security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,057 Commits 1 Branch 57 Tags
87404ea1e1ee062ed7227d82c232efdeb9cee2db
Commit Graph

11763 Commits

Author SHA1 Message Date
Mohamed Ashraf (X__Junior) 87404ea1e1 Update proxy_ua_malware.yml 2023-03-20 17:41:13 +02:00
Nasreddine Bencherchali b52abdef5c Merge pull request #4120 from leer-ts/master 
feat: add new rule related to `CVE-2023-23397` exploitation
 2023-03-17 23:39:49 +01:00
Nasreddine Bencherchali 4bcf5b75a7 fix: remove backslash and add example 2023-03-17 23:32:10 +01:00
Nasreddine Bencherchali 4a171ae82d fix: add definition section 
Added a definition section to indicate that SACLs are required
 2023-03-17 23:26:38 +01:00
Nasreddine Bencherchali cf49c5d509 fix: update rule for SIGMAHQ standard 2023-03-17 23:14:40 +01:00
Qasim Qlf 685c3d7970 fix: detection name word 'activity' (#4119) 2023-03-17 23:11:15 +01:00
leer-ts d456305533 Create win_security_outlook_remote_file.yml 2023-03-17 17:52:12 -04:00
Hieu Tran 0e934bd4b4 feat: new rules related to ZScaler blog - OneNote: A Growing Threat for Malware Distribution (#4111) 2023-03-17 13:00:57 +01:00
frack113 9ce7f083ef feat: new rule Potential Binary Or Script Dropper Via PowerShell.EXE (#4116) 2023-03-17 12:56:02 +01:00
Florian Roth 0ebbd09ab4 fix: removed unnecessary escapes 2023-03-16 22:54:41 +01:00
Florian Roth e4864b43d2 fix: regular expression 2023-03-16 22:46:08 +01:00
Nasreddine Bencherchali 4287d790ae Update proc_creation_win_rundll32_webdav_client_susp_execution.yml 2023-03-16 19:34:23 +01:00
Nasreddine Bencherchali 53e86c8871 Update proc_creation_win_rundll32_webdav_client_execution.yml 2023-03-16 19:23:05 +01:00
Nasreddine Bencherchali 5ca7978ebe fix: escape slashes 2023-03-16 19:20:53 +01:00
Nasreddine Bencherchali 49a43832c4 fix: enhance selection 2023-03-16 19:19:25 +01:00
Nasreddine Bencherchali db62085f77 fix: ip regex 2023-03-16 19:18:36 +01:00
Nasreddine Bencherchali 5b14835a35 feat: add new rules related to CVE-2023-23397 2023-03-16 19:17:48 +01:00
Nasreddine Bencherchali 77cd0bf6c0 fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-03-15 19:27:57 +01:00
Nasreddine Bencherchali 3ca27207be fix: tune more fp 2023-03-15 12:00:20 +01:00
Nasreddine Bencherchali 83bcab5fd6 chore: increase level of some sideloading rules 2023-03-15 01:10:52 +01:00
Nasreddine Bencherchali 64295b1ed7 fix: remove unnecessary filter 2023-03-15 00:11:35 +01:00
Nasreddine Bencherchali 1d45236bf6 fix: broken condition 2023-03-15 00:06:29 +01:00
Nasreddine Bencherchali d36f7e9819 fix: fp found in testing 2023-03-14 23:58:04 +01:00
Nasreddine Bencherchali 933e99eef8 fix: cicd errors 2023-03-14 23:21:18 +01:00
Nasreddine Bencherchali 90574160ec feat: new rules and update 2023-03-14 20:07:44 +01:00
Nasreddine Bencherchali 37544fd175 Merge branch 'SigmaHQ:master' into nasbench-rule-devel 2023-03-14 10:51:23 +01:00
Mohamed Ashraf 7d3b540de3 Update rules/windows/image_load/image_load_side_load_wazuh.yml 
update description

Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-03-14 09:59:53 +02:00
Nasreddine Bencherchali adf0ac1718 feat: attrib rules updates 2023-03-14 01:50:30 +01:00
Nasreddine Bencherchali dba3839e23 feat: new rules related to dotnet-dump 2023-03-14 01:43:14 +01:00
Nasreddine Bencherchali 77a825beea fix: improve metadata 2023-03-13 23:37:37 +01:00
Nasreddine Bencherchali 072dc5e982 fix: fp 2023-03-13 14:14:58 +01:00
Mohamed Ashraf (X__Junior) 1a4ad4c67c new rules related to possible dll sideloading 2023-03-13 14:47:52 +02:00
Florian Roth 96347ade8b Merge pull request #4099 from nasbench/nasbench-rule-devel 
feat: update and fixes
 2023-03-13 11:18:19 +01:00
Nasreddine Bencherchali a599e7b4af fix: add missing modified 2023-03-13 10:49:29 +01:00
Nasreddine Bencherchali d7083f6175 fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-03-13 10:48:08 +01:00
Nasreddine Bencherchali 5198cb3824 chore: change state to unsupported 2023-03-13 10:35:44 +01:00
Yamato Security 7c79441245 moved multi-line condition to single line 2023-03-13 13:54:43 +09:00
tuan 2a1124e95e feat: new rules Linux Package Uninstall (#4098) 2023-03-13 00:04:53 +01:00
frack113 61a6ca59b0 feat: new rule amsi.dll load by uncommon process (#4102) 2023-03-12 23:58:51 +01:00
Nasreddine Bencherchali 1a4f76242c Merge branch 'SigmaHQ:master' into nasbench-rule-devel 2023-03-12 23:54:40 +01:00
Nasreddine Bencherchali 1743ce90ea fix: add missing modifier 2023-03-11 18:32:33 +01:00
Nasreddine Bencherchali 991c824f9a feat: more updates 2023-03-10 23:32:32 +01:00
Nasreddine Bencherchali c1b2b05cde Update proc_creation_win_apt_apt31_judgement_panda.yml 2023-03-10 16:52:10 +01:00
Nasreddine Bencherchali a8462ec916 feat: more apt rules updates 2023-03-10 16:50:29 +01:00
Zeta 9da9da80d3 Update ATT&CK Techniques and Tactics (#4096) 2023-03-10 01:21:42 +01:00
Nasreddine Bencherchali b36fb603e0 fix: fp found in testing 2023-03-09 22:53:30 +01:00
Nasreddine Bencherchali f23780de6f feat: update and fixes 2023-03-09 22:10:42 +01:00
Nasreddine Bencherchali 3b11cafc57 Merge pull request #4091 from nasbench/nasbench-rule-devel 
feat: update and fixes
 2023-03-07 18:07:57 +01:00
Nasreddine Bencherchali 149256b0b9 fix: add missing modified date 2023-03-07 17:50:14 +01:00
Nasreddine Bencherchali 556e445e22 fix: update rules/windows/process_creation/proc_creation_win_hktl_powersploit_empire_default_schtasks.yml 
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-03-07 17:49:21 +01:00