security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
13,559 Commits 1 Branch 57 Tags
4e36ec71751aba9422ea2fb3b3acb9111b599a52
Commit Graph

10570 Commits

Author SHA1 Message Date
Florian Roth 4e36ec7175 Update rules/windows/process_creation/proc_creation_win_susp_process_hacker.yml 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-11-19 08:45:58 +01:00
Florian Roth 009ef39ca0 Update rules/windows/process_creation/proc_creation_win_susp_process_hacker.yml 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-11-19 08:45:50 +01:00
Florian Roth 37f6586987 Update rules/windows/process_creation/proc_creation_win_susp_process_hacker.yml 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-11-19 08:45:39 +01:00
Florian Roth 4e27fec49b Update rules/windows/process_creation/proc_creation_win_susp_process_hacker.yml 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-11-19 08:45:30 +01:00
Florian Roth 5c5639cfc6 Merge branch 'rule-devel' of https://github.com/SigmaHQ/sigma into rule-devel 2022-11-17 17:34:50 +01:00
Florian Roth 860b290f32 fix: change casing 2022-11-17 17:34:48 +01:00
Florian Roth 136398698b fix: list with one element 2022-11-16 20:18:30 +01:00
Florian Roth 4234018e22 fix: duplicate uuid 2022-11-16 20:17:29 +01:00
Florian Roth 54669f283d Merge branch 'master' into rule-devel 2022-11-16 18:12:30 +01:00
Florian Roth c79f594425 rule: proc hacker, system informer driver load; refactor: imphash casing 2022-11-16 18:12:23 +01:00
Florian Roth 890c2496d1 Merge pull request #3695 from nasbench/add-missing-originalfilename 
feat: add missing `OriginalFileName` field
 2022-11-16 10:44:54 +01:00
Florian Roth eefa2da8b4 Merge pull request #3700 from jstnk9/master 
Update rpc_firewall_eventlog_recon.yml
 2022-11-16 08:55:49 +01:00
jstnk9 9ec8d40b42 Update rpc_firewall_eventlog_recon.yml 
removed duplicated ref
 2022-11-15 21:58:53 +01:00
Nasreddine Bencherchali 38688b6e68 fix: fix remarks after review 2022-11-15 10:01:11 +01:00
Florian Roth 187cb6b47e Merge pull request #3694 from SigmaHQ/aurora-false-positive-fixing 
Aurora false positive fixing
 2022-11-15 09:35:45 +01:00
Nasreddine Bencherchali f0f660100a fix: fixed broken condition 2022-11-15 00:02:19 +01:00
Nasreddine Bencherchali 7f736b7443 feat: add missing OriginalFileName field 
First batch
 2022-11-14 23:08:19 +01:00
Florian Roth d8704daf79 fix: change modified date 2022-11-14 17:21:08 +01:00
Florian Roth d43517078b fix: modifier 2022-11-14 17:08:08 +01:00
Florian Roth f0681fc49f add another character 2022-11-14 17:06:20 +01:00
Florian Roth c03944c700 fix: condition 2022-11-14 14:24:00 +01:00
phantinuss 64d10f845a fix: FPs in testing environment 2022-11-14 08:54:47 +01:00
Florian Roth 0fb1295157 fix: FPs noticed with Aurora 2022-11-13 20:26:03 +01:00
Florian Roth 91acad69a8 fix: field value 2022-11-12 09:39:25 +01:00
Florian Roth c6d02d6fe2 rule: modified date update, PPLKiller 2022-11-12 09:27:41 +01:00
Florian Roth 6f26d672f1 refactor: add forkatz imphash 2022-11-12 08:39:36 +01:00
Florian Roth b0d47b303e Merge branch 'master' into aurora-false-positive-fixing 2022-11-12 08:34:48 +01:00
Florian Roth c37e099271 Merge branch 'master' into rule-devel 2022-11-12 08:33:29 +01:00
Florian Roth 951ad8c453 rule: suspicious command line flags 2022-11-12 08:33:21 +01:00
Florian Roth f94f0727c4 fix: FPs noticed with Aurora and VStudio 2022-11-12 08:33:04 +01:00
Florian Roth 99b865b603 Merge pull request #3690 from nasbench/nasbench-rule-devel 
Rule Dev
 2022-11-11 18:41:58 +01:00
Nasreddine Bencherchali 953b4f3676 fix: add powershell move-item 2022-11-11 10:05:55 +01:00
Nasreddine Bencherchali 04b7b92b64 fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2022-11-11 10:03:24 +01:00
securepeacock 1cb5febbf3 Update proc_creation_win_lolbin_scriptrunner.yml 
Proxy typo fix.
 2022-11-10 13:26:03 -05:00
Nasreddine Bencherchali 6d8a4571cd fix: add missing - in selection 2022-11-10 18:29:15 +01:00
Nasreddine Bencherchali 0a51dcdf5c fix: rename rule to reflect new title 2022-11-10 18:24:36 +01:00
Nasreddine Bencherchali 1ab9e9640e fix: enhance description 2022-11-10 18:19:39 +01:00
Nasreddine Bencherchali f09ea65ec4 fix: update code integrity rules 2022-11-10 17:43:22 +01:00
Nasreddine Bencherchali ddf7f1b345 fix: fix duplicates in id field 2022-11-10 17:25:55 +01:00
Nasreddine Bencherchali 30869e1b2b fix: fp with defender def updates 2022-11-10 17:15:22 +01:00
Nasreddine Bencherchali 14d13ef9ac fix: rename ftp.exe rule to lolbin rule 2022-11-10 17:06:28 +01:00
Nasreddine Bencherchali c102b26bcf feat: new sftp lolbin rule 2022-11-10 17:05:18 +01:00
Nasreddine Bencherchali ee5a8733dd fix: update ftp.exe rules 2022-11-10 17:05:05 +01:00
Nasreddine Bencherchali cd871bbc04 fix: update rules with more cases 2022-11-10 17:04:52 +01:00
Nasreddine Bencherchali a2fc57fa52 fix: update rule to move takeown 2022-11-10 17:04:02 +01:00
Nasreddine Bencherchali fb957e2897 fix: add missing quotes and OriginalFileName field 2022-11-10 17:03:31 +01:00
Nasreddine Bencherchali 649bbc86ec fix: renamed and updated the "sc query" rule 2022-11-10 17:03:01 +01:00
Nasreddine Bencherchali c9e755acbf fix: add missing quotes and additional metadata 2022-11-10 17:02:29 +01:00
Florian Roth 2ed2452305 Merge pull request #3689 from phantinuss/master 
Fix yesterday's fix
 2022-11-10 16:40:53 +01:00
Florian Roth 99d8c96ccd Merge pull request #3688 from SigmaHQ/rule-devel 
rule: vuln Lenovo driver load, fix: Dell driver load condition, rule: Sysmon parent proc
 2022-11-10 16:34:21 +01:00