security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,053 Commits 1 Branch 57 Tags
4f469c0e39c5d67e2d2009bcd2e9c6daa8dca0cd
Commit Graph

124 Commits

Author SHA1 Message Date
Thomas Patzke 373424f145 Rule fixes 
Made tests pass the new CI tests. Added further allowed lower case words
in rule test.
 2020-02-20 23:00:16 +01:00
Thomas Patzke d7bd90cb24 Merge branch 'master' into oscd 2020-02-03 23:13:16 +01:00
Thomas Patzke 593abb1cce OSCD QA wave 3 2020-02-02 12:41:12 +01:00
Florian Roth 03ecb3b8dc refactor: moved rues from 'apt' folder in respective folders 2020-02-01 17:59:26 +01:00
Florian Roth d42e87edd7 fix: fixed casing and long rule titles 2020-01-30 17:26:09 +01:00
Florian Roth e79e99c4aa fix: fixed missing date fields in remaining files 2020-01-30 16:07:37 +01:00
Florian Roth efd3af0812 fix: fixed missing date fields in other files 2020-01-30 15:32:39 +01:00
Thomas Patzke 924e1feb54 UUIDs + moved unsupported logic 
* Added UUIDs to all contributed rules
* Moved unsupported logic directory out of rules/ because this breaks CI
  testing.
 2019-12-19 23:56:36 +01:00
yugoslavskiy edad1695f6 Merge branch 'oscd' of https://github.com/mrblacyk/sigma into mrblacyk-oscd 2019-12-02 02:56:53 +01:00
yugoslavskiy 48a94d1609 Update lnx_dd_delete_file.yml 2019-12-02 02:54:48 +01:00
yugoslavskiy ca1c2f4436 Update lnx_chattr_immutable_removal.yml 2019-12-02 02:54:32 +01:00
yugoslavskiy 9e90335a5a Update lnx_pers_systemd_reload.yml 2019-12-02 02:54:13 +01:00
yugoslavskiy 46ca68436e Update lnx_file_or_folder_permissions.yml 2019-12-02 02:53:35 +01:00
mrblacyk 9d0889def4 Adding auditd compatibility 2019-11-29 09:34:08 +01:00
mrblacyk cafbb25d2e Update lnx_file_or_folder_permissions.yml 2019-11-29 09:33:04 +01:00
mrblacyk bf5e6cc56b Adding auditd compatibility 2019-11-29 09:32:05 +01:00
mrblacyk a15c84eb80 Adding auditd compatibility 2019-11-29 09:27:31 +01:00
yugoslavskiy efc404fbae resolve conflicts with rule IDs; restored and deprecated sysmon_mimikatz_detection_lsass.yml 2019-11-19 02:11:19 +01:00
Thomas Patzke 0592cbb67a Added UUIDs to rules 2019-11-12 23:12:27 +01:00
Thomas Patzke 5f6a4225ec Unified line terminators of rules to Unix 2019-11-12 23:05:36 +01:00
yugoslavskiy a4331b0eec Merge pull request #498 from theRabbitCode/oscd 
[OSCD] Added Atomic Blue Detections Repo
 2019-11-11 23:22:57 +03:00
yugoslavskiy bdff2c312b Update lnx_auditd_ld_so_preload_mod.yml 2019-11-11 01:44:53 +03:00
yugoslavskiy 69a99bc2c3 Merge pull request #493 from alx1m1k/oscd 
[OSCD] rules from Jet CSIRT team
 2019-11-10 23:11:24 +03:00
yugoslavskiy 82f23c5f63 Merge pull request #477 from zinint/oscd 
add 13 new rules:

- rules/linux/auditd/lnx_auditd_masquerading_crond.yml 
- rules/linux/auditd/lnx_auditd_user_discovery.yml 
- rules/linux/auditd/lnx_data_compressed.yml 
- rules/linux/auditd/lnx_network_sniffing.yml 
- rules/windows/powershell/powershell_data_compressed.yml 
- rules/windows/powershell/powershell_winlogon_helper_dll.yml 
- rules/windows/process_creation/win_change_default_file_association.yml 
- rules/windows/process_creation/win_data_compressed_with_rar.yml 
- rules/windows/process_creation/win_local_system_owner_account_discovery.yml 
- rules/windows/process_creation/win_network_sniffing.yml 
- rules/windows/process_creation/win_query_registry.yml 
- rules/windows/process_creation/win_service_execution.yml 
- rules/windows/process_creation/win_xsl_script_processing.yml 

modify 1 rule:

