security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
12,069 Commits 1 Branch 57 Tags
751fbd7a2e4f8375d6ec517ceeb4e08f62016e31
Commit Graph

163 Commits

Author SHA1 Message Date
Florian Roth b3dd9f51f0 some rule improvements 2022-07-21 18:16:22 +02:00
Florian Roth d15f3d738b Merge pull request #3207 from SigmaHQ/rule-devel 
fix: missing Windows Defender source, rule: Proxy UA Base64
 2022-07-08 11:14:00 +02:00
Florian Roth 9b47c868bc fix: list and add base64 encoded Mozilla keyword 2022-07-08 10:50:52 +02:00
Florian Roth 6fc782958a rule: Proxy UA Base64 value 2022-07-08 10:40:35 +02:00
Nasreddine Bencherchali 5b352ee34c Update proxy_cobalt_amazon.yml 2022-07-07 15:29:46 +01:00
Nasreddine Bencherchali d03f6df250 Reference Update [Batch 1] 2022-07-07 15:24:15 +01:00
Florian Roth f728893364 refactor: rule level adjustments - critical to high 2022-06-18 17:43:22 +02:00
Florian Roth ed2ab816be refactor: BITS rules new and reworked 2022-06-10 13:16:40 +02:00
David ANDRE 74b9f97b9c Renamed suspicious in filenames to susp 2022-05-19 09:37:04 +02:00
Florian Roth d74d287bac Merge pull request #2998 from redsand/spotify_co_for_bits_admin 
Adds allow for spotify streaming, which uses this service
 2022-05-12 13:02:48 +02:00
phantinuss 112b715dd6 chore: test rules: reactivate single value list check 2022-05-10 17:13:04 +02:00
Tim Shelton 574df099f9 Adds allow for spotify streaming, which uses this service 2022-05-09 20:38:25 +00:00
Florian Roth c8f9577ee9 refactor: new user name 2022-05-06 19:37:47 +02:00
frack113 4631d0c482 remove invalid tag 2022-01-19 18:23:30 +01:00
frack113 f7e670d55e Simple Quote 2022-01-11 13:40:53 +01:00
Florian Roth e055ec1d52 refactor: change all " of them" expressions 2022-01-11 10:59:57 +01:00
frack113 c6014b1205 Change status to test 2022-01-07 07:04:24 +01:00
frack113 73f258e2d1 Change double quote to quote 2022-01-06 14:02:35 +01:00
Florian Roth c842b12970 Update proxy_java_class_download.yml 2021-12-21 13:22:47 +01:00
Andreas Hunkeler c0a6de06c4 rule: Add Java class proxy download rule 2021-12-21 11:25:08 +01:00
Florian Roth 7fad4768e4 rule: APT UA - new user agent 2021-12-01 14:20:05 +01:00
frack113 01dc930c17 Change status for old rules 2021-11-27 11:33:14 +01:00
Florian Roth d43f845157 Update proxy_cobalt_malformed_uas.yml 2021-11-08 11:21:49 +01:00
frack113 b8a1f4c63b Merge pull request #1961 from SigmaHQ/rule-devel 
SideWalk User-Agent used by Sparkling Goblin
 2021-09-01 08:06:15 +02:00
Florian Roth 9b20060275 SideWalk UA 2021-08-31 17:14:19 +02:00
Austin Songer c9128687ee Spelling Errors on Rules 2021-08-18 18:58:20 +00:00
frack113 fc64b8b937 Split PR 1802 fix net rules 2021-08-09 17:23:15 +02:00
Florian Roth 7f820c7b29 rule updates 2021-07-28 16:20:21 +02:00
Florian Roth 9b93165ece BackdoorDiplomacy UA 2021-06-15 10:39:08 +02:00
Florian Roth f52ed7604c BabyShark Pattern 2021-06-10 09:41:36 +02:00
Florian Roth 416030a85f rule: cobaltstrike malformed UAs 2021-05-10 12:43:14 +02:00
Anton Kutepov 3f45269296 Merge branch 'oscd' 
B
B
B
B
A
 2021-03-02 22:58:41 +03:00
jaegeral e1f43f17c2 fixed various spelling errors all over rules and source code 2021-02-24 14:43:13 +00:00
Florian Roth 18f2e32774 Domestic Kitten Furball malware pattern 2021-02-08 17:52:55 +01:00
yugoslavskiy 02ea91ec8b Update proxy_ursnif_malware.yml 2020-11-28 19:09:07 +01:00
yugoslavskiy e932eda645 Update proxy_cobalt_onedrive.yml 2020-11-28 19:07:07 +01:00
yugoslavskiy 207623d2d7 Update proxy_susp_flash_download_loc.yml 2020-11-28 18:59:00 +01:00
Jonhnathan ef5fee93f5 Update proxy_ursnif_malware.yml 2020-10-15 23:30:07 -03:00
Jonhnathan 557135722b Update proxy_ua_hacktool.yml 2020-10-15 23:28:12 -03:00
Jonhnathan 4d46610645 Update proxy_ua_cryptominer.yml 2020-10-15 23:26:31 -03:00
Jonhnathan 229cda76c3 Update proxy_ua_bitsadmin_susp_tld.yml 2020-10-15 23:26:08 -03:00
Jonhnathan a1d3c8c3ff Update proxy_telegram_api.yml 2020-10-15 23:25:19 -03:00
Jonhnathan 641c27fbe1 Update proxy_susp_flash_download_loc.yml 2020-10-15 23:24:54 -03:00
Jonhnathan 990ae166d1 Update proxy_powershell_ua.yml 2020-10-15 23:24:06 -03:00
Jonhnathan d816fa49e7 Update proxy_ios_implant.yml 2020-10-15 23:23:52 -03:00
Jonhnathan 34bda9b09e Update proxy_downloadcradle_webdav.yml 2020-10-15 23:23:17 -03:00
Jonhnathan ff8e3cdb22 Update proxy_download_susp_tlds_whitelist.yml 2020-10-15 23:22:57 -03:00
Jonhnathan be5360b8be Update proxy_download_susp_tlds_blacklist.yml 2020-10-15 23:22:17 -03:00
Jonhnathan 5615173540 Update proxy_download_susp_dyndns.yml 2020-10-15 23:21:25 -03:00
Jonhnathan 2049e5285b Update proxy_cobalt_onedrive.yml 2020-10-15 23:20:21 -03:00