security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7,590 Commits 1 Branch 57 Tags
470d64e66cb1114341eded853155ceed2bc17835
Commit Graph

1931 Commits

Author SHA1 Message Date
Cyb3rEng 470d64e66c Updated Rule 
Completed the following updates on the rule:
- Modified the title
- incremented 4 spaces for references and tags
- updated false positives
- updated author
- updated description in detection section.
 2021-08-31 22:28:34 -06:00
Cyb3rEng e0e1396dff Updated Rule 
Completed the following updates on the rule:
- Modified the title
- incremented 4 spaces for references and tags
- updated false positives
- updated author
- updated description in detection section.
 2021-08-31 22:26:44 -06:00
Cyb3rEng e7c7e4c061 Updated Rule 
Detection changed to #useful_information
 2021-08-31 22:24:28 -06:00
Cyb3rEng f2b8b83fe3 Updated Rule 
Completed the following updates on the rule:
- Modified the title
- incremented 4 spaces for references and tags
- updated false positives
- updated author
- updated description in detection section.
 2021-08-31 22:23:45 -06:00
Cyb3rEng 0d2257fb19 Updated Rule 
Completed the following updates on the rule:
- Modified the title
- incremented 4 spaces for references and tags
- updated false positives
- updated author
- updated description in detection section.
 2021-08-31 22:22:01 -06:00
Cyb3rEng 1b9a0c4a01 Updated Rule 
Completed the following updates on the rule:
- Modified the title
- incremented 4 spaces for references and tags
- updated false positives
- updated author
- updated description in detection section.
 2021-08-31 22:20:17 -06:00
Cyb3rEng d309784e58 Updated Rule 
Modified Title
 2021-08-31 22:12:34 -06:00
Cyb3rEng 93334878f5 Updated Rule 
Completed the following updates on the rule:
- Modified the title
- incremented 4 spaces for references and tags
- updated false positives
- updated author
- updated description in detection section.
 2021-08-31 22:09:57 -06:00
Cyb3rEng e913032865 Add files via upload 2021-08-30 21:50:16 -06:00
Cyb3rEng 5508ff45b6 Add files via upload 2021-08-30 21:47:36 -06:00
Florian Roth 36a227796a Merge pull request #1945 from SigmaHQ/rule-devel 
rules: cobalt strike rules refactored
 2021-08-30 15:48:01 +02:00
Florian Roth 1ded4eb913 rules: cobalt strike rules refactored 2021-08-30 15:10:30 +02:00
frack113 970dfa2f92 Merge pull request #1938 from EvanYu0816/upstream-fixes 
Fix Pass the Hash and NotPetya Ransomware rule
 2021-08-28 21:02:04 +02:00
frack113 3e355c64db Merge pull request #1939 from SigmaHQ/rule-devel 
rule: UAC bypass by mocking dirs
 2021-08-28 20:47:27 +02:00
Florian Roth f78225c394 rule: UAC bypass by mocking dirs 2021-08-27 18:12:21 +02:00
Evan Yu 178d82e9cd Fix NotPetya Ransomware rule 2021-08-27 11:53:50 -04:00
frack113 ff37a49dc0 Merge pull request #1930 from SigmaHQ/rule-devel 
fix: FPs with whoami rule and 4688 event IDs without parent info
 2021-08-27 06:27:30 +02:00
frack113 59000b993d Merge pull request #1932 from mlp1515/french_user 
Add French user
 2021-08-26 17:12:39 +02:00
mlp1515 e1aa82b412 Update win_susp_tscon_localsystem.yml 
French language settings
 2021-08-26 12:50:24 +00:00
mlp1515 e9ed5f592c Update sysmon_always_install_elevated_windows_installer.yml 
French language settings
 2021-08-26 12:48:59 +00:00
mlp1515 4f49f03460 Update sysmon_abusing_debug_privilege.yml 
French language settings
 2021-08-26 12:46:15 +00:00
mlp1515 a31422db74 Update win_susp_schtask_creation.yml 
French language settings
 2021-08-26 12:45:24 +00:00
mlp1515 5f419d6f35 Update win_susp_taskmgr_localsystem.yml 
French language settings
 2021-08-26 12:44:35 +00:00
mlp1515 5545403a9b Update win_whoami_as_system.yml 
French language settings
 2021-08-26 12:43:33 +00:00
mlp1515 7ad927f28e Update win_wmiprvse_spawning_process.yml 
French language settings
 2021-08-26 12:42:47 +00:00
mlp1515 644397e65c Update win_exploit_cve_2019_1388.yml 
French language settings
 2021-08-26 12:41:36 +00:00
Florian Roth 24d8701f15 fix: null cannot be used in a list with other values 2021-08-26 13:54:18 +02:00
Florian Roth a231aa73b3 fix: FPs with whoami rule and 4688 event IDs without parent info 2021-08-26 13:33:25 +02:00
f.hubaut e66007a43d fix file name case 2021-08-26 11:15:33 +02:00
frack113 a4021842de Fix invalid tags 2021-08-25 09:15:57 +02:00
frack113 e849af9df0 Merge pull request #1915 from frack113/tags_cve 
fix tags
 2021-08-25 06:29:48 +02:00
Florian Roth 9f69cead8a Merge pull request #1916 from SigmaHQ/rule-devel 
refactor: changed level of rule, refactored RazerInstaller rule
 2021-08-24 15:42:26 +02:00
Florian Roth 46e312ff0d fix: error in modifier 2021-08-24 15:03:23 +02:00
Florian Roth cc519552aa refactor: RazorInstaller integrity level system 2021-08-24 14:54:07 +02:00
frack113 7753f8c22e fix tags 2021-08-24 12:36:31 +02:00
Florian Roth 6ca30619ac Merge branch 'rule-devel' of https://github.com/SigmaHQ/sigma into rule-devel 2021-08-24 12:30:42 +02:00
Florian Roth 3cdb88ad55 refactor: level of suspicious parent for powershell rule 2021-08-24 12:30:40 +02:00
frack113 5b869a3f42 Update cve tags 2021-08-24 10:50:01 +02:00
frack113 ace46c17be Update cve tags 2021-08-24 10:27:27 +02:00
Florian Roth 0c69fd9c41 Merge pull request #1898 from SigmaHQ/rule-devel 
rule: EfsPotato Named Pipe, splwow64, RazerInstaller
 2021-08-24 09:20:54 +02:00
Florian Roth 272625a005 Update win_susp_splwow64.yml 2021-08-24 08:34:08 +02:00
Florian Roth 998ebbe1f3 fix: typo in name 2021-08-23 18:46:05 +02:00
Florian Roth 6b86dacc9e rule: razor installer 2021-08-23 18:44:15 +02:00
frack113 25072e37b3 update references 2021-08-23 13:30:46 +02:00
Florian Roth a0f72e5f6f rule: suspicious splwow64 process starts 2021-08-23 10:41:42 +02:00
frack113 fc9666fb4e Merge pull request #1896 from ZikyHD/fix_old_technics 
Replace old mitre techniques by new one
 2021-08-22 18:56:08 +02:00
frack113 0a410010a2 Merge pull request #1877 from frack113/red_back 
Add t1546 redcanary rules
 2021-08-22 18:50:58 +02:00
SomeOne 295054dcbe Replace old mitre techniques by new one 2021-08-22 13:57:56 +02:00
frack113 0fb6c35b1f Cleanup PS rules 2021-08-21 09:58:58 +02:00
Austin Songer fe0e1353e0 Update win_susp_bitstransfer.yml 2021-08-19 22:24:23 -05:00