security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
14,175 Commits 1 Branch 57 Tags
3da07164ce0d651bf72691bac1cfcafbf20249de
Commit Graph

37 Commits

Author SHA1 Message Date
Nasreddine Bencherchali 1d7ee1cd19 feat: enhance duplicate test (#3736) 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2022-11-29 13:47:09 +01:00
frack113 2ebb9159fb Update raw_access_thread_disk_access_using_illegitimate_tools.yml 2022-11-08 19:10:05 +01:00
Nasreddine Bencherchali 220e9c2c90 Fix FP 2022-11-08 12:05:38 +01:00
frack113 dfdaecc52c Order yaml field 2022-10-25 12:00:56 +02:00
Florian Roth b2cdb92b11 fix: FPs with THOR 2022-03-15 18:05:42 +01:00
Florian Roth 921d46ca79 fix: FPs noticed with Aurora 2022-02-21 18:43:18 +01:00
Florian Roth 283475e064 Merge branch 'master' into aurora-false-positive-fixing 2022-02-17 08:13:38 +01:00
phantinuss c7d270956c fix: several FPs against a fresh installed Windows with example applications and basic user interaction 4 2022-02-15 16:40:04 +01:00
Florian Roth 22f23b654a fix: FPs noticed with Aurora 2022-02-13 11:24:28 +01:00
phantinuss 6ad44598ee fix: several FPs against a fresh installed Windows with example applications and basic user interaction 2 2022-02-10 16:12:17 +01:00
Florian Roth 9996ba3549 fix: extended rule due to high number of fps 2022-02-09 19:09:14 +01:00
Florian Roth 3b67b44b82 Merge branch 'aurora-false-positive-fixing' of https://github.com/SigmaHQ/sigma into aurora-false-positive-fixing 2022-02-09 18:18:59 +01:00
Florian Roth 2bbf6089ed fix: FPs, wrong modifier 2022-02-09 18:18:57 +01:00
Florian Roth fa81384917 Merge pull request #2667 from SigmaHQ/aurora-false-positive-fixing 
Aurora false positive fixing
 2022-02-08 13:30:21 +01:00
Florian Roth 047b928ab0 Merge branch 'aurora-false-positive-fixing' of https://github.com/SigmaHQ/sigma into aurora-false-positive-fixing 2022-02-08 09:35:12 +01:00
Florian Roth 69fcbc138e fix: FPs noticed with Aurora 2022-02-08 09:34:53 +01:00
Florian Roth c69613696f fix: FP noticed with Aurora 2022-02-07 21:24:21 +01:00
Nasreddine Bencherchali 7d1e149844 Update sysmon_raw_disk_access_using_illegitimate_tools.yml 2022-02-07 20:51:19 +01:00
Florian Roth e69a816f7d fix: extended filters for raw disk access rule 2022-02-07 13:58:16 +01:00
Florian Roth 5c73f913f2 Merge branch 'master' into aurora-false-positive-fixing 2022-02-07 13:17:00 +01:00
Florian Roth b0e73af9ff fix: FPs noticed with Aurora 2022-02-07 13:14:51 +01:00
Florian Roth d083efa095 fix: FPs noticed with Aurora 2022-02-06 23:33:52 +01:00
Florian Roth da444a6395 fix: FPs noticed with Aurora 2022-02-04 09:53:33 +01:00
SimoneCagol 2c964503e9 Update sysmon_raw_disk_access_using_illegitimate_tools.yml 2022-01-14 13:05:45 +01:00
frack113 b5e14ac48f Update rule 2022-01-02 09:50:37 +01:00
Florian Roth de318c122a fix: FPs noticed with Aurora 2021-12-22 13:54:39 +01:00
Florian Roth 4e49c28472 fix: FPs noticed with Aurora 2021-12-18 06:19:35 +01:00
frack113 0dc0fe5903 Fix FP 2021-12-13 20:19:15 +01:00
Florian Roth 89e659355c fix: FPs noticed with Aurora 2021-12-07 15:06:49 +01:00
Florian Roth 6525771916 fix: FPs noticed with Aurora 2021-12-06 16:35:32 +01:00
Florian Roth 9a06cf2da5 fix: FPs noticed with Aurora 2021-12-04 14:28:51 +01:00
Florian Roth f1d2903ec2 fix: FPs with rules 2021-11-20 12:32:15 +01:00
Florian Roth 7d4e3fd2ed fix: more false positive fixes 2021-11-16 23:27:00 +01:00
Florian Roth c61ca81d9c refactor: raw disk access rule FPs 2021-11-09 16:15:31 +01:00
frack113 e45557316e Fix selection with only 1 element 2021-08-14 09:54:27 +02:00
Steven 0c9a82af89 - Remove 'service: sysmon' since defining the categories made the rules generic 2020-10-02 09:37:52 +02:00
Steven 8b74abe0bc - Created new categories for sysmon events 
- Replaced the explicit EventIDs with the reference to the category
- Moved the rules to the corresponding directories
 2020-09-30 20:44:14 +02:00