blue-team-tools

Author	SHA1	Message	Date
$frack113$ frack113	769451dc03	Add missing id	2021-09-03 13:42:15 +02:00
$frack113$ frack113	815134df7f	Cleanup	2021-09-03 13:30:10 +02:00
zakibro	8bd859f550	Update lnx_auditd_system_info_discovery.yml	2021-09-03 13:07:42 +02:00
Pawel Mazur	864286e206	New Rule - Linux-Auditd-System Information Discovery	2021-09-03 11:33:18 +02:00
f.hubaut	e66007a43d	fix file name case	2021-08-26 11:15:33 +02:00
$frack113$ frack113	5b869a3f42	Update cve tags	2021-08-24 10:50:01 +02:00
SomeOne	295054dcbe	Replace old mitre techniques by new one	2021-08-22 13:57:56 +02:00
$frack113$ frack113	eb406ba36f	Merge pull request #1844 from frack113/cleanup Add more compliance test	2021-08-16 17:17:25 +02:00
$frack113$ frack113	e45557316e	Fix selection with only 1 element	2021-08-14 09:54:27 +02:00
Max Altgelt	ce326cb903	fix: Correct broken rules, add documentation	2021-08-13 15:46:30 +02:00
Max Altgelt	6f05e33feb	fix: Correct incorrect message / keyword usage Correct a number of rules where message or keyword were incorrectly used as field names in events (typically windows event logs). However, neither field actually exists and as such these strings could never match.	2021-08-12 16:28:07 +02:00
$frack113$ frack113	f2cdbb5aa7	Rename rule service:auditd	2021-07-07 13:53:51 +02:00
leegengyu	3791ab4b12	Updated ART reference links from .yaml to .md	2021-07-06 17:43:20 +08:00
leegengyu	69d5d9734d	Updated ART reference links from .yaml	2021-07-06 17:39:25 +08:00
$frack113$ frack113	f91abf8929	Fix auditd is a service	2021-05-30 08:58:25 +02:00
Florian Roth	b5352ac5f7	fix: duplicate UUIDs	2021-05-27 10:29:21 +02:00
phantinuss	4b520de373	new rule detecting ld.so preload persistence by keyword	2021-05-05 15:12:07 +02:00
Florian Roth	8497c8a9e6	fix: linux keywords rule	2021-05-05 12:56:24 +02:00
Florian Roth	15ab1d5e8b	Create lnx_symlink_etc_passwd.yml	2021-05-05 11:55:49 +02:00
Florian Roth	161180c357	refactor: extended shellshock rule	2021-04-28 11:47:24 +02:00
Florian Roth	47504fbd56	fix: shellshock expression	2021-04-28 11:46:49 +02:00
Cedric Hien	bbdbab700d	Fix invalid logsource on lnx_system_info_discovery rule	2021-04-17 12:57:30 +02:00
Thomas Patzke	90efe974b8	Fixes and improvements	2021-04-03 00:08:55 +02:00
Anton Kutepov	3f45269296	Merge branch 'oscd' B B B B A	2021-03-02 22:58:41 +03:00
Anton Kutepov	98cc025208	Renamed ProcessName field to Image for the process_creation category.	2021-02-25 01:57:26 +03:00
jaegeral	e1f43f17c2	fixed various spelling errors all over rules and source code	2021-02-24 14:43:13 +00:00
yugoslavskiy	fb1f04ec8a	Merge pull request #1249 from oscd-initiative/oscd_art_linux_task_18_T1083 [OSCD] ART sync, test T1083: File and Directory Discovery (Linux)	2021-02-04 22:34:47 +01:00
Florian Roth	2c48d2b0bb	fix: missing global action and sections	2021-02-01 20:00:06 +01:00
Bhabesh Rai	63e2f4bbce	Added rule for Sudo CVE-2021-3156 Exploitation Attempt	2021-02-01 23:08:45 +05:45
yugoslavskiy	05c91cd12f	Merge pull request #1238 from alx1m1k/oscd-3 [OSCD] T1030: Split A File Into Pieces - Lin/macOS	2021-01-06 00:33:12 +03:00