- rules/windows/process_creation/win_possible_applocker_bypass.yml
 2019-11-05 04:55:29 +03:00
yugoslavskiy 534f5fc0e1 Update lnx_network_sniffing.yml 2019-11-05 04:40:40 +03:00
yugoslavskiy 70fdd9c7d7 Update lnx_data_compressed.yml 2019-11-05 04:38:27 +03:00
yugoslavskiy 75f2b8536f Update lnx_auditd_user_discovery.yml 2019-11-04 22:14:30 +03:00
yugoslavskiy 8b2216e94e Update lnx_auditd_masquerading_crond.yml 2019-11-04 22:14:10 +03:00
yugoslavskiy 0d5489bbb0 Update lnx_auditd_user_discovery.yml 2019-11-04 22:07:30 +03:00
yugoslavskiy bb71f95810 Update lnx_auditd_masquerading_crond.yml 2019-11-04 21:58:42 +03:00
yugoslavskiy 1f1fd68331 Merge pull request #472 from feedb/oscd 
add 11 new rules:

- rules/linux/auditd/lnx_auditd_web_rce.yml
- rules/windows/process_creation/process_creation_susp_bginfo.yml
- rules/windows/process_creation/process_creation_susp_cdb.yml
- rules/windows/process_creation/process_creation_susp_devtoolslauncher.yml
- rules/windows/process_creation/process_creation_susp_dnx.yml
- rules/windows/process_creation/process_creation_susp_dxcap.yml
- rules/windows/process_creation/process_creation_susp_msoffice.yml
- rules/windows/process_creation/process_creation_susp_odbcconf.yml
- rules/windows/process_creation/process_creation_susp_openwith.yml
- rules/windows/process_creation/process_creation_susp_psr_capture_screenshots.yml
- rules/windows/sysmon/sysmon_webshell_creation_detect.yml
 2019-11-04 20:40:58 +03:00
yugoslavskiy 8a35a51211 Update lnx_auditd_web_rce.yml 2019-11-04 18:08:17 +03:00
zinint 11e7bdc727 Update lnx_network_sniffing.yml 2019-10-30 22:59:46 +03:00
zinint fd09c00b35 Update lnx_network_sniffing.yml 2019-10-30 20:59:07 +03:00
zinint 3d106d8e7f Update lnx_network_sniffing.yml 2019-10-30 19:11:51 +03:00
zinint e0c5479f0a Update lnx_network_sniffing.yml 2019-10-30 19:10:48 +03:00
zinint b5b40f2861 Update lnx_network_sniffing.yml 2019-10-30 19:07:05 +03:00
zinint cc4a8df5e3 Update lnx_network_sniffing.yml 2019-10-30 19:06:53 +03:00
zinint 7e3d8ccaf3 T1040 2019-10-30 19:05:50 +03:00
zinint 4a560e9375 T1002 2019-10-29 22:56:45 +03:00
zinint 583980f8ec Delete win_data_compressed.yml 2019-10-29 22:56:30 +03:00
zinint 4eb7965662 T1002 2019-10-29 22:54:42 +03:00
zinint 950796f71f Update lnx_auditd_masquerading_crond.yml 2019-10-29 22:48:39 +03:00
zinint c5599399b5 Update lnx_auditd_masquerading_crond.yml 2019-10-29 22:48:00 +03:00
zinint 47f7d648a3 T1036 2019-10-29 22:33:03 +03:00
Yugoslavskiy Daniil 3376cf4dd8 fix some typos and remove redundand references 2019-10-29 01:40:06 +03:00
RRRabbit becfca6b41 Added Atomic Blue Detections Repo 2019-10-28 11:59:49 +01:00
zinint d1cf80d9b6 Update lnx_auditd_user_discovery.yml 2019-10-28 00:00:06 +03:00
zinint 68b4541274 t1033 2019-10-27 23:59:16 +03:00
Mikhail Larin 334301c185 OSCD event rules from Jet CSIRT team 2019-10-25 17:57:56 +03:00