security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
6,595 Commits 1 Branch 57 Tags
6d41d538b2f487857dd4e4e5771672313f2aebaf
Commit Graph

60 Commits

Author SHA1 Message Date
Austin Songer aac72668f4 Update microsoft365_impossible_travel_activity.yml 2021-07-06 16:59:28 -05:00
Austin Songer af3fd2fe8e Create microsoft365_impossible_travel_activity.yml 2021-07-06 16:55:54 -05:00
Florian Roth 9c769a3fce Update aws_securityhub_finding_evasion.yml 2021-06-29 12:49:32 +02:00
Sittikorn S bfe110a2c5 Update aws_securityhub_finding_evasion.yml 2021-06-28 16:07:54 +07:00
Sittikorn S 5a61e402bf Update aws_securityhub_finding_evasion.yml 2021-06-28 15:57:21 +07:00
Sittikorn S 071699da5e Update aws_securityhub_finding_evasion.yml 2021-06-28 15:52:42 +07:00
Sittikorn S ff83414871 Update and rename aws_securityhub_disable_finding.yml to aws_securityhub_finding_evasion.yml 2021-06-28 15:45:31 +07:00
Sittikorn S 4c323d40dd Create aws_securityhub_disable_finding.yml 2021-06-28 15:42:34 +07:00
Darin Smith e921181f4b Add AWS snapshot exfiltration rule 2021-05-17 13:00:01 -07:00
Anton Kutepov 3f45269296 Merge branch 'oscd' 
B
B
B
B
A
 2021-03-02 22:58:41 +03:00
jaegeral e1f43f17c2 fixed various spelling errors all over rules and source code 2021-02-24 14:43:13 +00:00
Joshua Roys 025a17e44b fix: case in level 
Otherwise es-rule ends up with a null risk_score and invalid severity.
 2021-02-22 21:34:06 -05:00
toffeebr33k c8c4183678 Update aws_enum_listing.yml 2020-11-22 01:53:58 +08:00
toffeebr33k 3d0e1988c6 Update aws_enum_listing.yml 2020-11-22 01:41:20 +08:00
toffeebr33k 273590b151 Update aws_enum_listing.yml 2020-11-22 01:17:42 +08:00
toffeebr33k 52fca0fe3a Update aws_enum_listing.yml 2020-11-22 01:05:56 +08:00
toffeebr33k e764ca687a Update aws_enum_listing.yml 2020-11-22 00:50:34 +08:00
toffeebr33k 00504ee186 Update aws_update_login_profile.yml 2020-11-22 00:42:25 +08:00
toffeebr33k 3dd1525b98 Update aws_update_login_profile.yml 2020-11-22 00:38:41 +08:00
toffeebr33k 6b65180464 Add files via upload 2020-11-22 00:33:47 +08:00
toffeebr33k cff82ff79a Delete aws_update_login_profile.yml 2020-11-22 00:33:17 +08:00
toffeebr33k 7e1c918b4d Delete aws_enum_listing.yml 2020-11-22 00:32:59 +08:00
toffeebr33k 551764b630 Add files via upload 2020-11-22 00:26:17 +08:00
toffeebr33k 3dd25ddea4 Delete aws_update_login_profile.yml 2020-11-22 00:25:54 +08:00
toffeebr33k fba9c12bb2 Delete aws_enum_listing.yml 2020-11-22 00:25:29 +08:00
toffeebr33k 6c1f3f5969 Update aws_update_login_profile.yml 2020-11-21 23:45:10 +08:00
toffeebr33k 70e725e82e Update aws_enum_listing.yml 2020-11-21 23:44:14 +08:00
toffeebr33k 596d1b6e4c Update aws_update_login_profile.yml 2020-11-21 23:29:49 +08:00
toffeebr33k a786ebd04b Update aws_enum_listing.yml 2020-11-21 23:28:57 +08:00
toffeebr33k 1ca903b168 Update aws_enum_listing.yml 2020-11-21 23:22:07 +08:00
toffeebr33k 7f61591865 Add files via upload 2020-11-21 23:12:50 +08:00
Jonhnathan 56dd924fc3 Update aws_ec2_vm_export_failure.yml 2020-10-15 23:31:55 -03:00
Mike Wade 57cae0ded1 Fixed reference typo 2020-09-13 22:07:43 -06:00
Mike Wade 52ab677798 Fixed my git issue 2020-09-13 22:03:04 -06:00
aw350m3 198e42d724 deleted extra spaces 2020-09-03 14:22:31 +00:00
aw350m3 b00047a4e8 att&ck tags review: application, apt, cloud, generic, proxy 2020-09-03 14:16:54 +00:00
Aidan Bracher b61527d0b2 Added ATT&CK tactic 2020-07-18 02:42:10 +01:00
Aidan Bracher 161829a4c0 Added ATT&CK tactic 2020-07-18 02:41:48 +01:00
Aidan Bracher 147fd46157 Added ATT&CK tactic 2020-07-18 02:41:10 +01:00
Ivan Kirillov 0fbfcc6ba9 Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
pdr9rc 31ad81874f capitalized titles 
corrected capitalization of titles and removed literals from config
 2020-05-05 11:32:18 +01:00
Tiago Faria dd85467a27 Update aws_ec2_vm_export_failure.yml 2020-05-02 00:13:55 +01:00
pdr9rc 9ce84a38e5 overrides section support + one example rule + cloudtrail config 
ditto
 2020-04-29 20:36:45 +01:00
faloker 6d9c8e44d7 Update rules titles 2020-02-12 23:09:16 +02:00
faloker 1b15dba712 Correct the indentation 2020-02-12 22:48:46 +02:00
faloker f387cf0c37 Add the rule to detect changes to startup scripts 2020-02-12 22:23:18 +02:00
faloker 01d2f9f99d Add the rule to detect backdooring of users keys 2020-02-12 22:22:38 +02:00
faloker b26c5d8c51 Add rules to detect AWS RDS exfiltration 2020-02-12 22:21:52 +02:00
faloker ddf5f8ec23 Update conditions 2020-02-12 22:20:15 +02:00
faloker aacab37f84 Add a rule for guardduty trusted IPs manipulation 2020-02-11 23:28:23 +02:00