security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,345 Commits 1 Branch 57 Tags
5f5b57504b645638835d3f83214668326ecb3426
Commit Graph

82 Commits

Author SHA1 Message Date
frack113 6d56e400d2 Merge pull request #2121 from frack113/update_test 
Update test  adding  logsource to duplicate logic test
 2021-10-06 14:46:48 +02:00
frack113 80d09483d9 move to builtin 2021-10-05 07:33:50 +02:00
frack113 4f86a245f8 Order file i correct directory 2021-10-05 07:30:43 +02:00
frack113 fd329f4f9b Remove unneeded EventID 2021-10-04 21:25:57 +02:00
Florian Roth bb2e6acd40 Merge pull request #1926 from pbssubhash/master 
Adding CVE's Exploitation attempt detection: Year - 2010
 2021-09-23 14:08:15 +02:00
frack113 c59b0eb543 Merge pull request #2063 from frack113/last_global 
Split Last Global Rules
 2021-09-23 13:54:57 +02:00
Florian Roth 3107ede1c4 Merge branch 'pr/2065' 2021-09-23 09:18:15 +02:00
Austin Songer 53f426342c Update win_file_winword_cve_2021_40444.yml 2021-09-22 22:26:05 -05:00
frack113 6e6d57b019 fix filename 2021-09-22 18:45:08 +02:00
frack113 ab5f5f95bc fix filename 2021-09-22 16:27:05 +02:00
frack113 3c906b52a0 fix filename 2021-09-22 16:21:07 +02:00
phantinuss 46febf48b0 fix: remove rule, too many FPs and no better matching criteria 2021-09-21 16:52:17 +02:00
frack113 7c8d1ab037 split global win_moriya_rootkit.yml 2021-09-21 15:18:25 +02:00
frack113 4718f914e9 split global sysmon_hack_dumpert.yml 2021-09-21 10:43:42 +02:00
frack113 318f8b714e split global win_tool_psexec.yml 2021-09-21 10:10:48 +02:00
frack113 91788e57c7 Merge pull request #2051 from frack113/double_file_name 
fix duplicate name file
 2021-09-20 10:45:35 +02:00
frack113 6286cf80cc fix duplicate name file 2021-09-20 09:31:04 +02:00
frack113 faff9e6db7 spli win_apt_slingshot.yml 2021-09-19 11:36:40 +02:00
frack113 b576ad115b split win_apt_unidentified_nov_18.yml 2021-09-19 11:11:04 +02:00
frack113 deb0ad5f58 split win_hktl_createminidump.yml 2021-09-19 10:19:34 +02:00
frack113 18e7e16005 split win_mal_adwind.yml 2021-09-19 10:12:03 +02:00
frack113 7d000f2b1d split win_susp_winrm_AWL_bypass.yml 2021-09-19 09:41:17 +02:00
frack113 973e0666ac Merge pull request #2020 from frack113/pc_global 
Split some global process_creation rules
 2021-09-15 19:03:30 +02:00
Sittikorn S dd9921b360 Update win_file_winword_cve_2021_40444.yml 
Add modified date
 2021-09-13 19:41:01 +07:00
Sittikorn S edd5c2745e Update win_file_winword_cve_2021_40444.yml 
change TargetFilename|contains|all
 2021-09-13 16:05:56 +07:00
Sittikorn S 5977596e65 Update win_file_winword_cve_2021_40444.yml 2021-09-13 16:05:22 +07:00
Sittikorn S 7386904e42 Update win_file_winword_cve_2021_40444.yml 
Add new condition
 2021-09-13 15:33:14 +07:00
pbssubhash 4ae1d41983 Corrected Rules - Logsource 2021-09-13 10:16:02 +05:30
pbssubhash 0c092cd106 Final changes 2021-09-12 23:11:46 +05:30
pbssubhash 3c0c1706dc Changed 2021-09-12 23:06:01 +05:30
pbssubhash 2b228e5f33 Merge branch 'SigmaHQ:master' into master 2021-09-12 18:08:42 +05:30
frack113 2223afb6fe split global rules 2021-09-11 20:30:32 +02:00
Florian Roth 7d6baaa79a Merge pull request #2014 from SigmaHQ/rule-devel 
CVE-2021-40444 file creation - winword.exe + .cab
 2021-09-10 18:50:59 +02:00
Florian Roth 9e7ede66cc CVE-2021-40444 file creation - winword.exe + .cab 2021-09-10 18:13:09 +02:00
pbssubhash 10dd702f94 Merge branch 'SigmaHQ:master' into master 2021-09-09 22:31:50 +05:30
frack113 d9cd1652f2 Split global sysmon rules 2021-09-09 16:11:41 +02:00
Florian Roth 6b2bacd2cc Merge pull request #1979 from frack113/test_global 
Change ID in global action rule
 2021-09-06 08:44:14 +02:00
frack113 6780182c37 Merge pull request #1974 from frack113/tags_pack2 
Add missing Tags
 2021-09-03 19:13:32 +02:00
frack113 a6bb5574fb Update global id 2021-09-03 06:35:35 +02:00
phantinuss ab721c736c chore: move level/falsepositives to bottom 2021-09-02 14:55:17 +02:00
frack113 1ba0a7c7a3 add missing tags 2021-09-01 19:38:35 +02:00
phantinuss 9ffdced740 fix: implement suggestions from PR discussion 2021-09-01 10:21:37 +02:00
phantinuss 3a9e10d081 bulk of new rules to match working UACMe UAC bypasses 2021-08-31 12:51:21 +02:00
pbssubhash d5d28cc85e Merge branch 'SigmaHQ:master' into master 2021-08-25 21:12:14 +05:30
frack113 7753f8c22e fix tags 2021-08-24 12:36:31 +02:00
frack113 5b869a3f42 Update cve tags 2021-08-24 10:50:01 +02:00
pbssubhash 6b66c0774c Changing service to sysmon 2021-08-22 10:10:12 +05:30
frack113 064c65cb1f Merge pull request #1892 from frack113/clean_PS 
Powershell Cleanup
 2021-08-21 18:04:52 +02:00
frack113 a44206bfa0 Some cleanup 2021-08-21 17:33:39 +02:00
pbssubhash eee497f656 Title modification 2021-08-21 20:04:03 +05:30