security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7,254 Commits 1 Branch 57 Tags
7abceb07cedf9d79ef35f2ea97ea9d437a2c7c39
Commit Graph

5318 Commits

Author SHA1 Message Date
Austin Songer 7abceb07ce Create azure_vault_key_modified_or_deleted.yml 2021-08-16 23:50:56 -05:00
frack113 63733a623e Merge pull request #1861 from austinsonger/aws_eks_cluster_modified_or_deleted.yml 
aws_eks_cluster_created_or_deleted.yml
 2021-08-17 06:25:18 +02:00
frack113 2521ae2ed1 Merge pull request #1859 from austinsonger/gcp_vpn_tunnel_modified_or_deleted.yml 
gcp_vpn_tunnel_modified_or_deleted.yml
 2021-08-17 06:24:49 +02:00
frack113 accb675ed5 fix error space 2021-08-16 20:36:55 +02:00
Austin Songer 80062ff5cd Update aws_eks_cluster_created_or_deleted.yml 2021-08-16 12:42:14 -05:00
Austin Songer cfb863a98e Update aws_eks_cluster_created_or_deleted.yml 2021-08-16 11:52:22 -05:00
frack113 dfd9e6d8f0 Merge pull request #1857 from frack113/fix_HostApplication 
Update definition for powershell-classic rule
 2021-08-16 17:18:24 +02:00
frack113 eb406ba36f Merge pull request #1844 from frack113/cleanup 
Add more compliance test
 2021-08-16 17:17:25 +02:00
Austin Songer ed507b82f4 Update and rename aws_eks_cluster_modified_or_deleted.yml to aws_eks_cluster_created_or_deleted.yml 2021-08-16 09:58:48 -05:00
Austin Songer c7831a3d70 Update gcp_vpn_tunnel_modified_or_deleted.yml 2021-08-16 09:45:31 -05:00
Florian Roth 669308a37a Merge pull request #1855 from frack113/coti_sqlcmd 
Rule to detect Coti sqlcmd
 2021-08-16 14:27:24 +02:00
Florian Roth 141ca03c9b Merge pull request #1853 from secDre4mer/contileak 
feat: Add some rules to detect Conti behaviour
 2021-08-16 14:18:43 +02:00
frack113 911579023c fix powershell_alternate_powershell_hosts.yml 2021-08-16 13:30:45 +02:00
frack113 2dbf9af27d add definition to powershell-classic 2021-08-16 12:56:24 +02:00
frack113 fda11e3608 fix very bad cut and paste 2021-08-16 11:22:50 +02:00
frack113 a861f55e5c fix title 2021-08-16 11:15:32 +02:00
frack113 a70607bce7 add process_creation_coti_sqlcmd.yml 2021-08-16 11:08:19 +02:00
Florian Roth f8bedfa759 docs: added link to leak file on VT 2021-08-16 10:12:35 +02:00
frack113 dc9bb22a00 fix duplicate id 2021-08-16 09:29:22 +02:00
Max Altgelt 78e2c0da92 fix: Clean up duplicated ID 2021-08-16 09:26:45 +02:00
frack113 fb80b35141 fix condition 2021-08-16 09:21:38 +02:00
frack113 5b09dff1fb cleanup win_malware_conti_shadowcopy.yml 2021-08-16 09:21:04 +02:00
frack113 ed424c55c8 fix selection 2021-08-16 09:20:25 +02:00
frack113 26d632bf05 fix condition 2021-08-16 09:19:46 +02:00
frack113 e8723e892a clean-up powershell_invoke_nightmare.yml 2021-08-16 09:19:10 +02:00
frack113 f69868b5aa Merge pull request #1834 from secDre4mer/master 
Correct incorrect message / keyword usage
 2021-08-16 09:16:33 +02:00
Max Altgelt 5b60e0ea5a feat: Add some rules to detect Conti behaviour 
Add rules based on the leaks from the Conti group to detect
malicious behaviour.
