security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
13,580 Commits 1 Branch 57 Tags
74e2d1bd3cec8fa72ba06cf4eef8e58fb5e0e237
Commit Graph

315 Commits

Author SHA1 Message Date
Nasreddine Bencherchali 8e3d1fa653 Update web_win_webshells_in_access_logs.yml 2022-10-27 14:13:12 +02:00
Nasreddine Bencherchali c2045d6a91 Update web_win_webshells_in_access_logs.yml 2022-10-26 23:18:08 +02:00
frack113 5498621bbc Order yaml field 2022-10-25 10:08:58 +02:00
frack113 931fb30853 old experimental rule promotion 2022-10-09 16:54:04 +02:00
Florian Roth b634e1a3f9 Merge pull request #3562 from nasbench/pysigma-fix 
PySigma Issues Fix
 2022-10-07 09:21:15 +02:00
Florian Roth b75ef97876 Update web_exchange_proxyshell.yml 2022-10-07 08:48:01 +02:00
Florian Roth 87b306834c Update web_cve_2022_36804_atlassian_bitbucket_command_injection.yml 2022-10-06 09:29:06 +02:00
Florian Roth d8c80d9193 docs: add ATT&CK technique id 2022-10-06 08:39:53 +02:00
Florian Roth 8419124990 docs: change modified date 2022-10-06 08:39:12 +02:00
Florian Roth a47ed32736 fix: unused selection in 23eee45e-933b-49f9-ae1b-df706d2d52ef 2022-10-06 08:38:40 +02:00
Nasreddine Bencherchali 2c26614ce4 Update Wildcard + Int to Str fields 2022-10-05 23:15:20 +02:00
Nasreddine Bencherchali afb2e7567d Create web_cve_2022_36804_atlassian_bitbucket_command_injection.yml 2022-09-29 22:23:04 +02:00
Nasreddine Bencherchali fb44c6fa87 Update meta info 2022-09-13 22:14:45 +02:00
Wagga 4573ab0a21 Fix a lot of typos in rules text and comments #Part 3 (#3446) 2022-08-30 08:21:25 +02:00
Ali Saad Jaffer(ali42201) f62f2bb902 fix case on author for consistency 2022-08-18 17:48:44 -04:00
frack113 4316d9c500 Update condition 2022-08-18 18:38:14 +02:00
Gott a9f22696d8 Update web_cve_2022_27925_exploit.yml 
consolidated selection logic and stripped "cs-cookie: 'ZM_AUTH_TOKEN'", as it is most likely not logged
 2022-08-18 12:27:58 -04:00
Gott c1dc90f9ed Update web_cve_2022_27925_exploit.yml 
Added additional logic looking for a call to an uploaded webshell, with a 200 response
 2022-08-18 07:30:23 -04:00
Gott 224e30c3f4 Update web_cve_2022_27925_exploit.yml 
corrected issues surrounding the sigma checks and added an additional reference
 2022-08-18 07:25:29 -04:00
Gott 405b9aa563 Create web_cve_2022_27925_exploit.yml 2022-08-17 15:22:44 -04:00
Nasreddine Bencherchali 6798d69d00 Update 2022-08-15 00:22:08 +01:00
Nasreddine Bencherchali ce43b1da5c Create web_cve_2022_31659_vmware_rce.yml 2022-08-12 18:50:08 +01:00
Nasreddine Bencherchali 4f7738b867 Add rule CVE-2022-31656 2022-08-12 16:29:52 +01:00
Florian Roth 9eb0ea7284 Update web_cve_2020_10148_solarwinds_exploit.yml 2022-08-03 16:38:38 +02:00
Tim Shelton 4d00c9a33a Adjusting the condition query 2022-08-02 23:28:42 +00:00
Tim Shelton 0c0008e8d5 Narrowing the detection due to false positive matches of webresource.axd 2022-08-02 23:18:50 +00:00
phantinuss dbfd439ce4 fix: too many FPs 
with e.g. =select-billing-address and many more
 2022-07-27 14:18:29 +02:00
Florian Roth ff6384aabb Merge pull request #3262 from redsand/improvement_add_additional_useragent 
Feature improvement to add an additional known user agent seen in the…
 2022-07-22 21:07:03 +02:00
Tim Shelton 3c015a9c78 Feature improvement to add an additional known user agent seen in the wild. 2022-07-21 19:28:10 +00:00
Florian Roth 63963a9014 Merge pull request #3254 from nasbench/cve_2022_33891 
Create web_cve_2022_33891_spark_rce.yml
 2022-07-21 18:13:39 +02:00
Florian Roth de4dd20a82 Update web_cve_2022_33891_spark_shell_command_injection.yml 2022-07-21 18:02:44 +02:00
Nasreddine Bencherchali aa79f4a5ee Update web_cve_2022_33891_spark_shell_command_injection.yml 2022-07-21 15:34:11 +01:00
Florian Roth de68fb244e Merge pull request #3251 from nasbench/CVE-2014-6287 
Create web_cve_2014_6287_hfs_rce.yml
 2022-07-20 23:24:42 +02:00
Nasreddine Bencherchali a8b283ba5f Update 2022-07-20 13:40:24 +01:00
Nasreddine Bencherchali 4c5929416a Update web_cve_2014_6287_hfs_rce.yml 2022-07-20 13:26:19 +01:00
Florian Roth 776b3ff99c Update web_susp_useragents.yml 2022-07-20 14:21:41 +02:00
Nasreddine Bencherchali 06c9ba2730 Renamed File 2022-07-19 18:38:10 +01:00
Nasreddine Bencherchali 32b028fb16 Create web_cve_2022_33891_spark_rce.yml 2022-07-19 17:15:14 +01:00
Nasreddine Bencherchali 595af48863 Create web_susp_useragents.yml 2022-07-19 16:26:28 +01:00
Nasreddine Bencherchali 982038ebe3 Update web_cve_2014_6287_hfs_rce.yml 2022-07-19 15:27:16 +01:00
Nasreddine Bencherchali 8e5e71ea15 Create web_cve_2014_6287_hfs_rce.yml 2022-07-19 15:17:16 +01:00
Nasreddine Bencherchali 1392ca1ec5 Fix review 2022-07-11 20:27:42 +01:00
Nasreddine Bencherchali 62574e9b0c Update Ref+Selection 3 2022-07-11 18:12:51 +01:00
Nasreddine Bencherchali 238e0ecd7d Update Ref+Selection 2022-07-11 14:11:53 +01:00
Nasreddine Bencherchali aec95b6d65 Update selections and indentation 2022-07-07 20:13:45 +01:00
phantinuss 10dfd7d063 fix: FP found in webserver logs 2022-06-27 16:46:18 +02:00
Florian Roth f728893364 refactor: rule level adjustments - critical to high 2022-06-18 17:43:22 +02:00
Nasreddine Bencherchali a2d19f3db2 Add FP filter + FP remark 2022-06-15 11:48:15 +01:00
Nasreddine Bencherchali 9f0989e49c Quick typo fix 2022-06-15 11:38:34 +01:00
Nasreddine Bencherchali 894f6af09f Removed double quotes 2022-06-15 11:30:01 +01:00