security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,863 Commits 1 Branch 57 Tags
871f41df73e68fc6b16403b3f8a53bbc8b2cd8eb
Commit Graph

175 Commits

Author SHA1 Message Date
Mark Morowczynski f28b89c084 Merge PR #4445 from @MarkMorow - New Azure PIM Rules 
new: Stale Accounts In A Privileged Role
new: Invalid PIM License
new: Roles Assigned Outside PIM
new: Roles Activated Too Frequently
new: Roles Activation Doesn't Require MFA
new: Roles Are Not Being Used
new: Too Many Global Admins

---------

Co-authored-by: gleeiamglo <142270304+gleeiamglo@users.noreply.github.com>
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2023-09-14 22:02:30 +02:00
Nasreddine Bencherchali 9f82e581a1 fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-06-20 11:26:41 +02:00
frack113 8c5dba3740 Update tags 
Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-06-20 07:31:54 +02:00
Nasreddine Bencherchali 098746574c feat: add typo check for related field 2023-06-07 12:29:02 +02:00
Nasreddine Bencherchali 1299b21561 feat: rule and tests update 2023-05-31 13:46:13 +02:00
Nasreddine Bencherchali de9f3a3521 feat: update logsource and rule 
- Add 2 new event log
  - Microsoft-Windows-CAPI2/Operational
  - Microsoft-Windows-CertificateServicesClient-Lifecycle-System/Operational
- Update required tests and rules
 2023-05-19 00:05:05 +02:00
Nasreddine Bencherchali e51b548938 fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-05-12 10:33:05 +02:00
Nasreddine Bencherchali cab7dcc9f4 fix: unused selection and increase filename size 2023-05-11 20:51:33 +02:00
phantinuss e6d734e7fc chore: use relative paths for rules test again 2023-04-26 13:22:01 +02:00
Nasreddine Bencherchali 1ed9743e7c fix: test issues 2023-04-25 19:18:38 +02:00
Nasreddine Bencherchali 16d4d0b6ea Update test_rules.py 2023-04-25 18:59:24 +02:00
phantinuss 1d6ad79f06 fix: adding executable bit 2023-04-24 08:41:56 +02:00
Nasreddine Bencherchali 7f88625c3c feat: update tests for new folder struct 2023-04-21 15:01:47 +02:00
Nasreddine Bencherchali d591bf662a fix: update tests 2023-04-21 15:01:47 +02:00
Nasreddine Bencherchali 9890de995a feat: update tests for new folder struct 2023-04-21 15:00:37 +02:00
Nasreddine Bencherchali f4e406c1b6 fix: update tests 2023-04-21 15:00:37 +02:00
Tess 0ade5feae9 add test for duplicate references 2023-04-20 10:45:51 -04:00
Nick Moore 463d9fff82 feat: new rule Potential Okta Password in AlternateID Field (#4158) 2023-04-05 13:21:03 +02:00
Thomas Patzke 0e8e5a0bd5 Restored thor.yml and fixed reference to it 2023-04-02 01:22:10 +02:00
Nasreddine Bencherchali 2883c2e714 fix: test errors 2023-03-07 14:23:44 +01:00
Nasreddine Bencherchali 05adb156e7 feat: update test 2023-03-07 14:14:21 +01:00
Nasreddine Bencherchali f0afc4cce6 fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-02-20 12:06:37 +01:00
Nasreddine Bencherchali 6a0b38291f fix: fp found in baseline 2023-02-17 23:16:42 +01:00
Nasreddine Bencherchali 82d0b9e10c fix: add missing modified and improve test 2023-02-10 00:56:07 +01:00
Thomas Patzke ef9d4f702d Merge pull request #3878 from DCSO/rule_test_add_re_escape_tests 
Test: Check 're' rules against unwanted/unneeded escapes
 2023-02-04 08:59:16 +01:00
Nasreddine Bencherchali f2643c6043 Merge pull request #3940 from mbabinski/master 
feat: add external remote service logon from public IP rule.
 2023-01-31 11:04:50 +01:00
Nasreddine Bencherchali 2817c6085c feat: add cidr modifier to the test 2023-01-31 10:58:29 +01:00
Nasreddine Bencherchali 6de8009c88 fix: update metadata and prefix test 2023-01-30 10:23:13 +01:00
Nasreddine Bencherchali 8b38e3ac2c fix: assertion logic 2023-01-12 12:36:33 +01:00
Nasreddine Bencherchali dca48fc125 fix: assert function in test 2023-01-12 12:29:38 +01:00
Nasreddine Bencherchali 30c658e2a4 fix: broken logic in test 
- Fix ` test_duplicate_detections` test
- Add new test `test_broken_thor_logsource_config` to test for broken Windows eventlog sources
 2023-01-12 12:21:58 +01:00
Hendrik Baecker 874032c2bf Test: Check 're' rules against unwanted/unneeded escapes 2023-01-06 16:25:27 +01:00
Hendrik Baecker 9985905f54 rule_tests: Rule directory relative to test_* file 2023-01-04 16:25:07 +01:00
Hendrik Baecker c998945b34 test-rules: use cti directory relative to test file 
This little change will use 'cti/' relative to the executing
test_*.py file and doesn't care if the testfile is executed
from sigma/ or sigma/tests/.
 2023-01-04 16:02:57 +01:00
Hendrik Baecker 3da07164ce test-rules: Execute get_mitre_data() as part of unittest 
Catching the data as part of the unittest class is more
IDE friendly cause they won't call __main__ but using the
test methods directly.
 2023-01-04 15:58:35 +01:00
Nasreddine Bencherchali 3bd12552bb feat: add bitlocker channel 2023-01-02 22:19:32 +01:00
frack113 014684ddcd add win_dns_analytic_ prefix 2023-01-02 12:16:09 +01:00
frack113 4a0b571598 add new test 2022-12-30 16:31:41 +01:00
Nasreddine Bencherchali 58f47b9875 fix: add known children appvlp 2022-12-30 10:24:25 +01:00
Nasreddine Bencherchali 964da01186 fix: test logic 2022-12-29 18:27:58 +01:00
Nasreddine Bencherchali c2e8283806 fix: add missing try/except 2022-12-29 17:30:26 +01:00
Nasreddine Bencherchali d0920f0931 fix: small error in deletion 2022-12-29 17:23:38 +01:00
Nasreddine Bencherchali e20cb470cc fix: enhance element deletion 
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2022-12-29 17:19:01 +01:00
Nasreddine Bencherchali 123202f112 feat: add file_access case in test 2022-12-29 15:30:57 +01:00
Nasreddine Bencherchali 03cc78e916 feat: filename test enhancements (#3812) 2022-12-23 09:25:16 +01:00
frack113 a27dc6c43a Check for issue 3724 2022-12-22 08:46:25 +01:00
frack113 44a25df15f Check for issue 3724 2022-12-22 08:41:37 +01:00
Florian Roth b157bef3de fix: link to correct issue 2022-12-21 08:59:24 +01:00
Nasreddine Bencherchali ba3e985bed feat: multiple update and enhancements 2022-12-19 17:41:40 +01:00
Nasreddine Bencherchali 972720d42c fix: apply code review suggestion 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2022-12-19 10:17:49 +01:00