rule: modified date update, PPLKiller 2022-11-12 09:27:41 +01:00
Florian Roth 6f26d672f1 refactor: add forkatz imphash 2022-11-12 08:39:36 +01:00
Nasreddine Bencherchali e8f10733e0 Add browsers 2022-10-31 20:57:22 +01:00
frack113 dfdaecc52c Order yaml field 2022-10-25 12:00:56 +02:00
frack113 f78e9e9034 Add rule 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-10-24 17:52:05 +02:00
Florian Roth e92f2475b6 refactor: JuicyPotatoNG imphashes 2022-10-06 08:30:48 +02:00
frack113 6813043323 Merge pull request #3468 from nasbench/nasbench-rule-devel 
Rule Devel
 2022-09-08 06:29:36 +02:00
Nasreddine Bencherchali b70ac17676 Fix 2022-09-07 21:58:22 +02:00
Florian Roth 2ac92283e6 indentation and new hashes 2022-09-07 16:05:48 +02:00
Florian Roth b293a7a181 refactor: SysmonEnte, SharpEvtMute, SysmonQuiet 2022-09-07 16:01:05 +02:00
Florian Roth 6f1ff59027 SysmonEnte Hashes 2022-09-07 15:29:09 +02:00
Nasreddine Bencherchali df257caa4c Update create_stream_hash_susp_ip_domains.yml 2022-09-07 12:17:18 +02:00
Nasreddine Bencherchali dc90e08f3e More updates 2022-09-07 12:02:09 +02:00
Florian Roth 02d7e8f2a4 fix: duplicate UUIDs 2022-08-25 08:23:48 +02:00
Florian Roth 2b776cdfbb refactor: renamed old sysmon_ file names w/ new prefix 2022-08-24 16:51:12 +02:00
Florian Roth d18fced5dd rules: create stream hash rules 2022-08-24 16:50:40 +02:00
Nasreddine Bencherchali 238e0ecd7d Update Ref+Selection 2022-07-11 14:11:53 +01:00
Florian Roth f728893364 refactor: rule level adjustments - critical to high 2022-06-18 17:43:22 +02:00
phantinuss b23eee6ebf fix: unknown --> Unknown 2022-03-16 13:43:54 +01:00
frack113 4631d0c482 remove invalid tag 2022-01-19 18:23:30 +01:00
Florian Roth b7f982734a fix: dysfunctional imphash rules 2021-12-08 11:26:17 +01:00
frack113 01dc930c17 Change status for old rules 2021-11-27 11:33:14 +01:00
Steven d263b937b4 Clean-up service: sysmon as it will be replaced by filling the category 2021-04-15 02:02:25 +02:00
Steven 7b679cc1f7 - Modified rules to use categories instead of hardcoded event IDs 
- Added file_delete category (Sysmon Event ID 23) to the generic translation file
 2021-04-15 01:40:31 +02:00
Steven 18e0af986a - Fix for sysmon_ads_executable.yml 2020-10-02 10:54:15 +02:00
Steven 0c9a82af89 - Remove 'service: sysmon' since defining the categories made the rules generic 2020-10-02 09:37:52 +02:00
Steven 8b74abe0bc - Created new categories for sysmon events 
- Replaced the explicit EventIDs with the reference to the category
- Moved the rules to the corresponding directories
 2020-09-30 20:44:14 +02:00