security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,756 Commits 1 Branch 57 Tags
481b695eff3c73d6ebff418cfb01314088fa3df2
Commit Graph

2388 Commits

Author SHA1 Message Date
IPv777 77a8ac59ef remove duplicate 2020-07-24 16:38:08 +02:00
Ryan Plas aa548ba1a9 Add quotes due to a colon in the falsepositives string 2020-07-23 23:33:36 -04:00
Ryan Plas e52489aaf6 Change production status to stable 2020-07-23 23:33:36 -04:00
Florian Roth 951c6fee8b Update sysmon_password_dumper_lsass.yml 2020-07-23 14:31:21 +02:00
Daniel Masse 13cf0488ae Add 'contains' for the ps encoded chars rule 2020-07-22 10:49:22 -04:00
Aidan Bracher ff3f9fe9b3 Updated tags 2020-07-18 03:02:43 +01:00
Aidan Bracher 1fd73a23b2 Updated tags with sub-techniques 2020-07-18 03:01:34 +01:00
Aidan Bracher 4ac1058ab5 Updated tags 2020-07-18 03:01:11 +01:00
Aidan Bracher 4ffe9cb042 Updated tags with sub-techniques 2020-07-18 02:53:46 +01:00
Aidan Bracher 3bd768e49b Updated tags with sub-techniques 2020-07-18 02:52:15 +01:00
Aidan Bracher dcf20e580d Updated tags to include sub-techniques 2020-07-18 02:50:57 +01:00
Aidan Bracher 1442812681 Updated tags 2020-07-18 02:44:53 +01:00
Aidan Bracher b61527d0b2 Added ATT&CK tactic 2020-07-18 02:42:10 +01:00
Aidan Bracher 161829a4c0 Added ATT&CK tactic 2020-07-18 02:41:48 +01:00
Aidan Bracher 147fd46157 Added ATT&CK tactic 2020-07-18 02:41:10 +01:00
Aidan Bracher 2d227a08c5 Updated suspicious service with sub-techniques 2020-07-18 02:40:22 +01:00
Aidan Bracher 97452a9df3 Update to include sub-technique mapping 2020-07-18 02:38:47 +01:00
Aidan Bracher 30bd591c96 Update win_apt_ke3chang to include sub-techniques 2020-07-18 02:37:56 +01:00
Aidan Bracher ad9a8ff956 Updated to include extra registry key 2020-07-18 02:37:11 +01:00
Aidan Bracher ea1b2ae59f Updated invoke_phantom with sub-technique mapping 2020-07-18 02:32:42 +01:00
Aidan Bracher 23dd2e3cac Updated to include sub-technique mapping 2020-07-18 02:29:58 +01:00
Aidan Bracher 2006aa8f5e Inclusion of registry keys for WinDefender disabling 2020-07-18 02:23:30 +01:00
Florian Roth 3025d6850c Merge pull request #932 from rtkdmasse/rule-selection-typos 
Change the selection from Command to CommandLine in a couple of rules
 2020-07-16 09:10:15 +02:00
Florian Roth 992bf676f9 Update sysmon_apt_pandemic.yml 2020-07-16 08:48:32 +02:00
Florian Roth b1de627e94 Update win_apt_zxshell.yml 2020-07-16 08:47:24 +02:00
Daniel Masse 0489a50bd0 Change the selection from Command to CommandLine in a couple of rules 2020-07-15 15:55:26 -04:00
Florian Roth f8e10273ef Merge pull request #929 from Neo23x0/pr/919 
Pr/919
 2020-07-15 21:30:57 +02:00
Florian Roth d0c09f10a9 changed newline character to LF 2020-07-15 16:46:44 +02:00
Ryan Plas de53a08746 Merge branch 'master' of github.com:Neo23x0/sigma 2020-07-15 10:27:33 -04:00
Florian Roth 8f66803ddf Merge pull request #927 from Neo23x0/rule-devel 
improved CVE-2020-1350 rule
 2020-07-15 12:06:31 +02:00
Florian Roth 1c103a749f fix: more FPs based on feedback 
https://twitter.com/GossiTheDog/status/1283341486680166400
 2020-07-15 12:05:50 +02:00
Florian Roth c2eb110fca fix: more exact patterns 2020-07-15 11:56:11 +02:00
Florian Roth ae7fbb9245 fix: false positive filters based on SOC Prime's rule 2020-07-15 11:49:20 +02:00
Florian Roth e5a34a965c Merge pull request #926 from Neo23x0/rule-devel 
rule: CVE-2020-1350
 2020-07-15 11:19:07 +02:00
Florian Roth 80639afd43 rule: CVE-2020-1350 2020-07-15 11:03:31 +02:00
Florian Roth c7e412788a Merge pull request #924 from Neo23x0/devel 
Live MITRE ATT&CK data from TAXI service in Test Scripts
 2020-07-14 18:15:29 +02:00
Florian Roth 38c29977ff Merge pull request #925 from Neo23x0/rule-devel 
fix: issue reported as https://github.com/Neo23x0/sigma/issues/923
 2020-07-14 18:14:51 +02:00
Florian Roth 1928b3dc06 Merge pull request #920 from qwerty1q2w/feature 
Added AppLocker log source and new rule
 2020-07-14 18:03:17 +02:00
Florian Roth 741d42ce88 fix: issue reported as https://github.com/Neo23x0/sigma/issues/923 2020-07-14 17:59:59 +02:00
Florian Roth 58b68758b4 fix: wrong MITRE ATT&CK ids used in the beta version 2020-07-14 17:53:32 +02:00
Florian Roth 781667ef22 fix: zeek rule references isn't a list 2020-07-14 00:33:47 +02:00
Ryan Plas 04fd598bcf Update additional rules to have correct logsource attributes 2020-07-13 17:02:17 -04:00
Pushkarev Dmitry efe720d44e Added new rule. AppLocker 2020-07-13 20:51:48 +00:00
Bart 308420bf7f Update sysmon_dllhost_net_connections.yml 
Fix @
 2020-07-13 21:20:55 +02:00
Bart 007f62ba01 Add Dllhost WAN access 2020-07-13 21:12:37 +02:00
Florian Roth f12cb7309b fix: references is not a list 2020-07-13 17:37:03 +02:00
Florian Roth 437a567e4f Merge pull request #917 from Neo23x0/rule-devel 
New Empire Rules and Updates
 2020-07-13 16:37:59 +02:00
Florian Roth 1c63a93643 fix: wrong casing in tag 2020-07-13 16:20:51 +02:00
Florian Roth 1b75a3a96b Merge pull request #916 from viniciusvec/patch-2 
Update lnx_shell_clear_cmd_history.yml
 2020-07-13 15:54:11 +02:00
Florian Roth 557e8b0faf rule: improved Empire detection 2020-07-13 15:47:53 +02:00