security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,665 Commits 1 Branch 57 Tags
6ad167a4f31e2aeeccf2ef753551f7cbbbf031ac
Commit Graph

9808 Commits

Author SHA1 Message Date
Florian Roth 6ad167a4f3 rule: SysmonEnte usage 2022-09-07 14:33:44 +02:00
Florian Roth 1fff6c3bb6 Merge branch 'master' into rule-devel 2022-09-06 09:40:07 +02:00
Florian Roth c81f87c333 refactor: renamed sdelete and increased level 2022-09-06 09:39:45 +02:00
Florian Roth 97d65f4bfd Merge pull request #3465 from SigmaHQ/rule-devel 
Havana Ransomware UA
 2022-09-06 09:15:31 +02:00
Florian Roth efe4d62a54 Merge pull request #3459 from SigmaHQ/aurora-false-positive-fixing 
Aurora false positive fixing
 2022-09-06 08:41:02 +02:00
Florian Roth ab6e9551d9 Merge branch 'aurora-false-positive-fixing' of https://github.com/SigmaHQ/sigma into aurora-false-positive-fixing 2022-09-05 23:01:43 +02:00
Florian Roth f188b9abfd fix: FPs with crypto miner cmdlines 2022-09-05 23:01:42 +02:00
Florian Roth 55d479302d Merge pull request #3460 from frack113/certutil_net 
Certutil network connection
 2022-09-05 21:06:49 +02:00
Florian Roth cab6ccc18a Merge branch 'master' into aurora-false-positive-fixing 2022-09-05 16:57:10 +02:00
Florian Roth 96a55cc3cb refactor: extend values 2022-09-05 16:52:01 +02:00
Florian Roth 7b5c887596 fix: FPs with File Creation Date Changed to Another Year 2022-09-05 16:50:49 +02:00
Florian Roth b4cae0d551 Merge branch 'rule-devel' of https://github.com/SigmaHQ/sigma into rule-devel 2022-09-05 16:50:28 +02:00
Florian Roth 69308b035a rule: havana ransomware UA 2022-09-05 16:50:26 +02:00
Florian Roth 468b303660 Update net_connection_win_certutil.yml 2022-09-05 11:59:15 +02:00
David André 8a595cd3fd Merge branch 'SigmaHQ:master' into add_quotes_to_strings 2022-09-04 10:10:14 +02:00
frack113 92f694a013 Merge pull request #3461 from danielgottt/patch-8 
Create proc_creation_win_ldifde_file_load.yml
 2022-09-04 08:17:43 +02:00
Gott 38d6a52e4d Update proc_creation_win_ldifde_file_load.yml 
Implemented suggestions
 2022-09-03 10:02:51 -04:00
Florian Roth 1af75b397d fix: VSCode file permissions changes 2022-09-03 09:48:36 +02:00
Florian Roth c7eddebe40 fix: Msiexec FPs noticed with Aurora 2022-09-03 09:30:24 +02:00
frack113 8162792c11 Merge pull request #3458 from frack113/frp 
Add proc_creation_win_frp
 2022-09-03 08:18:28 +02:00
frack113 fda96b4ea7 Merge pull request #3457 from nasbench/nasbench-rule-devel 
Rule Devel (New+Update)
 2022-09-03 08:18:03 +02:00
Gott 7530008f26 Create proc_creation_win_ldifde_file_load.yml 2022-09-02 19:18:52 -04:00
Nasreddine Bencherchali 1adbd8f0b3 Fix after review 2022-09-02 17:44:53 +02:00
frack113 99e3b5d440 Update proc_creation_win_frp.yml 2022-09-02 17:43:19 +02:00
Florian Roth 19d8cdbaed Update proc_creation_win_susp_powershell_download_iex.yml 2022-09-02 17:36:54 +02:00
Florian Roth 168df94b73 Update proc_creation_win_susp_clsid_foldername.yml 2022-09-02 17:36:10 +02:00
frack113 5e5f3c803e Fix tag 2022-09-02 17:32:50 +02:00
frack113 8f0ade9ad9 Fix name 2022-09-02 17:28:36 +02:00
Florian Roth da6ca9ece7 Update proc_creation_win_certutil_ntlm_coercion.yml 2022-09-02 17:27:15 +02:00
frack113 693b7761c1 Add net_connection_win_certutil 2022-09-02 17:23:23 +02:00
Florian Roth dee6a6a7c8 Merge pull request #3451 from SigmaHQ/rule-devel 
refactor: added extension to ransomware rule
 2022-09-02 17:22:41 +02:00
Florian Roth b33b2317c8 Update proc_creation_win_frp.yml 2022-09-02 17:22:23 +02:00
Florian Roth 3e1116bbfb Update proc_creation_win_frp.yml 2022-09-02 17:19:27 +02:00
Florian Roth 6a6454cda9 fix: Health Service filter 2022-09-02 16:59:54 +02:00
Florian Roth 3ee77e1446 fix: FPs noticed with Aurora 2022-09-02 16:57:23 +02:00
Nasreddine Bencherchali f6026b6972 Update proc_creation_win_susp_schtasks_disable.yml 2022-09-02 14:39:52 +02:00
Nasreddine Bencherchali 927b29e85a Update proc_creation_win_susp_powershell_download_iex.yml 2022-09-02 14:28:47 +02:00
Nasreddine Bencherchali e0a74d6238 Update proc_creation_win_net_default_accounts_manipulation.yml 2022-09-02 14:17:17 +02:00
Nasreddine Bencherchali 0bdd7ea35c Update registry_set_sophos_av_tamaper.yml 2022-09-02 13:53:59 +02:00
Nasreddine Bencherchali 116a72c206 Fix FP 2022-09-02 13:31:49 +02:00
Nasreddine Bencherchali 3c83e6c51b Update registry_set_sophos_av_tamaper.yml 2022-09-02 12:03:57 +02:00
Nasreddine Bencherchali 884891746b Update proc_creation_win_powershell_amsi_bypass.yml 2022-09-02 12:02:18 +02:00
Nasreddine Bencherchali 37f08c4cbb More updates 2022-09-02 11:52:13 +02:00
frack113 8bb29b0e66 Add proc_creation_win_frp 2022-09-02 10:29:40 +02:00
Nasreddine Bencherchali b02a2ff2dc Update proc_creation_win_net_default_accounts_manipulation.yml 2022-09-02 09:49:14 +02:00
Nasreddine Bencherchali 5f03a73dd2 Update proc_creation_win_susp_clsid_foldername.yml 2022-09-02 09:33:13 +02:00
frack113 9e5eefd71b Merge pull request #3456 from phantinuss/master 
fix: FP in testing environment
 2022-09-02 09:30:21 +02:00
Nasreddine Bencherchali ed88295732 Update proc_creation_win_susp_clsid_foldername.yml 2022-09-02 09:28:28 +02:00
phantinuss 48ac804c9e fix: remove part of UNC path 2022-09-02 09:21:48 +02:00
Nasreddine Bencherchali d0e7732ddd Update proc_creation_win_susp_openas_rundll_usage.yml 2022-09-02 09:19:25 +02:00