security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,063 Commits 1 Branch 57 Tags
82fbfed2c2319acd4eefa9dba5d2694de546172a
Commit Graph

2645 Commits

Author SHA1 Message Date
Thomas Patzke dd8442590f Fixed proxy rule field names 2019-12-07 00:11:33 +01:00
Florian Roth e1244acf49 rule: fixed and extended bitsadmin rule 2019-12-06 13:39:04 +01:00
Florian Roth c1647ca4b7 Merge branch 'master' into devel 2019-12-06 13:38:29 +01:00
Kevin Dienst 865251238f Add hastebin raw URI to contains selection 2019-12-05 14:16:20 -06:00
Florian Roth ab2dd094a5 fix: fixed broken link in elise rule 2019-12-05 09:56:20 +01:00
Florian Roth 8e107f43a2 rule: raw paste service access 2019-12-05 08:54:49 +01:00
Thomas Patzke ad7d5d2a39 Added WMI login rule 2019-12-04 11:13:04 +01:00
Thomas Patzke e8c1c97f3e Added rule for failed code integrity checks 2019-12-03 15:08:26 +01:00
Thomas Patzke c47af5169c Increased SID history rule severity 2019-12-03 14:28:46 +01:00
Thomas Patzke 76578927e8 Added domain trust rule 2019-12-03 14:28:20 +01:00
Florian Roth c8e29da7ec fix: simplified rule with RE 2019-12-03 11:24:06 +01:00
Florian Roth fc09533f56 style: fixed title 2019-12-03 11:24:06 +01:00
yugoslavskiy edad1695f6 Merge branch 'oscd' of https://github.com/mrblacyk/sigma into mrblacyk-oscd 2019-12-02 02:56:53 +01:00
yugoslavskiy 48a94d1609 Update lnx_dd_delete_file.yml 2019-12-02 02:54:48 +01:00
yugoslavskiy ca1c2f4436 Update lnx_chattr_immutable_removal.yml 2019-12-02 02:54:32 +01:00
yugoslavskiy 9e90335a5a Update lnx_pers_systemd_reload.yml 2019-12-02 02:54:13 +01:00
yugoslavskiy 46ca68436e Update lnx_file_or_folder_permissions.yml 2019-12-02 02:53:35 +01:00
yugoslavskiy 1273a10dcb add win_new_service_creation.yml 2019-12-02 01:19:54 +01:00
yugoslavskiy 9fba097421 add sysmon_in_memory_powershell.yml by Tom Kern 2019-12-01 23:26:00 +01:00
booberry46 df162b232f Update win_malware_emotet.yml 2019-11-30 13:17:44 +08:00
mrblacyk 9d0889def4 Adding auditd compatibility 2019-11-29 09:34:08 +01:00
mrblacyk cafbb25d2e Update lnx_file_or_folder_permissions.yml 2019-11-29 09:33:04 +01:00
mrblacyk bf5e6cc56b Adding auditd compatibility 2019-11-29 09:32:05 +01:00
mrblacyk a15c84eb80 Adding auditd compatibility 2019-11-29 09:27:31 +01:00
Yugoslavskiy Daniil 71e588cae1 add apt silence rules by Group-IB 2019-11-28 21:15:55 +01:00
yugoslavskiy d5722979ea add rules by Daniel Bohannon 2019-11-27 00:02:45 +01:00
yugoslavskiy 41a09cde34 updated filenames 2019-11-26 23:31:18 +01:00
webhead404 21ef152e3a Update win_external_device.yml 2019-11-20 16:19:45 -06:00
webhead404 2bfd4ea654 Added MITRE tags 2019-11-20 16:18:03 -06:00
webhead404 5c5d28acdc Create win_external_device 2019-11-20 16:07:29 -06:00
Florian Roth 39293d5f2b rule: another reference for CVE-2019-1388 rule 2019-11-20 15:09:30 +01:00
Florian Roth f9e6a929ba rule: made it more specific - command line must contain URL 2019-11-20 09:23:04 +01:00
Florian Roth 55e66b1843 rule: added status 2019-11-20 09:21:42 +01:00
Florian Roth 4022e3251b rule: changed title 2019-11-20 09:16:00 +01:00
Florian Roth 158f6b3065 rule: exploitation of CVE-2019-1388 2019-11-20 09:12:02 +01:00
Florian Roth 98aa4d4ecb fix: fixed typo in rule for renamed procdump 2019-11-19 15:59:07 +01:00
yugoslavskiy 1b591ee598 add JET CSIRT team sysmon_process_reimaging.yml with unsupported logic 2019-11-19 02:17:07 +01:00
yugoslavskiy 2a33e6fed9 unify location of rules with unsupported logic 2019-11-19 02:12:22 +01:00
yugoslavskiy efc404fbae resolve conflicts with rule IDs; restored and deprecated sysmon_mimikatz_detection_lsass.yml 2019-11-19 02:11:19 +01:00
Florian Roth 2c855be9d3 fix: casing fix in renamed procdump rule 2019-11-18 15:57:14 +01:00
Florian Roth fdc32889a7 rule: PulseSecure CVE-2019-11510 attack 2019-11-18 15:33:58 +01:00
Florian Roth 93f890b31d rule: renamed procdump 2019-11-18 15:27:04 +01:00
Florian Roth da05c9bb82 fix: line break in description 2019-11-18 15:26:55 +01:00
Florian Roth 2c54d1afe4 rule: removed Zebrocy rule because it doesn't work that way 
reason: command line gets split up at the '&' character, which results in two command lines
 2019-11-18 11:42:38 +01:00
Austin Clark ad1a6a2bd3 Update cisco_cli_net_sniff.yml 2019-11-15 19:32:53 +01:00
Austin Clark 441a302623 Update cisco_cli_moving_data.yml 2019-11-15 19:31:41 +01:00
Austin Clark 93a40b3b97 Update cisco_cli_modify_config.yml 2019-11-15 19:31:07 +01:00
Austin Clark 9cd6670501 Update cisco_cli_local_accounts.yml 2019-11-15 19:30:33 +01:00
Austin Clark ed85f1e612 Update cisco_cli_input_capture.yml 2019-11-15 19:11:03 +01:00
Austin Clark d8e0cfb64c Update cisco_cli_file_deletion.yml 2019-11-15 19:10:19 +01:00