blue-team-tools

Author	SHA1	Message	Date
$frack113$ frack113	424b0263df	add EventID 26	2021-09-29 08:53:22 +02:00
$frack113$ frack113	41f0fe6b52	Merge pull request #2095 from frack113/update_help Update filter help	2021-09-28 16:23:29 +02:00
$frack113$ frack113	c27084dd0c	Merge pull request #2094 from frack113/backend_sysmon Fix logsource not a string	2021-09-28 16:22:58 +02:00
$frack113$ frack113	c3222945ef	Merge pull request #2093 from austinsonger/win_sysmon_driver_unload.yml win_sysmon_driver_unload.yml	2021-09-28 16:22:43 +02:00
$frack113$ frack113	f8ec71c00c	Merge pull request #2072 from austinsonger/aws_attached_malicious_lambda_layer.yml aws_attached_malicious_lambda_layer.yml	2021-09-28 13:08:01 +02:00
$frack113$ frack113	11dc276185	Update filter help	2021-09-28 10:33:10 +02:00
Austin Songer	0d07a78a2d	Update aws_attached_malicious_lambda_layer.yml	2021-09-27 23:41:19 -05:00
Austin Songer	3e7b3073cf	Update win_sysmon_driver_unload.yml	2021-09-27 23:30:30 -05:00
$frack113$ frack113	90d4508d6e	Merge pull request #2087 from frack113/fix_targetusername fix TargetUserName and TargetUserSid for detection	2021-09-28 06:27:54 +02:00
Florian Roth	1da59d9175	Merge pull request #2092 from SigmaHQ/rule-devel docs: changed description	2021-09-27 23:13:09 +02:00
Florian Roth	4161cd909f	docs: changed description	2021-09-27 23:12:18 +02:00
Florian Roth	10b70edff0	Merge pull request #2091 from SigmaHQ/rule-devel NOBELIUM FoggyWeb backdoor loading	2021-09-27 23:09:18 +02:00
Florian Roth	b227f8459d	fix: typo in filename	2021-09-27 22:37:20 +02:00
Florian Roth	ada966c5be	Merge branch 'rule-devel' of https://github.com/SigmaHQ/sigma into rule-devel	2021-09-27 22:34:30 +02:00
Florian Roth	cee44e6688	renamed files: lowercase	2021-09-27 22:33:30 +02:00
Florian Roth	97bb6a0257	rule: NOBELIUM FoggyWeb	2021-09-27 22:28:25 +02:00
$frack113$ frack113	bcdf164b4c	fix space	2021-09-27 19:17:14 +02:00
$frack113$ frack113	bcf40fa4e4	Fix logsource not a string	2021-09-27 18:59:05 +02:00
$frack113$ frack113	a0b48b96d4	Fix 'NoneType' object has no attribute 'lower'	2021-09-27 18:49:58 +02:00
Florian Roth	5ef1c913cf	fix: wrong condition https://github.com/SigmaHQ/sigma/issues/2089	2021-09-27 18:33:57 +02:00
$frack113$ frack113	6782a7af4d	fix TargetUserName and TargetUserSid for detection	2021-09-27 09:27:01 +02:00
$frack113$ frack113	8de7cc28ee	Merge pull request #2086 from frack113/sigmacover contrib Sigmacover	2021-09-27 08:34:45 +02:00
$frack113$ frack113	6bce0f967a	Merge pull request #2079 from zakibro/master New Rule - Linux - Auditd - Clipboard Collection	2021-09-27 08:34:30 +02:00
$frack113$ frack113	74c2d39d53	Merge pull request #2081 from austinsonger/ecs-ms365_defender.yml ecs-ms365_defender.yml	2021-09-27 08:03:36 +02:00
zakibro	6a2785492d	Update lnx_auditd_clipboard_collection.yml Changes after suggestion.	2021-09-27 07:59:43 +02:00
$frack113$ frack113	8f99625a25	Fix ubuntu 20	2021-09-26 18:28:07 +02:00
$frack113$ frack113	776cccce30	Fix windows10	2021-09-26 17:07:58 +02:00
$frack113$ frack113	964f51d5ce	Merge pull request #2083 from frack113/debug_file Add more debug info to sigmac	2021-09-26 12:40:39 +02:00
$frack113$ frack113	5e5af2918b	Add sigmacover.py	2021-09-26 11:24:25 +02:00
Florian Roth	f196e3174d	refactor: moved last global rule to unsupported	2021-09-26 10:54:11 +02:00
Florian Roth	756656b2ec	Merge pull request #2082 from SigmaHQ/rule-devel refactor: removed all old Joomla rules, new generic rule	2021-09-26 10:47:47 +02:00
$frack113$ frack113	d08d3712be	Add more debug info	2021-09-25 19:33:30 +02:00
Florian Roth	93bff7f49d	docs: new ID	2021-09-25 11:37:39 +02:00
Florian Roth	31ef53738d	refactor: removed old Joomla rules, made generic path traversal	2021-09-25 11:37:02 +02:00
$frack113$ frack113	0109a5f013	Merge pull request #2080 from austinsonger/ecs-azure-ad_signinlogs.yml ecs-azure-ad_signinlogs.yml	2021-09-25 07:56:50 +02:00
$frack113$ frack113	7dc574bc01	Merge pull request #2078 from kidrek/win_process_dump_rdrleakdiag add new rule win_process_dump_rdrleakdiag	2021-09-25 07:55:52 +02:00
$frack113$ frack113	8fe222a92c	Merge pull request #2077 from frack113/remove_re Convert re to endswith	2021-09-25 07:55:22 +02:00
$frack113$ frack113	278fb0a2de	Merge pull request #2076 from BlackB0lt/patch-20 Create web_cve_2021_22005_vmware_file_upload	2021-09-25 07:54:45 +02:00
Sittikorn S	7c8df0eb55	Update web_cve_2021_22005_vmware_file_upload.yml	2021-09-25 08:05:00 +07:00
Austin Songer	00f4773eeb	Create ecs-ms365_defender.yml	2021-09-24 20:02:39 -05:00
Austin Songer	696f343ac3	Delete ecs-ms365_defender.yml	2021-09-24 20:02:04 -05:00
Austin Songer	176b9662fc	Update ecs-ms365_defender.yml	2021-09-24 20:01:00 -05:00
Austin Songer	dd2f3e50db	Create ecs-ms365_defender.yml	2021-09-24 19:53:21 -05:00
Austin Songer	527975c02f	Update ecs-azure-ad_signinlogs.yml	2021-09-24 19:33:01 -05:00
Austin Songer	9ca1ea993d	Create ecs-azure-ad_signinlogs.yml	2021-09-24 19:29:40 -05:00
Austin Songer	5227f31331	Merge branch 'SigmaHQ:master' into master	2021-09-24 19:28:40 -05:00
kidrek	267da51745	The issues have been fixed	2021-09-24 22:18:00 +02:00
Pawel Mazur	4bbe4962b0	New Rule - Linux - Auditd - Clipboard Collection	2021-09-24 18:40:10 +02:00
kidrek	ecd4719a20	add new rule win_process_dump_rdrleakdiag	2021-09-24 18:22:06 +02:00
Sittikorn S	dea89ad324	Update and rename web_cve_2021_22005_vmware_file_upload to web_cve_2021_22005_vmware_file_upload.yml	2021-09-24 21:35:04 +07:00

1 2 3 4 5 ...

8236 Commits