security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,236 Commits 1 Branch 57 Tags
424b0263dfb426c853d258c8c2fd3d4c95a100b3
Commit Graph

6130 Commits

Author SHA1 Message Date
frack113 c27084dd0c Merge pull request #2094 from frack113/backend_sysmon 
Fix logsource  not a string
 2021-09-28 16:22:58 +02:00
frack113 c3222945ef Merge pull request #2093 from austinsonger/win_sysmon_driver_unload.yml 
win_sysmon_driver_unload.yml
 2021-09-28 16:22:43 +02:00
frack113 f8ec71c00c Merge pull request #2072 from austinsonger/aws_attached_malicious_lambda_layer.yml 
aws_attached_malicious_lambda_layer.yml
 2021-09-28 13:08:01 +02:00
Austin Songer 0d07a78a2d Update aws_attached_malicious_lambda_layer.yml 2021-09-27 23:41:19 -05:00
Austin Songer 3e7b3073cf Update win_sysmon_driver_unload.yml 2021-09-27 23:30:30 -05:00
Florian Roth 1da59d9175 Merge pull request #2092 from SigmaHQ/rule-devel 
docs: changed description
 2021-09-27 23:13:09 +02:00
Florian Roth 4161cd909f docs: changed description 2021-09-27 23:12:18 +02:00
Florian Roth 10b70edff0 Merge pull request #2091 from SigmaHQ/rule-devel 
NOBELIUM FoggyWeb backdoor loading
 2021-09-27 23:09:18 +02:00
Florian Roth b227f8459d fix: typo in filename 2021-09-27 22:37:20 +02:00
Florian Roth ada966c5be Merge branch 'rule-devel' of https://github.com/SigmaHQ/sigma into rule-devel 2021-09-27 22:34:30 +02:00
Florian Roth cee44e6688 renamed files: lowercase 2021-09-27 22:33:30 +02:00
Florian Roth 97bb6a0257 rule: NOBELIUM FoggyWeb 2021-09-27 22:28:25 +02:00
frack113 bcf40fa4e4 Fix logsource not a string 2021-09-27 18:59:05 +02:00
Florian Roth 5ef1c913cf fix: wrong condition 
https://github.com/SigmaHQ/sigma/issues/2089
 2021-09-27 18:33:57 +02:00
frack113 6bce0f967a Merge pull request #2079 from zakibro/master 
New Rule - Linux - Auditd - Clipboard Collection
 2021-09-27 08:34:30 +02:00
zakibro 6a2785492d Update lnx_auditd_clipboard_collection.yml 
Changes after suggestion.
 2021-09-27 07:59:43 +02:00
Florian Roth f196e3174d refactor: moved last global rule to unsupported 2021-09-26 10:54:11 +02:00
Florian Roth 93bff7f49d docs: new ID 2021-09-25 11:37:39 +02:00
Florian Roth 31ef53738d refactor: removed old Joomla rules, made generic path traversal 2021-09-25 11:37:02 +02:00
frack113 7dc574bc01 Merge pull request #2078 from kidrek/win_process_dump_rdrleakdiag 
add new rule win_process_dump_rdrleakdiag
 2021-09-25 07:55:52 +02:00
frack113 8fe222a92c Merge pull request #2077 from frack113/remove_re 
Convert re to endswith
 2021-09-25 07:55:22 +02:00
Sittikorn S 7c8df0eb55 Update web_cve_2021_22005_vmware_file_upload.yml 2021-09-25 08:05:00 +07:00
kidrek 267da51745 The issues have been fixed 2021-09-24 22:18:00 +02:00
Pawel Mazur 4bbe4962b0 New Rule - Linux - Auditd - Clipboard Collection 2021-09-24 18:40:10 +02:00
kidrek ecd4719a20 add new rule win_process_dump_rdrleakdiag 2021-09-24 18:22:06 +02:00
Sittikorn S dea89ad324 Update and rename web_cve_2021_22005_vmware_file_upload to web_cve_2021_22005_vmware_file_upload.yml 2021-09-24 21:35:04 +07:00
Sittikorn S f903640b73 Update web_cve_2021_22005_vmware_file_upload 2021-09-24 21:29:43 +07:00
Sittikorn S 16452ca80e Create web_cve_2021_22005_vmware_file_upload 2021-09-24 21:21:09 +07:00
frack113 ef75695647 convert re to endswith 2021-09-24 15:39:56 +02:00
Austin Songer 8203a2d5f2 Update aws_attached_malicious_lambda_layer.yml 2021-09-23 08:40:26 -05:00
Austin Songer fdc45505e0 Create aws_attached_malicious_lambda_layer.yml 2021-09-23 08:38:02 -05:00
Austin Songer b9123422b8 Delete aws_attached_malicious_lambda_layer.yml 2021-09-23 08:37:34 -05:00
Austin Songer 9e9fd4c23d Create aws_attached_malicious_lambda_layer.yml 2021-09-23 08:37:20 -05:00
frack113 aa96f21d0f fix filename 2021-09-23 14:52:56 +02:00
frack113 934e391159 fix filename 2021-09-23 14:51:59 +02:00
frack113 44feb3ddf6 fix filename 2021-09-23 14:46:13 +02:00
frack113 89776b8c14 fix filename 2021-09-23 14:44:51 +02:00
frack113 8b5f62bdb7 fix filename 2021-09-23 14:41:16 +02:00
frack113 c029e62c64 fix filename 2021-09-23 14:37:34 +02:00
Florian Roth bb2e6acd40 Merge pull request #1926 from pbssubhash/master 
Adding CVE's Exploitation attempt detection: Year - 2010
 2021-09-23 14:08:15 +02:00
frack113 e9260679d4 Merge pull request #2064 from SigmaHQ/rule-devel 
Changed tags in lnx_clear_syslog.yml
 2021-09-23 13:55:18 +02:00
frack113 c59b0eb543 Merge pull request #2063 from frack113/last_global 
Split Last Global Rules
 2021-09-23 13:54:57 +02:00
Florian Roth 3107ede1c4 Merge branch 'pr/2065' 2021-09-23 09:18:15 +02:00
frack113 688903192d Merge branch 'fix_filename_test' of https://github.com/frack113/sigma into fix_filename_test 2021-09-23 08:01:19 +02:00
frack113 605fa2dd80 update filename 2021-09-23 07:58:50 +02:00
frack113 cce90a669a Merge pull request #2067 from austinsonger/aws_suspicious_saml_activity.yml 
aws_suspicious_saml_activity.yml
 2021-09-23 06:34:18 +02:00
frack113 525a310c86 Merge pull request #2068 from austinsonger/typos 
Typos
 2021-09-23 06:32:49 +02:00
Austin Songer 53f426342c Update win_file_winword_cve_2021_40444.yml 2021-09-22 22:26:05 -05:00
Austin Songer ab613af365 Update sysmon_atlassian_confluence_cve_2021_26084_exploit.yml 2021-09-22 22:24:24 -05:00
Austin Songer 6942b9c5e8 Update aws_suspicious_saml_activity.yml 2021-09-22 20:16:50 -05:00