security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,063 Commits 1 Branch 57 Tags
82fbfed2c2319acd4eefa9dba5d2694de546172a
Commit Graph

4063 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Florian Roth c2eb110fca fix: more exact patterns 2020-07-15 11:56:11 +02:00
Florian Roth ae7fbb9245 fix: false positive filters based on SOC Prime's rule 2020-07-15 11:49:20 +02:00
Florian Roth e5a34a965c Merge pull request #926 from Neo23x0/rule-devel 
rule: CVE-2020-1350
 2020-07-15 11:19:07 +02:00
Florian Roth 80639afd43 rule: CVE-2020-1350 2020-07-15 11:03:31 +02:00
Bhabesh Rai e0c1d84951 Added new Lateral Movement Attack ID 2020-07-14 22:32:29 +05:45
Florian Roth c7e412788a Merge pull request #924 from Neo23x0/devel 
Live MITRE ATT&CK data from TAXI service in Test Scripts
 2020-07-14 18:15:29 +02:00
Florian Roth 38c29977ff Merge pull request #925 from Neo23x0/rule-devel 
fix: issue reported as https://github.com/Neo23x0/sigma/issues/923
 2020-07-14 18:14:51 +02:00
Florian Roth 1928b3dc06 Merge pull request #920 from qwerty1q2w/feature 
Added AppLocker log source and new rule
 2020-07-14 18:03:17 +02:00
Florian Roth 741d42ce88 fix: issue reported as https://github.com/Neo23x0/sigma/issues/923 2020-07-14 17:59:59 +02:00
Florian Roth 71e66ea9ba refactor: tests use live data from MITRE's TAXI service 2020-07-14 17:54:02 +02:00
Florian Roth 58b68758b4 fix: wrong MITRE ATT&CK ids used in the beta version 2020-07-14 17:53:32 +02:00
Florian Roth 43fb39a0b4 Merge pull request #922 from Neo23x0/devel 
refactor: ignore sub techniques as long as we do not have a complete …
 2020-07-14 12:50:35 +02:00
Florian Roth cf25b9c509 feat: filename test 2020-07-14 12:33:16 +02:00
Florian Roth 495376df77 refactor: references test without warnings for missing refs 2020-07-14 12:33:02 +02:00
Florian Roth bae979f5c7 refactor: ignore sub techniques as long as we do not have a complete list 2020-07-14 11:56:28 +02:00
Bhabesh Rai 6fb045aa4b Conforming to Rule Creation Guide. 2020-07-14 14:20:07 +05:45
Bhabesh Rai 66ad325fde Added support for Defender's PSExec and WMI ASR rules. 2020-07-14 14:01:43 +05:45
Florian Roth 44381610ea Merge pull request #918 from Neo23x0/devel 
References Test
 2020-07-14 09:28:44 +02:00
Florian Roth 781667ef22 fix: zeek rule references isn't a list 2020-07-14 00:33:47 +02:00
Ryan Plas 9eb5d8da4d Add logsource attribute rule test 2020-07-13 17:02:28 -04:00
Ryan Plas 04fd598bcf Update additional rules to have correct logsource attributes 2020-07-13 17:02:17 -04:00
Pushkarev Dmitry efe720d44e Added new rule. AppLocker 2020-07-13 20:51:48 +00:00
Pushkarev Dmitry 6c999df3b7 Added AppLocker log source 2020-07-13 20:48:06 +00:00
Pushkarev Dmitry 8e3f973e69 Added AppLocker log source 2020-07-13 20:46:49 +00:00
Pushkarev Dmitry bdfb646228 Added AppLocker log source 2020-07-13 20:45:30 +00:00
Pushkarev Dmitry 364af53902 Added AppLocker log source 2020-07-13 20:44:03 +00:00
Pushkarev Dmitry 326cf05a74 Added AppLocker log source 2020-07-13 20:41:54 +00:00
Pushkarev Dmitry 46a6183745 Added AppLocker log source 2020-07-13 20:32:03 +00:00
Pushkarev Dmitry a58e037509 Added AppLocker log source 2020-07-13 20:30:02 +00:00
Pushkarev Dmitry 7fb2e2b845 Added AppLocker log source 2020-07-13 20:29:13 +00:00
Pushkarev Dmitry e376948258 Added AppLocker log source 2020-07-13 20:27:52 +00:00
Pushkarev Dmitry 0d925896b9 Added AppLocker log source 2020-07-13 20:23:42 +00:00
Pushkarev Dmitry c30a256030 Added AppLocker log source 2020-07-13 20:21:46 +00:00
Pushkarev Dmitry 1da229e3a9 Added AppLocker log source 2020-07-13 20:20:28 +00:00
Pushkarev Dmitry 3a19e3cf23 Added AppLocker log source 2020-07-13 20:18:01 +00:00
Bart 308420bf7f Update sysmon_dllhost_net_connections.yml 
Fix @
 2020-07-13 21:20:55 +02:00
Bart 007f62ba01 Add Dllhost WAN access 2020-07-13 21:12:37 +02:00
Florian Roth b3e15eea68 fix: nested check 2020-07-13 18:49:00 +02:00
Florian Roth 91c0bea570 fix: typo and reordered 2020-07-13 18:22:47 +02:00
Florian Roth 758f5039b5 fix: no error on rules without references 2020-07-13 18:16:32 +02:00
Florian Roth 8d91659c2a fix: typo in field value 2020-07-13 18:08:00 +02:00
Florian Roth 4c610ec693 feat: test references is list 2020-07-13 18:07:19 +02:00
Florian Roth f12cb7309b fix: references is not a list 2020-07-13 17:37:03 +02:00
Florian Roth 437a567e4f Merge pull request #917 from Neo23x0/rule-devel 
New Empire Rules and Updates
 2020-07-13 16:37:59 +02:00
Florian Roth 1c63a93643 fix: wrong casing in tag 2020-07-13 16:20:51 +02:00
Florian Roth 87ce5e5745 fix: missing MITRE ATT&CK IDs in test 2020-07-13 16:02:22 +02:00
Florian Roth 1b75a3a96b Merge pull request #916 from viniciusvec/patch-2 
Update lnx_shell_clear_cmd_history.yml
 2020-07-13 15:54:11 +02:00
Florian Roth 557e8b0faf rule: improved Empire detection 2020-07-13 15:47:53 +02:00
viniciusvec 26f0d49772 Update lnx_shell_clear_cmd_history.yml 
Renamed tags to match production MITRE: https://attack.mitre.org/techniques/T1070/003/
 2020-07-13 14:06:14 +01:00
Florian Roth 7e8aa7b12b Merge pull request #915 from Neo23x0/rule-devel 
rule: regsvr32 flags anomaly
 2020-07-13 12:16:05 +02:00