security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
14,175 Commits 1 Branch 57 Tags
3da07164ce0d651bf72691bac1cfcafbf20249de
Commit Graph

274 Commits

Author SHA1 Message Date
Fukusuke Takahashi 1ab7324ca0 fix: remove unneeded double backslash escape (#3844) 2022-12-31 08:32:46 +01:00
Nasreddine Bencherchali 07cc91719c fix: enhance selection 2022-12-29 17:14:21 +01:00
Florian Roth bc5ed3e453 fix: Discord FP 2022-12-28 20:39:26 +01:00
Florian Roth 737eacc671 Merge branch 'master' into aurora-false-positive-fixing 2022-12-28 13:28:56 +01:00
Florian Roth 9ea8b2e2c1 fix: Discord FP 2022-12-28 13:28:45 +01:00
Nasreddine Bencherchali 03cc78e916 feat: filename test enhancements (#3812) 2022-12-23 09:25:16 +01:00
Nasreddine Bencherchali 7679d05706 fix: fp found in testing exchange server 2022-12-20 13:23:32 +01:00
frack113 646351808e Refractor (#3794) 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-18 21:00:14 +01:00
Nasreddine Bencherchali 3868dd91c6 feat: updates and enhancements 2022-12-16 16:52:12 +01:00
Florian Roth 2b769fcfc8 fix: missing modified date update 2022-12-05 19:58:10 +01:00
Florian Roth 1796502b90 fix: FPs noticed in Nextron testing CI 2022-12-05 17:39:42 +01:00
Nasreddine Bencherchali 11ce8a1e5b fix: deprecate 5f113a8f-8b61-41ca-b90f-d374fa7e4a39 2022-11-15 22:56:51 +01:00
Florian Roth 0fb1295157 fix: FPs noticed with Aurora 2022-11-13 20:26:03 +01:00
Nasreddine Bencherchali bd30f75335 Update proc_access_win_in_memory_assembly_execution.yml 2022-11-03 11:19:09 +01:00
Nasreddine Bencherchali 5ee9428e59 Fix 2022-11-03 09:39:48 +01:00
Nasreddine Bencherchali 0aff47946d Fix FP 2022-11-01 01:05:42 +01:00
Nasreddine Bencherchali aeefa4c022 Merge branch 'master' into fix-false-positives 2022-10-27 11:49:52 +02:00
Nasreddine Bencherchali ca9183c1fe Update process_access_win_shellcode_inject_msf_empire.yml 2022-10-27 11:39:58 +02:00
Nasreddine Bencherchali 308ab94f88 Update process_access_win_shellcode_inject_msf_empire.yml 2022-10-27 11:39:32 +02:00
phantinuss c24cd642fd fix: missing beginning of SourceImage path 2022-10-26 10:10:02 +02:00
frack113 a3eed2b760 Order yaml field 2022-10-26 09:42:26 +02:00
phantinuss 176f3ab1b9 fix: FP in testing environment 2022-10-25 16:21:14 +02:00
phantinuss c555b33314 fix: FP with new Aurora 2022-10-25 12:20:13 +02:00
Florian Roth e9d7c3fdfc Merge pull request #3611 from nasbench/fix-false-positives 
Fix FP In Testing
 2022-10-21 18:11:27 +02:00
phantinuss f4420ca3c3 fix: FPs found in testing environment 2022-10-20 17:25:23 +02:00
Nasreddine Bencherchali a13a5efd47 More FP tuning 2022-10-20 11:51:06 +02:00
phantinuss 09b94e2081 fix: FP on test system 2022-10-20 11:08:41 +02:00
phantinuss 7a6bb720d9 fix: FPs on test system 2022-10-19 15:44:00 +02:00
frack113 931fb30853 old experimental rule promotion 2022-10-09 16:54:04 +02:00
Florian Roth c76b488941 fix: FPs during os upgrade 2022-10-07 22:31:13 +02:00
Florian Roth a029de0390 fix: FPs noticed in testing env 2022-10-05 12:22:42 +02:00
Florian Roth cd8ed9870c fix: FPs noticed with Aurora 2022-09-30 20:01:07 +02:00
Florian Roth 14fdf75ab5 fix: FPs noticed with THOR 2022-09-29 13:51:09 +02:00
Florian Roth c31fe50f4d fix: FPs noticed in THOR testing 2022-09-29 13:41:20 +02:00
Nasreddine Bencherchali d9cd98838f Add descriptions 2022-09-21 12:02:15 +02:00
Nasreddine Bencherchali 59530f49d4 Fix more FP in testing 2022-09-21 11:53:39 +02:00
Nasreddine Bencherchali 2f7a54cc31 Fix FP 2022-09-20 11:20:33 +02:00
Florian Roth 34d7ad03f7 fix: FPs noticed with Aurora 2022-09-18 12:54:37 +02:00
Florian Roth 2da0554bed fix: temporarily disable Kernel-Audit-API-Calls 2022-09-18 09:57:04 +02:00
Florian Roth 9f6604cf81 fix: aurora mtach calltrace msedeg.exe 2022-09-18 09:41:51 +02:00
Florian Roth f581d77e5d Merge branch 'aurora-false-positive-fixing' of https://github.com/SigmaHQ/sigma into aurora-false-positive-fixing 2022-09-13 11:30:37 +02:00
Florian Roth 264bc0787d fix: FP with Malwarebytes 2022-09-13 11:30:27 +02:00
phantinuss 43e0d4fe6a fix: FP with windows defender 2022-09-09 13:51:53 +02:00
Florian Roth b293a7a181 refactor: SysmonEnte, SharpEvtMute, SysmonQuiet 2022-09-07 16:01:05 +02:00
Florian Roth 6ad167a4f3 rule: SysmonEnte usage 2022-09-07 14:33:44 +02:00
David ANDRE 0b0190ccb1 Added quotes to strings 2022-09-01 15:22:26 +02:00
Borna Talebi 8dfe06a33b Adding Google Chrome FP 2022-08-31 11:35:12 +04:30
Nasreddine Bencherchali 11a322f4f0 New + Update 2022-08-26 15:38:43 +01:00
frack113 3426dfb6e9 Update backslash 2022-08-13 09:59:31 +02:00
phantinuss a90ba27a1c fix: do not use wildcard, where not needed 2022-08-09 10:55:05 +02:00