security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
12,584 Commits 1 Branch 57 Tags
80098113d06750ddb9ab275d7df1049f88d4ea7c
Commit Graph

151 Commits

Author SHA1 Message Date
Tobias Michalski 0b93aea4d0 chore: Offline Tests 2022-08-12 14:19:08 +02:00
phantinuss 32169dbc33 chore: harmonization of generic 'nt system' user checks 
also a simple (non-commprehensive) test case to find
usages of localized user names
 2022-05-27 15:16:31 +02:00
Paul Hager 9b80dd990a added 'similar' related type 2022-05-24 09:51:48 +02:00
phantinuss 6f92a11c02 chore: test rules: check for all modifier with single item 2022-05-11 11:06:09 +02:00
phantinuss 112b715dd6 chore: test rules: reactivate single value list check 2022-05-10 17:13:04 +02:00
phantinuss 0b72aff084 chore: test rules: check title has no . in the end 2022-05-10 11:25:09 +02:00
phantinuss b4fdb13e8a chore: test rules: check for unused selections 2022-05-10 11:07:40 +02:00
phantinuss 654e9e9b9c fix: typo 2022-05-09 16:13:53 +02:00
phantinuss f6e893dde5 chore: test rules: check that title is given in the first line 2022-05-09 16:13:50 +02:00
phantinuss 3b556c728a fix: DeprecationWarning: invalid escape sequence '\.' 2022-05-09 16:08:00 +02:00
phantinuss ef3bc33288 fix: remove unneeded file read 2022-05-09 16:08:00 +02:00
phantinuss b991a5be52 chore: test rules: warn on errors or invalid FP reasons 
also adapted the existing rules to pass the tests
 2022-05-09 16:07:55 +02:00
phantinuss dbd68bf3f0 chore: test rules: capitalization on FP list entries 
Entires to the false positive list should begin with
a capital letter. e.g. Unkown instead of unkown.

Fixed the existing rules accordingly
 2022-05-09 16:07:44 +02:00
phantinuss 02fb704d9f chore: remove trailing whitespace 2022-05-09 10:23:38 +02:00
phantinuss b18184a58f workflow: add baseline chack for Windows 2022 domain controller 2022-04-21 10:48:59 +02:00
phantinuss ca0ed7aea6 chore: update local evtx check times after evtx-sigma-checker performance improvements 2022-04-21 10:48:59 +02:00
phantinuss 275bcaa923 local evtx baseline check using concurrency 2022-04-21 10:48:58 +02:00
phantinuss 21b28e4119 local evtx baseline check using concurrency 2022-04-07 14:15:44 +02:00
phantinuss 25de8a926c workflow: new baseline check against Windows 2022 2022-04-07 14:15:44 +02:00
phantinuss d323753abd workflow: new baseline check against Windows 7 32-bit 2022-04-06 17:06:54 +02:00
phantinuss b0c1c3e726 workflow: new baseline check against Windows 11 2022-04-06 16:09:51 +02:00
phantinuss e7edae7a9a tests: add 1st commandline argument for rules directory selection 2022-03-04 14:07:29 +01:00
phantinuss c69ae6e291 new test: bash script for local baseline check 
only supports Linux and MacOS
 2022-02-23 16:09:14 +01:00
Florian Roth 49502f3796 fix: wrong number of placeholders 2022-01-19 15:24:24 +01:00
Florian Roth 2a118e900a refactor: added requirement, debug output for MITRE ATTCK eval 2022-01-19 15:21:50 +01:00
phantinuss b6d4e39538 feat: check for the existence of a description field 
it is not mandatory in the sigma standard but
mandatory for this repository
 2022-01-12 12:55:49 +01:00
phantinuss 07a0a37273 feat: discourage the usage of 'all of them' and migrate existing rules to use the preferred method 'all of selection*' 2021-12-02 14:47:39 +01:00
frack113 c49b0d49fa Add deprecated status 2021-10-28 20:08:27 +02:00
frack113 c0a3f7afdd Remove my print debug 2021-10-26 12:25:26 +02:00
frack113 ba4bb061c7 Fix test_duplicate_detections for logsource 2021-10-26 12:22:18 +02:00
frack113 162d869e2b Add cve tags 2021-10-25 18:14:03 +02:00
phantinuss 55f942b526 fix: change error message 2021-10-14 08:53:50 +02:00
phantinuss 9ddabe18ed feat: testing for space in field names 2021-10-13 14:21:23 +02:00
frack113 759a715198 Add logsource to duplicate logic test 2021-10-04 20:34:45 +02:00
frack113 bcf40fa4e4 Fix logsource not a string 2021-09-27 18:59:05 +02:00
frack113 c59b0eb543 Merge pull request #2063 from frack113/last_global 
Split Last Global Rules
 2021-09-23 13:54:57 +02:00
frack113 595e4b9d6d add duplicate name file check 2021-09-23 06:50:18 +02:00
frack113 5989127035 optimization of name detection 2021-09-22 19:02:44 +02:00
frack113 edb19013d5 fix test_file_names 2021-09-22 16:11:29 +02:00
frack113 e16e9e8ea7 fix timeframe compare error 2021-09-21 22:54:45 +02:00
frack113 29490f350d fix NoneType object has no attribute get 2021-09-12 20:13:58 +02:00
frack113 e6d4cb15bd fix NoneType error 2021-09-12 20:04:58 +02:00
frack113 97cd368064 update test_rules.py 2021-09-10 13:33:16 +02:00
phantinuss abf40ecfbc fix: typo in URL 2021-08-31 12:50:11 +02:00
frack113 3eb3377a7b check valid date order 2021-08-26 06:51:37 +02:00
frack113 a4021842de Fix invalid tags 2021-08-25 09:15:57 +02:00
frack113 5b869a3f42 Update cve tags 2021-08-24 10:50:01 +02:00
frack113 c2302a15da fix cve tags 2021-08-24 10:10:45 +02:00
Austin Songer e039f91272 Spelling 2021-08-18 19:00:57 +00:00
frack113 76d956e110 update test_missing_id 2021-08-16 18:12:17 +02:00