security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,863 Commits 1 Branch 57 Tags
871f41df73e68fc6b16403b3f8a53bbc8b2cd8eb
Commit Graph

34 Commits

Author SHA1 Message Date
cyb3rjy0t 229b70f68a Merge PR #4401 from @cyb3rjy0t - Add New O365 Related Rules 
new: Disabling Multi Factor Authenication
new: New Federated Domain Added
update: New Federated Domain Added - Exchange

---------

Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2023-09-18 19:30:16 +02:00
Mark Morowczynski f28b89c084 Merge PR #4445 from @MarkMorow - New Azure PIM Rules 
new: Stale Accounts In A Privileged Role
new: Invalid PIM License
new: Roles Assigned Outside PIM
new: Roles Activated Too Frequently
new: Roles Activation Doesn't Require MFA
new: Roles Are Not Being Used
new: Too Many Global Admins

---------

Co-authored-by: gleeiamglo <142270304+gleeiamglo@users.noreply.github.com>
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2023-09-14 22:02:30 +02:00
Nasreddine Bencherchali 67d0d2afff chore: change service name to lowercase 2023-08-08 15:41:08 +02:00
frack113 a66b38d3df Fix to pass the tests 2023-08-08 06:47:08 +02:00
Nasreddine Bencherchali de9f3a3521 feat: update logsource and rule 
- Add 2 new event log
  - Microsoft-Windows-CAPI2/Operational
  - Microsoft-Windows-CertificateServicesClient-Lifecycle-System/Operational
- Update required tests and rules
 2023-05-19 00:05:05 +02:00
frack113 c1a9712558 Review Web logsource 2023-05-08 11:04:16 +02:00
Nasreddine Bencherchali 2710bf4710 feat: new rules, updates and fp fixes (#4162) 2023-04-11 13:04:22 +02:00
Moti-H ff4242dadd feat: add new application vulnerability rules (#4034) 2023-02-15 12:29:53 +01:00
frack113 2bd14e4953 Small update 
- Change service to audit
- Add operation
 2023-01-22 08:55:24 +01:00
Nasreddine Bencherchali 5416935cec feat: update logsource with new service 2023-01-21 11:33:48 +01:00
Nasreddine Bencherchali 1c340493c6 fix: broken logsource 2023-01-17 01:13:50 +01:00
Nasreddine Bencherchali e5fe4d5f46 feat: update config files 
- Update indentation of config files to 4
- Add new event logs
 2023-01-17 01:00:24 +01:00
frack113 2b0b680775 Merge pull request #3925 from frack113/lsa-server 
Microsoft-Windows-LSA
 2023-01-13 18:24:43 +01:00
Nasreddine Bencherchali c7f1f52b7b fix: apply suggestions from code review 2023-01-13 18:19:32 +01:00
frack113 deeac89f36 Add lsa-server 2023-01-13 17:56:02 +01:00
frack113 2be462d2cf Add UserName for taskscheduler 2023-01-13 13:13:53 +01:00
Nasreddine Bencherchali debd658aac feat: new rules related to appx packages 2023-01-11 23:04:37 +01:00
frack113 fbae1f3055 Merge pull request #3889 from frack113/iso_evtx 
Add win_vhdmp_mount_iso.yml
 2023-01-11 18:05:50 +01:00
frack113 5cff2d2b3f Update logsource.json 2023-01-10 21:53:35 +01:00
frack113 9b550f6858 Add win_vhdmp_mount_iso 2023-01-09 10:19:41 +01:00
frack113 d6059d801b Filename normalisation 2023-01-07 08:52:11 +01:00
frack113 ed1a91b53f remove duplicate value 2023-01-04 19:42:16 +01:00
frack113 7d5fb8db30 update logsource 2023-01-04 19:36:37 +01:00
frack113 756a248032 update logsource 2023-01-04 18:52:24 +01:00
Nasreddine Bencherchali 3bd12552bb feat: add bitlocker channel 2023-01-02 22:19:32 +01:00
frack113 c62d624892 Use W3C cs-uri-query 2023-01-02 18:56:34 +01:00
frack113 41c850e00b Use W3C cs-uri-query 2023-01-02 18:45:50 +01:00
frack113 a1a94a0b66 Update W3C field name 2023-01-02 16:39:55 +01:00
frack113 8720356684 Update field name 2023-01-02 15:49:45 +01:00
frack113 0e8d1f9b0d Check field name 2023-01-02 10:59:51 +01:00
frack113 27f3ba9257 Add linux auditd 2023-01-01 13:18:51 +01:00
frack113 6d0b86aae3 Keep only sysmon linux used 2022-12-31 19:14:40 +01:00
frack113 c2ce5d01fc Add sysmon linux v1.0.2 2022-12-31 18:08:11 +01:00
frack113 3c2e1a6a3e add new test 2022-12-30 16:00:42 +01:00