 2021-08-16 09:13:51 +02:00
Max Altgelt d2a35edae9 fix: Remove powershell_alternate_hosts from PR 
Remove a rule using Host Application (which may or may not exist,
based on the log parser) from the PR. A future PR will clean up
rules using Host Application.
 2021-08-16 08:42:17 +02:00
frack113 c57ded1ecd Merge pull request #1852 from austinsonger/gcp_dns_zone_modified_or_deleted.yml 
gcp_dns_zone_modified_or_deleted.yml
 2021-08-16 07:37:28 +02:00
frack113 d710818eb2 Merge pull request #1851 from austinsonger/gcp_dlp_re-identifies_sensitive_information.yml 
gcp_dlp_re-identifies_sensitive_information.yml
 2021-08-16 07:37:02 +02:00
frack113 0973c51ef5 Merge pull request #1850 from austinsonger/aws_efs_fileshare_modified_or_deleted.yml 
aws_efs_fileshare_modified_or_deleted.yml
 2021-08-16 07:36:43 +02:00
frack113 37b8040e76 cleanup gcp_dlp_re-identifies_sensitive_information 
Remove list with only 1 value
 2021-08-16 06:28:40 +02:00
Austin Songer ae12f1f328 Update gcp_dlp_re-identifies_sensitive_information.yml 2021-08-15 22:57:54 -05:00
Austin Songer 2524adc6ca Update aws_efs_fileshare_mount_modified_or_deleted.yml 2021-08-15 22:54:11 -05:00
Austin Songer fb117d5714 Update aws_efs_fileshare_mount_modified_or_deleted.yml 2021-08-15 22:52:53 -05:00
Austin Songer 5a22d07392 Update aws_efs_fileshare_modified_or_deleted.yml 2021-08-15 22:52:41 -05:00
Austin Songer ebf2b7a313 Update aws_efs_fileshare_modified_or_deleted.yml 2021-08-15 22:49:01 -05:00
Austin Songer 85dc62070b Update gcp_dlp_re-identifies_sensitive_information.yml 2021-08-15 16:02:12 -05:00
Austin Songer 219be99847 Update gcp_dns_zone_modified_or_deleted.yml 2021-08-15 16:02:04 -05:00
Austin Songer e4314aa4b8 Update gcp_dns_zone_modified_or_deleted.yml 2021-08-15 16:01:10 -05:00
Austin Songer 3c770c6e4d Update gcp_dlp_re-identifies_sensitive_information.yml 2021-08-15 15:55:46 -05:00
Austin Songer a37ec60f76 Update gcp_dlp_re-identifies_sensitive_information.yml 2021-08-15 15:44:20 -05:00
Austin Songer dae3d3b446 Update gcp_dlp_re-identifies_sensitive_information.yml 2021-08-15 15:42:15 -05:00
Austin Songer 28f6cbe2b8 Update aws_efs_fileshare_modified_or_deleted.yml 2021-08-15 15:37:07 -05:00
Austin Songer b5766f8804 Update aws_efs_fileshare_modified_or_deleted.yml 2021-08-15 15:36:34 -05:00
Austin Songer db7d2958d3 Update aws_efs_fileshare_mount_modified_or_deleted.yml 2021-08-15 15:04:24 -05:00
Austin Songer 3d332b8171 Create gcp_vpn_tunnel_modified_or_deleted.yml 2021-08-15 14:37:08 -05:00
Austin Songer cfb6f4e4fb Create aws_eks_cluster_modified_or_deleted.yml 2021-08-15 14:33:44 -05:00
Austin Songer d6bbdf2750 Delete aws_eks_cluster_modified_or_deleted.yml 2021-08-15 14:33:35 -05:00
Austin Songer 532f912991 Create aws_eks_cluster_modified_or_deleted.yml 2021-08-15 14:33:28 -05:00