security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,036 Commits 1 Branch 57 Tags
77cd0bf6c0a250877244f7a07e1ad2edc19fa196
Commit Graph

244 Commits

Author SHA1 Message Date
Nasreddine Bencherchali 2883c2e714 fix: test errors 2023-03-07 14:23:44 +01:00
Nasreddine Bencherchali 05adb156e7 feat: update test 2023-03-07 14:14:21 +01:00
phantinuss 2530cd72de chore: update submodule cti 2023-02-21 16:38:33 +01:00
Nasreddine Bencherchali f0afc4cce6 fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-02-20 12:06:37 +01:00
Nasreddine Bencherchali 6a0b38291f fix: fp found in baseline 2023-02-17 23:16:42 +01:00
Moti-H ff4242dadd feat: add new application vulnerability rules (#4034) 2023-02-15 12:29:53 +01:00
Nasreddine Bencherchali 82d0b9e10c fix: add missing modified and improve test 2023-02-10 00:56:07 +01:00
Thomas Patzke ef9d4f702d Merge pull request #3878 from DCSO/rule_test_add_re_escape_tests 
Test: Check 're' rules against unwanted/unneeded escapes
 2023-02-04 08:59:16 +01:00
Nasreddine Bencherchali f2643c6043 Merge pull request #3940 from mbabinski/master 
feat: add external remote service logon from public IP rule.
 2023-01-31 11:04:50 +01:00
Nasreddine Bencherchali 2817c6085c feat: add cidr modifier to the test 2023-01-31 10:58:29 +01:00
Nasreddine Bencherchali 6de8009c88 fix: update metadata and prefix test 2023-01-30 10:23:13 +01:00
frack113 2bd14e4953 Small update 
- Change service to audit
- Add operation
 2023-01-22 08:55:24 +01:00
Nasreddine Bencherchali 5416935cec feat: update logsource with new service 2023-01-21 11:33:48 +01:00
Nasreddine Bencherchali 1c340493c6 fix: broken logsource 2023-01-17 01:13:50 +01:00
Nasreddine Bencherchali e5fe4d5f46 feat: update config files 
- Update indentation of config files to 4
- Add new event logs
 2023-01-17 01:00:24 +01:00
frack113 2b0b680775 Merge pull request #3925 from frack113/lsa-server 
Microsoft-Windows-LSA
 2023-01-13 18:24:43 +01:00
Nasreddine Bencherchali c7f1f52b7b fix: apply suggestions from code review 2023-01-13 18:19:32 +01:00
frack113 deeac89f36 Add lsa-server 2023-01-13 17:56:02 +01:00
frack113 2be462d2cf Add UserName for taskscheduler 2023-01-13 13:13:53 +01:00
Nasreddine Bencherchali 8b38e3ac2c fix: assertion logic 2023-01-12 12:36:33 +01:00
Nasreddine Bencherchali dca48fc125 fix: assert function in test 2023-01-12 12:29:38 +01:00
Nasreddine Bencherchali 30c658e2a4 fix: broken logic in test 
- Fix ` test_duplicate_detections` test
- Add new test `test_broken_thor_logsource_config` to test for broken Windows eventlog sources
 2023-01-12 12:21:58 +01:00
Nasreddine Bencherchali debd658aac feat: new rules related to appx packages 2023-01-11 23:04:37 +01:00
frack113 fbae1f3055 Merge pull request #3889 from frack113/iso_evtx 
Add win_vhdmp_mount_iso.yml
 2023-01-11 18:05:50 +01:00
frack113 5cff2d2b3f Update logsource.json 2023-01-10 21:53:35 +01:00
frack113 9b550f6858 Add win_vhdmp_mount_iso 2023-01-09 10:19:41 +01:00
frack113 d6059d801b Filename normalisation 2023-01-07 08:52:11 +01:00
Hendrik Baecker 874032c2bf Test: Check 're' rules against unwanted/unneeded escapes 2023-01-06 16:25:27 +01:00
frack113 0c4d6f1d71 Merge pull request #3870 from frack113/check_logsource 
update logsource
 2023-01-04 19:52:41 +01:00
frack113 ed1a91b53f remove duplicate value 2023-01-04 19:42:16 +01:00
frack113 7d5fb8db30 update logsource 2023-01-04 19:36:37 +01:00
Nasreddine Bencherchali be4d99d6dd Merge pull request #3868 from nasbench/nasbench-rule-devel 
feat: updates and enhancements
 2023-01-04 19:29:12 +01:00
frack113 756a248032 update logsource 2023-01-04 18:52:24 +01:00
Nasreddine Bencherchali 46f01f2f88 fix: typo in unknown 2023-01-04 18:46:34 +01:00
Hendrik Baecker 9985905f54 rule_tests: Rule directory relative to test_* file 2023-01-04 16:25:07 +01:00
Hendrik Baecker c998945b34 test-rules: use cti directory relative to test file 
This little change will use 'cti/' relative to the executing
test_*.py file and doesn't care if the testfile is executed
from sigma/ or sigma/tests/.
 2023-01-04 16:02:57 +01:00
Hendrik Baecker 3da07164ce test-rules: Execute get_mitre_data() as part of unittest 
Catching the data as part of the unittest class is more
IDE friendly cause they won't call __main__ but using the
test methods directly.
 2023-01-04 15:58:35 +01:00
Nasreddine Bencherchali 3bd12552bb feat: add bitlocker channel 2023-01-02 22:19:32 +01:00
Nasreddine Bencherchali 15798527e2 fix: typo in message 2023-01-02 21:33:15 +01:00
frack113 c62d624892 Use W3C cs-uri-query 2023-01-02 18:56:34 +01:00
frack113 41c850e00b Use W3C cs-uri-query 2023-01-02 18:45:50 +01:00
frack113 a1a94a0b66 Update W3C field name 2023-01-02 16:39:55 +01:00
frack113 8720356684 Update field name 2023-01-02 15:49:45 +01:00
frack113 014684ddcd add win_dns_analytic_ prefix 2023-01-02 12:16:09 +01:00
frack113 b13a74adc9 Update from review 2023-01-02 12:05:54 +01:00
frack113 0e8d1f9b0d Check field name 2023-01-02 10:59:51 +01:00
frack113 27f3ba9257 Add linux auditd 2023-01-01 13:18:51 +01:00
frack113 6d0b86aae3 Keep only sysmon linux used 2022-12-31 19:14:40 +01:00
frack113 c2ce5d01fc Add sysmon linux v1.0.2 2022-12-31 18:08:11 +01:00
frack113 481ae23c3e Make it more generic 2022-12-30 18:17:31 +01:00