security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
7,742 Commits 1 Branch 57 Tags
4bbe4962b01b5b2bffd02edf3659cd670dc9ddef
Commit Graph

109 Commits

Author SHA1 Message Date
Pawel Mazur 4bbe4962b0 New Rule - Linux - Auditd - Clipboard Collection 2021-09-24 18:40:10 +02:00
Pawel Mazur e20e5033e7 New Rule - Linux - Auditd - Screencapture with Import Tool 2021-09-21 18:55:48 +02:00
zakibro e47a7d9826 Update lnx_auditd_screencaputre_xwd.yml 2021-09-13 19:08:23 +02:00
Pawel Mazur a8f9617ccd New Rule - Linux - Auditd - Screen Capture with xwd 2021-09-13 18:56:33 +02:00
zakibro 6412ddaaee Update lnx_auditd_steghide_extract_steganography.yml 2021-09-11 11:19:21 +02:00
zakibro d0741f9f3a Update lnx_auditd_steghide_embed_steganography.yml 
Formatting and detection changes
 2021-09-11 11:18:08 +02:00
Pawel Mazur 89f15c01f9 New Linux Auditd Rules - Steghide Steganography 2021-09-11 10:56:17 +02:00
zakibro a4dffc14d4 Update lnx_auditd_unzip_hidden_zip_files_steganography.yml 
Fixing formatting
 2021-09-10 07:54:56 +02:00
zakibro 0b5e8cb980 Update lnx_auditd_hidden_zip_files_steganography.yml 
Formatting changes
 2021-09-10 07:52:35 +02:00
Pawel Mazur 5a5769cce6 New Rule - Linux - Steganography Unzip Hidden Information From Picture File 2021-09-09 20:38:25 +02:00
zakibro 3fbe5478c3 Update and rename lnx_auditd_hidden_files_steganography.yml to lnx_auditd_hidden_zip_files_steganography.yml 
Splitting the rule into separate rules
 2021-09-09 20:34:20 +02:00
zakibro 458973af81 Update lnx_auditd_hidden_files_steganography.yml 
Adding missing field: action
 2021-09-09 16:52:58 +02:00
zakibro 62db796fc2 Update lnx_auditd_hidden_files_steganography.yml 
Formatting changes
 2021-09-09 16:46:41 +02:00
zakibro 0971fe1d49 Update lnx_auditd_hidden_files_steganography.yml 
Fixing the listing issue
 2021-09-09 16:27:57 +02:00
Pawel Mazur 41458d8a5a New Rule - Linux Auditd Hidden Files - Steganography 2021-09-09 16:13:27 +02:00
zakibro bba66ca762 Update lnx_auditd_hidden_files_directories.yml 
Updating arguments section
 2021-09-07 07:57:50 +02:00
zakibro e9fa5bde2b Update lnx_auditd_hidden_files_directories.yml 
Correction of tag
 2021-09-06 18:55:58 +02:00
Pawel Mazur 7c2895c73f New Rule - Linux Hidden Files and Directories 2021-09-06 18:43:49 +02:00
Pawel Mazur 59eb7ce032 Merge branch 'master' of https://github.com/zakibro/sigma 2021-09-06 18:41:19 +02:00
Pawel Mazur 9f5f25e480 New Rule - Linux Hidden Files and Directories 2021-09-06 18:40:39 +02:00
zakibro f52860d6ab Merge branch 'SigmaHQ:master' into master 2021-09-06 18:40:02 +02:00
Pawel Mazur 3eb354e34c Merge branch 'master' of https://github.com/zakibro/sigma 2021-09-06 18:37:45 +02:00
Pawel Mazur ef3efd8fd3 New Rule Linux - Hidden Files and Directories 2021-09-06 18:37:02 +02:00
Florian Roth 6b2bacd2cc Merge pull request #1979 from frack113/test_global 
Change ID in global action rule
 2021-09-06 08:44:14 +02:00
zakibro 5042ba65ac Update lnx_auditd_audio_capture.yml 
Added more references about arecord.
 2021-09-05 09:28:53 +02:00
Pawel Mazur caf78b5ea1 New Rule - Linux-Audio-Capture 2021-09-04 22:10:34 +02:00
frack113 769451dc03 Add missing id 2021-09-03 13:42:15 +02:00
frack113 815134df7f Cleanup 2021-09-03 13:30:10 +02:00
zakibro 8bd859f550 Update lnx_auditd_system_info_discovery.yml 2021-09-03 13:07:42 +02:00
Pawel Mazur 864286e206 New Rule - Linux-Auditd-System Information Discovery 2021-09-03 11:33:18 +02:00
frack113 086a15fc45 Update global ID 2021-09-02 20:07:03 +02:00
f.hubaut e66007a43d fix file name case 2021-08-26 11:15:33 +02:00
frack113 5b869a3f42 Update cve tags 2021-08-24 10:50:01 +02:00
Max Altgelt 6f05e33feb fix: Correct incorrect message / keyword usage 
Correct a number of rules where message or keyword were incorrectly used
as field names in events (typically windows event logs). However, neither
field actually exists and as such these strings could never match.
 2021-08-12 16:28:07 +02:00
frack113 f2cdbb5aa7 Rename rule service:auditd 2021-07-07 13:53:51 +02:00
leegengyu 3791ab4b12 Updated ART reference links from .yaml to .md 2021-07-06 17:43:20 +08:00
Anton Kutepov 3f45269296 Merge branch 'oscd' 
B
B
B
B
A
 2021-03-02 22:58:41 +03:00
jaegeral e1f43f17c2 fixed various spelling errors all over rules and source code 2021-02-24 14:43:13 +00:00
Florian Roth 2c48d2b0bb fix: missing global action and sections 2021-02-01 20:00:06 +01:00
Bhabesh Rai 63e2f4bbce Added rule for Sudo CVE-2021-3156 Exploitation Attempt 2021-02-01 23:08:45 +05:45
Jonhnathan 3361b62cc2 Update lnx_auditd_susp_exe_folders.yml 2020-10-15 23:09:06 -03:00
Jonhnathan d655ebf092 Update lnx_auditd_masquerading_crond.yml 2020-10-15 23:08:08 -03:00
Jonhnathan e26e5a1e7e Update lnx_auditd_create_account.yml 2020-10-15 23:07:39 -03:00
Florian Roth d3ee1aba66 docs: MITRE ATT&CK(R) trademark references removed or adjusted 
https://github.com/Neo23x0/sigma/issues/1028
 2020-09-30 08:53:52 +02:00
Mike Wade 8ce73bd8df Fixed issues with tags and missing files 2020-09-15 06:10:57 -06:00
Mike Wade 52ab677798 Fixed my git issue 2020-09-13 22:03:04 -06:00
Timur Zinniatullin 8dba6ceee6 2nd review 2020-08-25 09:31:38 +03:00
Timur Zinniatullin 1244cacfbf Update lnx_auditd_create_account.yml 2020-08-25 09:20:27 +03:00
Timur Zinniatullin 72fdf0da45 Update lnx_auditd_susp_cmds.yml 2020-08-04 20:00:30 +03:00
Timur Zinniatullin 4e688233d7 ATT&CK mapping update suggestions for \linux\ 2020-08-04 19:48:18 +03:00