security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
14,175 Commits 1 Branch 57 Tags
3da07164ce0d651bf72691bac1cfcafbf20249de
Commit Graph

75 Commits

Author SHA1 Message Date
frack113 aee5ca7afc Fix invalid field cast or name (#3841) 2022-12-30 11:46:21 +01:00
frack113 7060db3d47 Promotion rules (#3821) 
* Promotion rules

* fix missing null

* fix: modified date

Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-27 12:29:10 +01:00
Nasreddine Bencherchali 03cc78e916 feat: filename test enhancements (#3812) 2022-12-23 09:25:16 +01:00
Nasreddine Bencherchali 3868dd91c6 feat: updates and enhancements 2022-12-16 16:52:12 +01:00
Nasreddine Bencherchali d82e3de11c fix: fix empty field in selection 2022-11-30 00:57:38 +01:00
Nasreddine Bencherchali 04a1d29eac feat: update driver rules 2022-11-29 23:24:34 +01:00
Nasreddine Bencherchali 1d7ee1cd19 feat: enhance duplicate test (#3736) 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2022-11-29 13:47:09 +01:00
Florian Roth 66adbb43f7 chore: change modified date 2022-11-19 08:48:43 +01:00
Florian Roth 5c5639cfc6 Merge branch 'rule-devel' of https://github.com/SigmaHQ/sigma into rule-devel 2022-11-17 17:34:50 +01:00
Florian Roth 860b290f32 fix: change casing 2022-11-17 17:34:48 +01:00
Florian Roth 136398698b fix: list with one element 2022-11-16 20:18:30 +01:00
Florian Roth 4234018e22 fix: duplicate uuid 2022-11-16 20:17:29 +01:00
Florian Roth c79f594425 rule: proc hacker, system informer driver load; refactor: imphash casing 2022-11-16 18:12:23 +01:00
Florian Roth 71431efd16 fix: hash selection with OR in Dell driver rule 2022-11-10 13:22:04 +01:00
Florian Roth 7ef9893579 rule: vulnerable Lenovo driver 2022-11-10 13:21:31 +01:00
frack113 dfdaecc52c Order yaml field 2022-10-25 12:00:56 +02:00
Nasreddine Bencherchali 7621ce8899 Add New Vuln Driver 
Add new vuln driver related to CVE-2022-37969
 2022-10-20 11:55:36 +02:00
Kawa 6960178d56 Update driver_load_vuln_drivers_names.yml 2022-10-17 15:23:14 +02:00
Nasreddine Bencherchali 7e2f624b0f Update drivers list 2022-10-10 13:03:56 +02:00
Nasreddine Bencherchali 0d253472eb Update driver_load_vuln_drivers_names.yml 2022-10-10 12:28:41 +02:00
Nasreddine Bencherchali 8b40e6fe21 Add missing backslash and remove duplicate 2022-10-10 11:35:50 +02:00
frack113 cf7a348028 Fix related 2022-10-09 17:28:05 +02:00
frack113 931fb30853 old experimental rule promotion 2022-10-09 16:54:04 +02:00
Florian Roth 303fbd2e35 Update driver_load_vuln_drivers_names.yml 2022-10-06 09:28:43 +02:00
Nasreddine Bencherchali e2721f57e1 Update driver list with ELASTIC information 2022-10-05 11:01:29 +02:00
Nasreddine Bencherchali 16e377ef5e Fix 2022-10-04 23:12:37 +02:00
Nasreddine Bencherchali 098d530577 Fix error in driver rule 2022-10-04 11:38:58 +02:00
Nasreddine Bencherchali 809f45800e Update drivers list 2022-10-03 10:46:02 +02:00
Nasreddine Bencherchali 48c1104b1a New+Update 2022-09-02 09:15:21 +02:00
Nasreddine Bencherchali ea183cae13 Updates+New Rules 2022-08-31 09:39:16 +02:00
Nasreddine Bencherchali 11a322f4f0 New + Update 2022-08-26 15:38:43 +01:00
frack113 5cf940c0a8 Merge pull request #3425 from YamatoSecurity/fix-backend-bool-conversion-error 
fix backend bool conversion errors
 2022-08-25 06:41:43 +02:00
Nasreddine Bencherchali 728a7ccb66 Fix after review 2022-08-24 18:35:23 +01:00
Yamato Security 1faef2fa97 fix backend bool conversion errors 2022-08-24 09:23:35 +09:00
Florian Roth 8648919169 change casing to include both casings 2022-08-20 09:28:47 +02:00
Nasreddine Bencherchali b45316cf8b Update driver_load_vuln_drivers.yml 2022-08-19 09:29:20 +01:00
Nasreddine Bencherchali 0e40cee045 Update rules 2022-08-18 18:22:28 +01:00
Nasreddine Bencherchali 234484c399 Add rules 2022-08-18 15:30:17 +01:00
Nasreddine Bencherchali faa3f6b636 Create driver_load_vuln_drivers.yml 2022-08-18 13:45:25 +01:00
Nasreddine Bencherchali 0d8dba5200 Update driver_load_susp_temp_use.yml 2022-07-28 12:40:30 +01:00
Nasreddine Bencherchali 2420c98959 Create driver_load_vuln_avast_anti_rootkit_driver.yml 2022-07-28 12:40:23 +01:00
Florian Roth 27061cd0ac refactor: windivert driver load update 2022-07-27 08:58:46 +02:00
Florian Roth c2ea6079e7 refactor: Dell driver refactoring 2022-07-27 08:52:40 +02:00
Florian Roth df8da70eb4 docs: description change 2022-07-27 08:48:44 +02:00
Florian Roth 324513c90e refactor: vulnerable driver loads 2022-07-26 18:09:52 +02:00
Florian Roth 66679ce315 refactor: imphash winring0 2022-07-26 15:01:28 +02:00
Florian Roth da1ad54a41 refactor: vulnerable driver loads 2022-07-26 14:56:28 +02:00
frack113 8de0027ca3 refactor condition 2022-06-03 15:35:24 +02:00
phantinuss dbd68bf3f0 chore: test rules: capitalization on FP list entries 
Entires to the false positive list should begin with
a capital letter. e.g. Unkown instead of unkown.

Fixed the existing rules accordingly
 2022-05-09 16:07:44 +02:00
phantinuss 6ae28b7a1c fix: legitimate --> Legitimate 2022-03-16 14:35:19 +01:00