security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6,113 Commits 1 Branch 57 Tags
5f6c19f203d7d0910d7ef9ed160302cbcc191d7a
Commit Graph

4406 Commits

Author SHA1 Message Date
Jonhnathan 5f6c19f203 Update Threat Hunter Playbook Reference 2021-05-22 01:02:19 -03:00
Jonhnathan 627a83914a Update Threat Hunter Playbook Reference 2021-05-22 01:01:33 -03:00
Jonhnathan 3853d71c56 Update Threat Hunter Playbook Reference 2021-05-22 01:01:07 -03:00
Jonhnathan e218c32a4c Update Threat Hunter Playbook Reference 2021-05-22 01:00:39 -03:00
Jonhnathan 1b32a5c0f3 Update Threat Hunter Playbook Reference 2021-05-22 00:59:54 -03:00
Jonhnathan 93087d2130 Update Threat Hunter Playbook Reference 2021-05-22 00:59:35 -03:00
Jonhnathan d3afed53ac Update Threat Hunter Playbook Reference 2021-05-22 00:59:04 -03:00
Jonhnathan 7007287832 Update Threat Hunter Playbook Reference 2021-05-22 00:58:23 -03:00
Jonhnathan 2e139b4264 Update win_protected_storage_service_access.yml 2021-05-22 00:57:25 -03:00
Jonhnathan 085218b25a Update Threat Hunter Playbook Reference 2021-05-22 00:57:01 -03:00
Jonhnathan 3fb5f1c47e Update Threat Hunter Playbook Reference 2021-05-22 00:56:32 -03:00
Jonhnathan 943e2c8c88 Update Threat Hunter Playbook Reference 2021-05-22 00:56:03 -03:00
Jonhnathan 9765fcbd0c Update Threat Hunter Playbook Reference 2021-05-22 00:55:29 -03:00
Jonhnathan e23147111b Update Threat Hunter Playbook Reference 2021-05-22 00:54:57 -03:00
Florian Roth a0efd7a4dc Merge pull request #1494 from Karneades/patch-1 
Add keyword WinRM to remote powershell rules
 2021-05-21 10:35:18 +02:00
Andreas Hunkeler e58c59dcfd Update modified field in WinRM rule 2021-05-21 09:29:11 +02:00
Andreas Hunkeler d8ec5fa6af Add modified field in WinRM rule 2021-05-21 09:28:45 +02:00
Florian Roth a30391f3b4 Merge pull request #1495 from SigmaHQ/rule-devel 
rule refactoring: Cobalt Strike service start
 2021-05-20 17:43:29 +02:00
Andreas Hunkeler 93241e7fc6 Add keyword WinRM to remote powershell process rule 2021-05-20 17:03:32 +02:00
Andreas Hunkeler b46f65965d Add keyword WinRM to remote powershell network rule 2021-05-20 17:02:17 +02:00
Andreas Hunkeler 3763e54b99 Add keyword WinRM to remote powershell process rule 2021-05-20 17:00:25 +02:00
Andreas Hunkeler 226a666827 rule: add rule to detect shell spawn from WinRM host process 2021-05-20 16:05:13 +02:00
Florian Roth ebac8a098f rule refactoring: Cobalt Strike service start 2021-05-20 10:05:12 +02:00
Florian Roth 5a3af872d8 Merge pull request #1479 from SigmaHQ/rule-devel 
Rule devel, Trademark test
 2021-05-15 13:42:34 +02:00
Florian Roth 9b32e72d0b fix: syntax issue 2021-05-15 13:19:12 +02:00
Florian Roth 02bf32ce6c fixed more legal issues 2021-05-15 13:09:08 +02:00
Florian Roth 48757423ef rule darkside patterns 2021-05-14 18:06:53 +02:00
Florian Roth a655c5c1a0 update ngrok rule 2021-05-14 17:44:53 +02:00
Florian Roth e4a1ce4498 rule: ngrok rdp port exposure 2021-05-14 17:34:52 +02:00
Florian Roth 3cf1be9e8d rule: exchange vulnerability CVE-2021-28480 2021-05-14 10:08:41 +02:00
Florian Roth 30bee7204c Merge pull request #1475 from wagga40/master 
Modified some field values for case sensitive backends (SQL)
 2021-05-14 08:59:39 +02:00
Florian Roth 83068416fa Merge pull request #1458 from P4rtyH4RD/P4rtyH4RD-patch-1-mitre-code 
Update powershell_suspicious_getprocess_lsass.yml
 2021-05-14 08:59:14 +02:00
wagga40 8944ccea04 Modified some field values for case sensitive backends (SQL) 2021-05-13 06:19:04 +02:00
frack113 cccfb3e59e file_event is a category 2021-05-12 09:05:52 +02:00
frack113 0fd8606e00 image_load is a category 2021-05-12 09:02:04 +02:00
frack113 fa72242ff0 image_load is a category 2021-05-12 08:59:51 +02:00
frack113 ecc0fcb082 process_creation is a category 2021-05-12 08:57:57 +02:00
frack113 cf0a710b4d process_creation is a category 2021-05-12 08:55:35 +02:00
frack113 70a5c8bb5f registry_event is a category 2021-05-12 08:51:38 +02:00
frack113 026320f613 registry_event is a category 2021-05-12 08:36:42 +02:00
Florian Roth 7d7f8c90ec Merge pull request #1443 from icthieves/patch-3 
Update win_scm_database_privileged_operation.yml
 2021-05-11 15:00:20 +02:00
Florian Roth 980ea97217 Merge pull request #1444 from icthieves/patch-2 
Update win_scm_database_handle_failure.yml
 2021-05-11 15:00:09 +02:00
Florian Roth 3564cf81f9 Merge pull request #1460 from neu5ron/patch-1 
[Add Rule] Zeek Suspicious DNS Z Flag Set
 2021-05-11 14:59:48 +02:00
Florian Roth 7bc733a3cf Merge pull request #1473 from frack113/master 
Correct the sysmon case-sensitive Key
 2021-05-11 14:59:20 +02:00
Florian Roth 0fcbce9932 Merge pull request #1465 from austinsonger/win_susp_certutil_command.yml 
Got Rid of References that are no longer valid.
 2021-05-11 14:32:47 +02:00
Florian Roth 85736ad859 Merge pull request #1467 from 2d4d/master 
Update av_webshell.yml
 2021-05-11 14:32:11 +02:00
frack113 f07c368ae0 Correct cast-sensitive Key "OriginalFileName" 2021-05-11 11:18:01 +02:00
frack113 c4c720cc30 Correct cast-sensitive Key "OriginalFileName" 2021-05-11 11:16:12 +02:00
frack113 720dd24814 Correct cast-sensitive Key "OriginalFilename" 2021-05-11 11:13:33 +02:00
frack113 a1b0dfc0cd Correct cast-sensitive Key "DestinationIp" 2021-05-11 10:49:10 +02:00