security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
13,623 Commits 1 Branch 57 Tags
671b60e42ffff3eb56f426a2d53daa67c79b4a5b
Commit Graph

10617 Commits

Author SHA1 Message Date
phantinuss 671b60e42f fix: FP in testing environment 2022-11-24 16:21:28 +01:00
Florian Roth 5542c8c9d9 Merge pull request #3720 from nasbench/nasbench-rule-devel 
feat: general updates and fixes
 2022-11-22 23:25:26 +01:00
Florian Roth 4c0e1e0043 Merge pull request #3721 from qasimqlf/patch-13 
Minor Fix
 2022-11-22 17:10:09 +01:00
phantinuss 62358809a1 fix: FP in testing environment 2022-11-22 16:26:55 +01:00
phantinuss 6ecdd77f6d chore: update submodule cti 2022-11-22 16:21:25 +01:00
Qasim Qlf ed54bf44a5 Minor Fix 2022-11-22 18:13:34 +05:00
Nasreddine Bencherchali b6dce4b6a5 feat: general fixes 2022-11-22 01:22:36 +01:00
Nasreddine Bencherchali 89d69de27f fix: rename + update rule 2022-11-21 12:40:54 +01:00
Nasreddine Bencherchali 471d7a8919 fix: rename rule 2022-11-21 12:35:01 +01:00
Nasreddine Bencherchali e22875f3fa fix: update metadata of the rule 2022-11-21 12:34:34 +01:00
Nasreddine Bencherchali 80c60681e4 fix: add missing related field 2022-11-21 12:31:11 +01:00
Nasreddine Bencherchali 8bd85273c1 fix: deprecate f67dbfce-93bc-440d-86ad-a95ae8858c90 2022-11-21 12:31:01 +01:00
Nasreddine Bencherchali 4532c77a4e fix: fix typo in title and add FP comment 2022-11-21 12:27:54 +01:00
Nasreddine Bencherchali 2145eb75f9 Merge branch 'nasbench-rule-devel' of https://github.com/nasbench/sigma into nasbench-rule-devel 2022-11-21 11:23:27 +01:00
Nasreddine Bencherchali 4084bba9d1 feat: add new variations to the rule 2022-11-21 11:23:18 +01:00
Nasreddine Bencherchali e158555dcd Merge branch 'SigmaHQ:master' into nasbench-rule-devel 2022-11-21 11:22:32 +01:00
Florian Roth 497beea08d Merge pull request #3714 from frack113/net_clr 
.NET CLR Usage Log
 2022-11-19 11:35:19 +01:00
Florian Roth 916bee6fce Merge pull request #3715 from nasbench/add-missing-cmd-flags 
feat: add missing cmd flags
 2022-11-19 11:34:44 +01:00
Florian Roth 74e2d1bd3c Merge pull request #3718 from SigmaHQ/rule-devel 
Rule devel
 2022-11-19 11:33:53 +01:00
Florian Roth 66adbb43f7 chore: change modified date 2022-11-19 08:48:43 +01:00
Florian Roth 4e36ec7175 Update rules/windows/process_creation/proc_creation_win_susp_process_hacker.yml 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-11-19 08:45:58 +01:00
Florian Roth 009ef39ca0 Update rules/windows/process_creation/proc_creation_win_susp_process_hacker.yml 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-11-19 08:45:50 +01:00
Florian Roth 37f6586987 Update rules/windows/process_creation/proc_creation_win_susp_process_hacker.yml 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-11-19 08:45:39 +01:00
Florian Roth 4e27fec49b Update rules/windows/process_creation/proc_creation_win_susp_process_hacker.yml 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-11-19 08:45:30 +01:00
Nasreddine Bencherchali 6df8df3116 feat: update defender reg tamper rule 2022-11-18 18:11:59 +01:00
Nasreddine Bencherchali 87ff47c074 fix: rename rule to be conform to the title 2022-11-18 17:54:13 +01:00
Nasreddine Bencherchali 16e104952a feat: update nsudo rule 2022-11-18 17:53:16 +01:00
Nasreddine Bencherchali 9b1a6cc7c9 feat: update disable defender rule 2022-11-18 17:53:06 +01:00
jstnk9 f0bac30cfb Update netflow_cleartext_protocols.yml (#3716) 2022-11-18 15:55:11 +01:00
frack113 cc340f2247 Apply suggestions from code review 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-11-18 15:43:08 +01:00
frack113 58a732e4b6 Update rules/windows/file/file_event/file_event_win_net_cli_artefact.yml 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-11-18 15:42:37 +01:00
Nasreddine Bencherchali 6fe9eff838 feat: add missing /r 2022-11-18 13:46:51 +01:00
Nasreddine Bencherchali 15f3896922 feat: rename rule to fit convention 2022-11-18 13:45:18 +01:00
Nasreddine Bencherchali 87b709a3e6 feat: add missing /r to cmd 2022-11-18 13:45:01 +01:00
frack113 4bd0cd07ea .NET CLR Usage Log 2022-11-18 13:24:58 +01:00
frack113 59ccb74bc6 Add proc_creation_win_susp_powercfg 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-11-18 11:26:04 +01:00
Nasreddine Bencherchali 6603ca9202 fix: update rules to not use regex 2022-11-18 11:16:13 +01:00
Nasreddine Bencherchali 7804decd2d feat: add more clarification to the test (#3710) 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2022-11-18 11:15:50 +01:00
Nasreddine Bencherchali 20b0a6bad8 Rule Dev 2022-11-18 11:15:28 +01:00
nikitah4x 0f496be1e5 Add new rule to detect PST export when eDiscovery alert policy is disabled (M365) 2022-11-18 08:40:39 +01:00
frack113 cd3082c3f2 Add proc_creation_win_susp_msbuild (#3708) 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-11-18 08:29:50 +01:00
sysradwin b851fe17b9 Update proc_creation_win_base64_reflective_assembly_load.yml 2022-11-17 13:03:32 -05:00
Florian Roth 5c5639cfc6 Merge branch 'rule-devel' of https://github.com/SigmaHQ/sigma into rule-devel 2022-11-17 17:34:50 +01:00
Florian Roth 860b290f32 fix: change casing 2022-11-17 17:34:48 +01:00
Florian Roth 18a44625fc Merge pull request #3702 from nasbench/nasbench-rule-devel 
fix: fix issues and deprecate rule
 2022-11-17 14:49:43 +01:00
Nasreddine Bencherchali 54a94f6f1c fix: add more cases 2022-11-17 10:26:00 +01:00
Nasreddine Bencherchali ef91852c44 fix: update modified date 2022-11-17 10:15:58 +01:00
Nasreddine Bencherchali 6674ed0554 fix: add removed comments 2022-11-17 00:57:24 +01:00
Nasreddine Bencherchali ae149345b5 fix: fix #1972 2022-11-17 00:53:00 +01:00
Nasreddine Bencherchali 061f93364e fix: update invoke-obfuscation rules 2022-11-17 00:25:04 +01:00