security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
14,175 Commits 1 Branch 57 Tags
3da07164ce0d651bf72691bac1cfcafbf20249de
Commit Graph

194 Commits

Author SHA1 Message Date
frack113 aee5ca7afc Fix invalid field cast or name (#3841) 2022-12-30 11:46:21 +01:00
frack113 7060db3d47 Promotion rules (#3821) 
* Promotion rules

* fix missing null

* fix: modified date

Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-27 12:29:10 +01:00
Nasreddine Bencherchali 1882a4a0c2 fix: remove unnecessary definition 2022-12-18 15:24:58 +01:00
orenebahar 021499e6ef Update net_connection_win_malware_backconnect_ports.yml 
Add description about the right event ID in sysmon configuration
 2022-12-18 12:13:29 +00:00
Florian Roth b1504c7632 fix: wrong condition 2022-12-15 19:02:56 +01:00
Florian Roth 84041dde1f fix: FPs with wuauclt rule 2022-12-15 17:31:36 +01:00
Nasreddine Bencherchali 80ef3b70dc fix: broken single item lists 2022-12-08 16:23:58 +01:00
Nasreddine Bencherchali b6492e731b feat: general updates and fixes 2022-12-02 23:16:03 +01:00
Nasreddine Bencherchali b6dce4b6a5 feat: general fixes 2022-11-22 01:22:36 +01:00
Florian Roth 9bf023ceba Merge pull request #3670 from nasbench/fix-false-positives 
Aurora - Fix FP Found In Testing
 2022-11-04 17:56:32 +01:00
Florian Roth d254c7a514 Update rules/windows/network_connection/net_connection_win_ngrok_tunnel.yml 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-11-04 10:49:17 +01:00
Florian Roth 4fcac3089d Rule: Ngrok tunnel LNX 2022-11-03 17:41:23 +01:00
Florian Roth e6278f839b Rule: Ngrok Tunnel Target 2022-11-03 17:38:53 +01:00
Nasreddine Bencherchali 5ee9428e59 Fix 2022-11-03 09:39:48 +01:00
frack113 a3eed2b760 Order yaml field 2022-10-26 09:42:26 +02:00
frack113 931fb30853 old experimental rule promotion 2022-10-09 16:54:04 +02:00
Florian Roth b634e1a3f9 Merge pull request #3562 from nasbench/pysigma-fix 
PySigma Issues Fix
 2022-10-07 09:21:15 +02:00
frack113 7539d29e8b Merge pull request #3559 from nasbench/nasbench-rule-devel 
Rule Dev
 2022-10-07 06:07:43 +02:00
Nasreddine Bencherchali 2c26614ce4 Update Wildcard + Int to Str fields 2022-10-05 23:15:20 +02:00
Nasreddine Bencherchali 40dcb9a4c9 Update + Rename 2022-10-05 10:42:29 +02:00
Nasreddine Bencherchali 2ecf9ec7e1 Updates 2022-10-04 20:57:11 +02:00
Florian Roth 50b9a3e073 fix: FPs with MS IPs 2022-10-04 19:21:41 +02:00
Nasreddine Bencherchali 7dd2af08e7 Update net_connection_win_python.yml 2022-09-21 12:16:15 +02:00
Nasreddine Bencherchali a0c3449079 Fix typo 2022-09-21 11:59:12 +02:00
Nasreddine Bencherchali 59530f49d4 Fix more FP in testing 2022-09-21 11:53:39 +02:00
nasreddine.bencherchali@nextron-systems.com 0caeaaa122 Update rules 2022-09-13 10:02:32 +02:00
Florian Roth efe4d62a54 Merge pull request #3459 from SigmaHQ/aurora-false-positive-fixing 
Aurora false positive fixing
 2022-09-06 08:41:02 +02:00
Florian Roth cab6ccc18a Merge branch 'master' into aurora-false-positive-fixing 2022-09-05 16:57:10 +02:00
Florian Roth 468b303660 Update net_connection_win_certutil.yml 2022-09-05 11:59:15 +02:00
frack113 5e5f3c803e Fix tag 2022-09-02 17:32:50 +02:00
frack113 8f0ade9ad9 Fix name 2022-09-02 17:28:36 +02:00
frack113 693b7761c1 Add net_connection_win_certutil 2022-09-02 17:23:23 +02:00
Florian Roth 3ee77e1446 fix: FPs noticed with Aurora 2022-09-02 16:57:23 +02:00
Nasreddine Bencherchali 343b0ef199 Update net_connection_win_susp_cmstp.yml 2022-08-31 09:46:18 +02:00
Nasreddine Bencherchali 77c5640839 Update net_connection_win_susp_cmstp.yml 2022-08-31 09:42:25 +02:00
Nasreddine Bencherchali 399a18b762 Update net_connection_win_susp_cmstp.yml 2022-08-31 09:41:25 +02:00
Nasreddine Bencherchali ea183cae13 Updates+New Rules 2022-08-31 09:39:16 +02:00
frack113 45a87dd22d Update net_connection_win_dead_drop_resolvers.yml 2022-08-30 08:22:10 +02:00
Feathers 4d3d9b10ea Update net_connection_win_dead_drop_resolvers.yml 
Added the domain cdn.discordapp.com since is commonly used by malware families
 2022-08-29 12:41:57 +02:00
Wagga 8f84d10855 Update net_connection_win_excel_outbound_network_connection.yml 2022-08-29 07:21:47 +02:00
Florian Roth a49e2fe1ee refactor: add IPv6 addresses 2022-08-28 19:31:14 +02:00
Florian Roth 6fc281d1d6 some more 2022-08-28 18:59:34 +02:00
frack113 600500d963 fix space 2022-08-28 12:17:36 +02:00
frack113 9408b0a8ca Add net_connection_win_script_wan 2022-08-28 12:15:33 +02:00
Florian Roth 2e334cb7f1 Update net_connection_win_script.yml 2022-08-28 11:35:03 +02:00
frack113 b9a2c720a8 Redcannary 20220828 2022-08-28 11:16:24 +02:00
Florian Roth c5e183cf2e Merge pull request #3432 from SigmaHQ/rule-devel 
Create Stream Hash Rules
 2022-08-25 14:17:50 +02:00
Florian Roth 6a81603d28 Merge branch 'rule-devel' of https://github.com/SigmaHQ/sigma into rule-devel 2022-08-24 16:51:27 +02:00
Florian Roth 4baa18bd33 refactor: added transfer.sh domain 2022-08-24 16:51:26 +02:00
Yamato Security 1faef2fa97 fix backend bool conversion errors 2022-08-24 09:23:35 +09:00