yugoslavskiy	057c33354a	Merge pull request #1237 from alx1m1k/oscd-2 [OSCD] T1027.001: Binary Padding - Lin/macOS	2021-01-06 00:33:05 +03:00
yugoslavskiy	a217a3cfc7	Merge pull request #1213 from alx1m1k/oscd [OSCD] T1552.003: Suspicious history file operations - Linux/macOS	2021-01-06 00:21:19 +03:00
yugoslavskiy	e0286abb62	Merge pull request #1197 from w0rk3r/oscd_rules_improvement2 [OSCD] Small improvements on others rules	2021-01-06 00:18:36 +03:00
yugoslavskiy	aeb448cd4d	Merge pull request #1171 from alejandroortuno/network-sniffing [OSCD] MacOS Network Sniffing	2021-01-06 00:15:52 +03:00
yugoslavskiy	ebc6451b86	Merge pull request #1170 from alejandroortuno/startup-items [OSCD] MacOS Startup Items	2021-01-06 00:15:45 +03:00
yugoslavskiy	ad739f7f29	Merge pull request #1169 from remotephone/oscd_t1113 [OSCD] - T1113 - macOS Screencapture via builtin screencapture utility	2021-01-06 00:15:37 +03:00
yugoslavskiy	d50c081f3f	Merge pull request #1168 from remotephone/oscd_t1056_002 [OSCD] macOS - T1056.002 - GUI Input capture	2021-01-06 00:15:30 +03:00
yugoslavskiy	635ac44949	Merge pull request #1132 from remotephone/oscd_t1070_002 [OSCD] Adding t1070_002 - Clear mac system logs	2021-01-05 23:16:57 +03:00
yugoslavskiy	793d271d37	Merge pull request #1131 from oscd-initiative/oscd_sigma_art_macos_task_63 [OSCD] macOS hidden user creation	2021-01-05 23:16:36 +03:00
yugoslavskiy	a4101a6808	Merge pull request #1128 from alejandroortuno/local-group [OSCD] Local System Groups Discovery	2021-01-05 23:14:47 +03:00
yugoslavskiy	db66f8365e	Merge pull request #1127 from alejandroortuno/account-creation [OSCD] MacOS local account creation	2021-01-05 23:14:28 +03:00
yugoslavskiy	e492263a31	Merge pull request #1091 from alejandroortuno/sigma-local-account-rule [OSCD] Local System Accounts Discovery	2021-01-05 23:10:09 +03:00
yugoslavskiy	d9a0f6c41a	Merge pull request #1090 from alejandroortuno/sigma-cron-rule [OSCD] Scheduled Task/Job: Cron	2021-01-05 23:09:59 +03:00
yugoslavskiy	c8da05fa5d	Merge pull request #1086 from remotephone/oscd [OSCD] T1016 - linux/macOS firewall enumeration	2021-01-05 23:09:15 +03:00
yugoslavskiy	caf01c57bf	Merge pull request #1083 from omergunal/patch-8 [OSCD] T1082: System Information Discovery - Linux	2021-01-05 23:08:19 +03:00
yugoslavskiy	e002ffa404	Merge pull request #1079 from omergunal/patch-6 [OSCD] T1070.004: File Deletion - Linux	2021-01-05 23:06:12 +03:00
yugoslavskiy	1939b815d6	Merge pull request #1078 from omergunal/patch-5 [OSCD] T1070.002: Clear Linux or Mac System Logs - Linux	2021-01-05 23:06:02 +03:00
yugoslavskiy	75feffb016	Merge pull request #1082 from omergunal/patch-7 [OSCD] T1201: Password Policy Discovery - Linux	2021-01-05 23:02:06 +03:00
yugoslavskiy	3ef76437e4	Merge pull request #1055 from omergunal/patch-2 [OSCD] Scheduled Task/Job: At	2021-01-05 22:59:09 +03:00
yugoslavskiy	f65e7100ec	Merge pull request #1057 from omergunal/patch-4 [OSCD] T1057: Process Discovery	2021-01-05 22:58:35 +03:00

1 2 3 4 5 ...

442 Commits