security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
16,347 Commits 1 Branch 57 Tags
8734022722f0a84a53d75c2fcc7c779ca9b2fdfc
Commit Graph

30 Commits

Author SHA1 Message Date
github-actions[bot] 8734022722 Merge PR #5149 from @nasbench - Promote older rules status from experimental to test 
chore: promote older rules status from experimental to test

Co-authored-by: nasbench <nasbench@users.noreply.github.com>
 2025-01-06 15:36:19 +01:00
Nasreddine Bencherchali 598d29f811 Merge PR #4950 from @nasbench - Comply With v2 Spec Changes 
chore: change tags, date, modified fields to comply with v2 of the Sigma spec.
chore: update the related type from `obsoletes` to `obsolete`.
chore: update local json schema to the latest version.
 2024-08-12 12:02:50 +02:00
Romain Gaillard e1803cbc8e Merge PR #4931 from @romain-gaillard - Add additional GitHub audit detection rules 
new: Github SSH Certificate Configuration Changed
new: Github Fork Private Repositories Setting Enabled/Cleared
new: Github Repository/Organization Transferred 

---------

Co-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>
 2024-07-29 23:17:11 +02:00
Romain Gaillard 29d06798b3 Merge PR #4922 from @romain-gaillard - Update Github High Risk Configuration Disabled 
update: Github High Risk Configuration Disabled - Add `business_advanced_security.disabled`, `business_advanced_security.disabled_for_new_repos`, `business_advanced_security.disabled_for_new_user_namespace_repos`, `business_advanced_security.user_namespace_repos_disabled`, `org.advanced_security_disabled_for_new_repos`, `org.advanced_security_disabled_on_all_repos` 

---------

Co-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>
 2024-07-22 10:43:48 +02:00
Romain Gaillard bcb5e6b218 Merge PR #4921 from @romain-gaillard - update Github Secret Scanning Feature Disabled 
update: Github Secret Scanning Feature Disabled - Add `secret_scanning_new_repos.disable` 

---------

Co-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>
 2024-07-22 10:42:22 +02:00
z00t 09ca073e2b Merge PR #4749 from @faisalusuf - Add new rules for GitHub secret scanning and push protection features 
new: Github Push Protection Bypass Detected
new: Github Push Protection Disabled
new: Github Secret Scanning Feature Disabled

---------

Co-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>
 2024-03-07 00:14:25 +01:00
Nasreddine Bencherchali 8af1ab8cac Merge PR #4738 from @nasbench - Small fixes and metadata updates 
new: HackTool - CobaltStrike Malleable Profile Patterns - Proxy
remove: CobaltStrike Malformed UAs in Malleable Profiles
remove: CobaltStrike Malleable (OCSP) Profile
remove: CobaltStrike Malleable Amazon Browsing Traffic Profile
remove: CobaltStrike Malleable OneDrive Browsing Traffic Profile
remove: iOS Implant URL Pattern
update: Chafer Malware URL Pattern - Reduce level to high and move to ET folder
 2024-02-26 22:01:53 +01:00
github-actions[bot] ae960f0881 Merge PR #4611 from @nasbench - Promote Older Rules Status From experimental To test 
chore: promote older rules status from experimental to test

Co-authored-by: nasbench <nasbench@users.noreply.github.com>
 2023-12-01 12:50:36 +01:00
Nasreddine Bencherchali 95793d73bd Merge PR #4482 From @nasbench - Add New Automation Workflows 
chore: update workflows and add quality of life updates and automation to the repository

---------

Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-10-18 11:53:44 +02:00
Wagga 273fdb9985 fix: typos in multiple rules (#4011) 2023-02-06 13:53:23 +01:00
Nasreddine Bencherchali 7b3a3ee254 fix: add missing space by the end 2023-01-30 10:26:13 +01:00
Nasreddine Bencherchali 6de8009c88 fix: update metadata and prefix test 2023-01-30 10:23:13 +01:00
z00t cd15e7beea Rename github_new_org_member_alert.yml to github_new_org_member.yml 
The rule name changed to match the updated rule title.
 2023-01-30 00:02:20 +05:00
z00t d8c18457a0 Update disabled_outdated_dependency_or_vulnerability.yml 
Removed invalid mitre ID T1089, and removed mitigation ID which was included in an error.
 2023-01-30 00:01:22 +05:00
z00t 493daf54f5 Update and rename github_high_risk_configuration_change.yml to disable_github_high_risk_configuration.yml 
The severity level changed to high from critical. The rule name matched the modified title.
 2023-01-29 23:59:53 +05:00
z00t 40d7ce83c7 Rename dependabot_alerts_disabled.yml to disabled_outdated_dependency_or_vulnerability.yml 
The rule name matched to the modified title.
 2023-01-29 23:57:17 +05:00
z00t 23e5faa382 Update rules/cloud/github/github_new_org_member_alert.yml 
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-01-29 23:05:28 +05:00
z00t 579ac60b7a Update rules/cloud/github/github_high_risk_configuration_change.yml 
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-01-29 23:04:30 +05:00
z00t 1959e7936e Update rules/cloud/github/dependabot_alerts_disabled.yml 
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-01-29 23:03:59 +05:00
z00t 60c3221fe1 selection item added. 2023-01-29 21:56:33 +05:00
z00t 6ef4ee26bb Description updated. 2023-01-29 20:45:19 +05:00
z00t 1fa926ee31 New rules added. 2023-01-28 01:01:30 +05:00
frack113 6d535e032f Remove operation 2023-01-22 18:42:54 +01:00
frack113 2bd14e4953 Small update 
- Change service to audit
- Add operation
 2023-01-22 08:55:24 +01:00
Nasreddine Bencherchali 7bce67f940 fix: file extension 2023-01-21 11:52:13 +01:00
Nasreddine Bencherchali 9ef8565556 fix: filename 2023-01-21 11:41:44 +01:00
z00t 9cc61a6e60 Single quotes added to non-integer values. 2023-01-20 23:28:23 +05:00
z00t 44a7b78950 New Rule is created. 2023-01-20 23:09:56 +05:00
z00t e27d79e21a New detection rule. 2023-01-20 21:29:31 +05:00
z00t cc511af55e Create github_delete action_invoked.yaml 2023-01-20 18:14:14 +05:00