security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
9,040 Commits 1 Branch 57 Tags
6b7206ca2aaa5e413ada8a5ad0dc4262e41bf7f2
Commit Graph

6774 Commits

Author SHA1 Message Date
Florian Roth 6b7206ca2a fix: print driver FP 2021-12-01 14:14:53 +01:00
Florian Roth 5a01a88af1 fix: FPs with FileStream events 2021-12-01 14:10:56 +01:00
Florian Roth 4a136fdce6 simplified condition 2021-12-01 14:06:09 +01:00
Florian Roth f2199eacad fix: FPs noticed with Aurora 2021-12-01 13:39:53 +01:00
Florian Roth 6d155ad2ce fix: simplified and extended rule 2021-11-30 20:12:07 +01:00
Florian Roth 9b235f6873 fix: Granted Access 0x410 in different rules 2021-11-30 19:20:37 +01:00
Florian Roth e89646a696 Merge branch 'aurora-false-positive-fixing' of https://github.com/SigmaHQ/sigma into aurora-false-positive-fixing 2021-11-30 19:15:20 +01:00
Florian Roth 112c3522d8 fix: FPs noticed with Aurora 2021-11-30 19:14:49 +01:00
Florian Roth 9209051f94 fix: FPs noticed with Aurora 2021-11-29 18:25:34 +01:00
Florian Roth b8985a222f fix: FPs noticed with Aurora 2021-11-29 16:13:24 +01:00
Florian Roth 4d7fd953a5 revert change to filters in dbghelp/dbgcore rule 2021-11-29 15:47:50 +01:00
Florian Roth dcf9d8c828 fix: FPs noticed with Aurora 2021-11-29 15:38:43 +01:00
Florian Roth 17d6528f41 Merge branch 'master' into aurora-false-positive-fixing 2021-11-29 13:09:38 +01:00
Florian Roth 1ab0dd7100 Merge branch 'rule-devel' of https://github.com/SigmaHQ/sigma into rule-devel 2021-11-29 11:40:47 +01:00
Florian Roth ede058b4fd Update win_malware_emotet.yml 2021-11-29 11:38:28 +01:00
Florian Roth 820cc0ccf8 Merge branch 'master' into rule-devel 2021-11-29 11:00:25 +01:00
Florian Roth ef7810fa8b fix: fixing issues with wildcard symbol 
https://github.com/SigmaHQ/sigma/issues/2339
 2021-11-29 10:57:01 +01:00
Florian Roth 47d8de37b7 Merge pull request #2340 from SigmaHQ/rule-devel 
rule: whoami as parameter
 2021-11-29 10:56:03 +01:00
Florian Roth 10db577863 rule: whoami as parameter 2021-11-29 09:55:56 +01:00
Florian Roth 142437d9dc fix: FPs noticed with Aurora 2021-11-28 14:57:54 +01:00
Florian Roth e41c195ca5 Merge pull request #2335 from SigmaHQ/aurora-false-positive-fixing 
Aurora false positive fixing
 2021-11-28 10:03:48 +01:00
Florian Roth 19aa434cbd fix: update modified date 2021-11-28 01:17:09 +01:00
Florian Roth 8f22165f26 fix: FPs noticed with Aurora 2021-11-28 01:16:18 +01:00
Florian Roth 330fcf485c Merge branch 'master' into promote_status 2021-11-27 17:15:56 +01:00
Florian Roth 1fd729c619 Merge pull request #2334 from SigmaHQ/aurora-false-positive-fixing 
Aurora false positive fixing
 2021-11-27 17:15:12 +01:00
frack113 9b27955dd7 Restore status 2021-11-27 16:09:33 +01:00
Florian Roth 91c83bbe09 docs: changed wording in rule descriptions 2021-11-27 15:20:37 +01:00
Florian Roth b1ee26c6aa fix: more FPs noticed with Aurora 2021-11-27 14:54:03 +01:00
Florian Roth 91c13584cf Merge pull request #2331 from frack113/small_fix 
Fix optional section name
 2021-11-27 14:42:42 +01:00
Florian Roth 227d99ff58 Merge pull request #2333 from SigmaHQ/rule-devel 
Suspicious LSASS Process Clone
 2021-11-27 14:42:14 +01:00
Florian Roth bd772975f7 rule: LSASS access from program in suspicious folder 2021-11-27 14:09:11 +01:00
Florian Roth 1f6fa6dd58 rule: ATPMiniDump extensions 2021-11-27 14:02:42 +01:00
Florian Roth 7489676404 refactor: removed unnecessary filter 2021-11-27 13:34:56 +01:00
Florian Roth f4e48f0e2a refactor: extended paths 2021-11-27 13:33:32 +01:00
Florian Roth c4cb309da5 rule: LSASS process clone 2021-11-27 13:32:41 +01:00
Florian Roth aca1a5d959 fix: microsoft edge filter 2021-11-27 13:10:53 +01:00
Florian Roth b05ac58503 Merge pull request #2330 from SigmaHQ/aurora-false-positive-fixing 
fix: FPs noticed with Aurora
 2021-11-27 12:57:21 +01:00
Florian Roth 2eb1f62477 Merge pull request #2328 from frack113/forget_status 
Forgot the status
 2021-11-27 12:01:30 +01:00
Florian Roth 55284839e1 fix: condition in PS AppData rule 2021-11-27 11:59:50 +01:00
Florian Roth 2844e58369 fix: FPs noticed with Aurora 2021-11-27 11:52:48 +01:00
frack113 f04a6bb1c6 Change status for old rules 2021-11-27 11:47:03 +01:00
frack113 01dc930c17 Change status for old rules 2021-11-27 11:33:14 +01:00
frack113 c6caab9e1e Fix optional section name 2021-11-27 11:27:40 +01:00
Florian Roth 6664d6e522 Merge pull request #2329 from SigmaHQ/rule-devel 
fix: regex in lolbas rules
 2021-11-27 11:05:34 +01:00
Florian Roth 5a9f82206f Merge pull request #1045 from vburov/patch-9 
Create win_hack_hydra.yml
 2021-11-27 10:21:56 +01:00
Florian Roth 8e2be01845 Merge branch 'master' into rule-devel 2021-11-27 10:17:07 +01:00
Florian Roth 0593446f96 fix: regex in diantz rule 2021-11-27 10:16:27 +01:00
Florian Roth 62cd452c95 Merge branch 'master' into rule-devel 2021-11-27 10:16:10 +01:00
Florian Roth 0f6c2e007e fix: regex in Extract32 rule 2021-11-27 10:15:24 +01:00
Florian Roth ef13bea075 fix: regular expression in " 2021-11-27 10:05:51 +01:00