security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,853 Commits 1 Branch 57 Tags
7ae76b8d9906d3c33ed7a2c6bd276777560fa2d2
Commit Graph

3853 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
e6e6e 7ae76b8d99 Revert "att&ck tags review: windows/process_creation part 5" 
This reverts commit e94c47e74e.
 2020-09-07 01:28:08 +04:00
e6e6e e94c47e74e att&ck tags review: windows/process_creation part 5 
added missing ATT&CK v6.3 IDs with comments and removed unnecessary "modified" attributes
 2020-09-07 01:19:41 +04:00
Alexey Lednyov 7834fdd750 att&ck tags review: windows/registry_event 2020-09-06 22:10:44 +03:00
grikos 961e4eef4c att&ck tags review: windows/process_creation part 6 2020-09-05 20:35:21 +03:00
aw350m3 bd5026f6b9 fixed typos in tags 2020-09-03 14:29:05 +00:00
aw350m3 198e42d724 deleted extra spaces 2020-09-03 14:22:31 +00:00
aw350m3 b00047a4e8 att&ck tags review: application, apt, cloud, generic, proxy 2020-09-03 14:16:54 +00:00
Alexey Lednyov cf011e4a00 Removed duplicate key 'modified' 2020-09-03 17:12:37 +03:00
Alexey Lednyov 1eb675f693 att&ck tags review: web, network/zeek 2020-09-03 17:06:37 +03:00
Yugoslavskiy Daniil 71fec94417 review network/cisco/aaa 2020-09-03 00:34:41 +02:00
Yugoslavskiy Daniil 11e0f794d9 review windows/process_creation part 4 2020-09-02 02:34:34 +02:00
aw350m3 7c6c5263ab fix duplication of key modified in win_malware_emotet.yml 2020-09-01 17:09:54 +00:00
aw350m3 8ed3eb1494 att&ck tags review: windows/process_creation part 3 2020-09-01 17:02:59 +00:00
grikos 65d201b1e4 att&ck tags review: windows/process_creation part 7 2020-08-30 19:17:38 +03:00
Yugoslavskiy Daniil e04b896cbc fix tags 2020-08-29 21:34:20 +02:00
grikos a95c4347d9 fixed typo in tag 2020-08-29 20:19:46 +03:00
grikos 6092bfcec1 att&ck tags review: windows/process_creation part 9 2020-08-29 19:22:09 +03:00
grikos 6eadfccc68 Merge branch 'master' of https://github.com/oscd-initiative/sigma 2020-08-29 12:30:45 +03:00
aw350m3 ae99a2b207 Removed extra space that broke tests 2020-08-29 04:46:12 +00:00
aw350m3 4ed3db8d23 Merge branch 'master' of github.com:oscd-initiative/sigma 2020-08-29 04:39:45 +00:00
aw350m3 da766a245f att&ck tags review: windows/process_creation part 2 2020-08-29 04:39:30 +00:00
Yugoslavskiy Daniil cd12ab8a77 Merge branch 'master' of https://github.com/oscd-initiative/sigma 2020-08-29 02:03:39 +02:00
Yugoslavskiy Daniil 5b70cfd3f7 review windows/sysmon 2020-08-29 02:03:28 +02:00
yugoslavskiy 21a8667720 Merge pull request #1 from zinint/master 
Linux rules reviewed
 2020-08-29 01:55:24 +02:00
yugoslavskiy a3ec8729c6 Merge pull request #2 from grikos/attack_tags_review_process_creation_8 
attack_tags_review_process_creation_8
 2020-08-29 01:55:09 +02:00
grikos 3783b34832 Merge branch 'master' of https://github.com/grikos/sigma 2020-08-28 17:17:11 +03:00
grikos 293662810e att&ck tags review: windows/process_creation part 8 2020-08-28 17:14:26 +03:00
Alexey Lednyov 880b10cce1 att&ck tags review: windows/process_creation part 1, network 2020-08-27 20:43:47 +03:00
aw350m3 eb6b9be5a2 added missing ATT&CK v6.3 IDs with comments and removed unnecessary "modified" attributes 2020-08-25 23:51:22 +00:00
grikos ac0e42d0e2 Merge pull request #2 from aw350m33d/master 
sync master
 2020-08-25 23:07:48 +03:00
Timur Zinniatullin 8dba6ceee6 2nd review 2020-08-25 09:31:38 +03:00
Timur Zinniatullin 1244cacfbf Update lnx_auditd_create_account.yml 2020-08-25 09:20:27 +03:00
aw350m3 c28fce6273 fix duplication of key "modified" in mapping 2020-08-25 00:53:09 +00:00
aw350m3 c22273d162 fix duplication of key modified in mapping 2020-08-25 00:50:38 +00:00
aw350m3 5af0f1392d att&ck tags review: windows/powershell, windows/process_access, windows/network_connection 2020-08-24 23:31:35 +00:00
aw350m3 399f378269 att&ck tags review: windows/powershell, windows/process_access, windows/network_connection 2020-08-24 23:31:26 +00:00
Yugoslavskiy Daniil 5026438524 fix modified field 2020-08-25 01:29:57 +02:00
aw350m3 1999fb609e Merge branch 'master' of github.com:oscd-initiative/sigma 2020-08-24 23:14:13 +00:00
Yugoslavskiy Daniil f274f39b54 Merge branch 'master' of https://github.com/oscd-initiative/sigma 2020-08-25 01:09:24 +02:00
Yugoslavskiy Daniil 42c4079ed8 att&ck tags review: windows/builtin, windows/driver_load, windows/file_event, windows/image_load, windows/other 2020-08-25 01:09:17 +02:00
Florian Roth 5a9ed1da15 Merge pull request #988 from defensivedepth/master 
Zeek RDP rule
 2020-08-24 12:39:49 +02:00
aw350m3 ba2e891433 windows/powershell folder reviewed. Old ID’s marked with comment “an old one”. These ID’s have to be removed in future. 2020-08-24 00:01:50 +00:00
aw350m3 08170bbcca fix tags for suspicious outbound kerberos activity rule 2020-08-23 21:10:29 +00:00
Josh Brower 4c4b8db7cf Zeek RDP rule 2020-08-23 13:16:42 -04:00
aw350m3 4cdd8be354 Old ID’s marked with comment “an old one”. These ID’s have to be removed in future. 2020-08-23 02:20:58 +00:00
aw350m3 3aa1ad68fb windows/process_access folder reviewed. Old ID’s marked with comment “an old one”. These ID’s have to be removed in future. 2020-08-23 02:03:06 +00:00
aw350m3 80deaf84ca windows/network_connection folder reviewed 2020-08-22 23:36:30 +00:00
Florian Roth 437a807a1d Merge pull request #985 from architect00/master 
added troubleshooting links to root README.md
 2020-08-20 14:56:27 +02:00
David Straßegger 1e8a5b64d9 added troubleshooting links to root README.md 2020-08-20 14:02:26 +02:00
Florian Roth 79adaceffa Merge pull request #979 from barvhaim/patch-3 
Update win_susp_rasdial_activity.yml to use `contains` instead of `equal`
 2020-08-18 15:08:15 +02:00