security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
14,589 Commits 1 Branch 57 Tags
87879f69cfdfa1e759c69cda797c8dfd4c8bb2dd
Commit Graph

14589 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
D4rkCiph3r 87879f69cf Update proc_creation_macos_jxa_in-memory_execution.yml 
Indentation corrections and comments
 2023-01-31 16:52:17 +05:30
D4rkCiph3r aa3fa9b7e4 Create proc_creation_macos_jxa_in-memory_execution.yml 2023-01-31 16:06:39 +05:30
frack113 9e51af56ca Merge pull request #3974 from MarkMorow/master 
Update tags for MITRE ATT&CK
 2023-01-31 07:34:34 +01:00
Florian Roth b3c1c2bb24 Merge pull request #3978 from qasimqlf/patch-21 
fix: condition
 2023-01-30 17:11:46 +01:00
Qasim Qlf 2ac3f5c797 fix: condition 2023-01-30 19:13:11 +05:00
phantinuss 6d377cfb66 Merge pull request #3970 from frack113/issue_3968 
proc_creation_win_copy_browser_data fix FP
 2023-01-30 10:57:56 +01:00
Nasreddine Bencherchali 92a23276cf Merge pull request #3972 from frack113/hijacklibs 
feat: add additional new dlls for abuse from hijacklibs
 2023-01-30 10:49:11 +01:00
Nasreddine Bencherchali 0e589eeb08 Merge pull request #3976 from qasimqlf/patch-20 
fix: Rename registry_set_persistance_xll to registry_set_persistence_
 2023-01-30 10:47:11 +01:00
Nasreddine Bencherchali cb1ea104b6 fix: remove unnecessary space 2023-01-30 10:42:48 +01:00
Nasreddine Bencherchali 8bcedc7c52 fix: update title and description 2023-01-30 10:41:27 +01:00
Nasreddine Bencherchali da33c6d876 Merge pull request #3975 from qasimqlf/patch-19 
fix: remove unnecessary modifier
 2023-01-30 10:35:52 +01:00
Qasim Qlf 4938f9b44c Rename registry_set_persistance_xll.yml to registry_set_persistence_xll.yml 
Updated persistance to persistence
 2023-01-30 14:33:49 +05:00
Nasreddine Bencherchali 4b08e8700d Merge pull request #3973 from faisalusuf/master 
feat: new rules related to GitHub logs
 2023-01-30 10:33:02 +01:00
Qasim Qlf a39896f66a fix: condition 2023-01-30 14:27:59 +05:00
Nasreddine Bencherchali 7b3a3ee254 fix: add missing space by the end 2023-01-30 10:26:13 +01:00
Nasreddine Bencherchali 6de8009c88 fix: update metadata and prefix test 2023-01-30 10:23:13 +01:00
Mark Morowczynski b24e6d197b Update tags for MITRE ATT&CK 
Update tags for MITRE ATT&CK
 2023-01-29 11:29:12 -08:00
z00t cd15e7beea Rename github_new_org_member_alert.yml to github_new_org_member.yml 
The rule name changed to match the updated rule title.
 2023-01-30 00:02:20 +05:00
z00t d8c18457a0 Update disabled_outdated_dependency_or_vulnerability.yml 
Removed invalid mitre ID T1089, and removed mitigation ID which was included in an error.
 2023-01-30 00:01:22 +05:00
z00t 493daf54f5 Update and rename github_high_risk_configuration_change.yml to disable_github_high_risk_configuration.yml 
The severity level changed to high from critical. The rule name matched the modified title.
 2023-01-29 23:59:53 +05:00
z00t 40d7ce83c7 Rename dependabot_alerts_disabled.yml to disabled_outdated_dependency_or_vulnerability.yml 
The rule name matched to the modified title.
 2023-01-29 23:57:17 +05:00
z00t 23e5faa382 Update rules/cloud/github/github_new_org_member_alert.yml 
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-01-29 23:05:28 +05:00
z00t 579ac60b7a Update rules/cloud/github/github_high_risk_configuration_change.yml 
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-01-29 23:04:30 +05:00
z00t 1959e7936e Update rules/cloud/github/dependabot_alerts_disabled.yml 
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-01-29 23:03:59 +05:00
z00t 60c3221fe1 selection item added. 2023-01-29 21:56:33 +05:00
frack113 072d6bda9b Add more dll 2023-01-29 16:50:06 +01:00
z00t 6ef4ee26bb Description updated. 2023-01-29 20:45:19 +05:00
z00t 352b477d5b Merge branch 'SigmaHQ:master' into master 2023-01-29 20:40:37 +05:00
frack113 bd5e1da89c Fix FP move 2023-01-29 09:42:48 +01:00
frack113 dff6a398cc Merge pull request #3969 from MarkMorow/master 
Updating MITRE Tactics & Techniques
 2023-01-29 07:04:52 +01:00
Mark Morowczynski 29ca26b32c Updating MITRE Tactics & Techniques 
Updating MITRE Tactics & Techniques to align with existing classifications
 2023-01-28 13:26:15 -08:00
frack113 18e9704e2c Merge pull request #3964 from YamatoSecurity/master 
update pw spraying via explicit creds rules
 2023-01-28 07:59:00 +01:00
frack113 6928cdf702 Update win_security_susp_failed_logons_explicit_credentials.yml 2023-01-28 07:53:37 +01:00
z00t 17640ab9d6 Merge branch 'master' of https://github.com/faisalusuf/sigma 2023-01-28 01:04:05 +05:00
z00t 1fa926ee31 New rules added. 2023-01-28 01:01:30 +05:00
Nasreddine Bencherchali ff7b104450 Merge pull request #3967 from SigmaHQ/aurora-false-positive-fixing 
docs: detection rule license info
 2023-01-27 20:31:30 +01:00
Florian Roth 3bdc80d28d docs: detection rule license info 2023-01-27 19:42:16 +01:00
frack113 4e46d36c59 Merge pull request #3963 from maximelb/lc-expand-rules 
Expand rule support and bug fix for LimaCharlie
 2023-01-27 17:57:32 +01:00
frack113 1948b1cb6d Merge pull request #3965 from frack113/pormotion_status 
change status to test
 2023-01-27 17:56:12 +01:00
frack113 dabf286c17 Merge pull request #3966 from frack113/PendingFileRenameOperations 
Add registry_set_susp_pendingfilerenameoperations
 2023-01-27 17:55:51 +01:00
frack113 7ea3db18f7 Fix test errors 2023-01-27 15:09:43 +01:00
Nasreddine Bencherchali 35dabc529c fix: update metadata 2023-01-27 13:55:19 +01:00
frack113 5087b95155 Merge remote-tracking branch 'upstream/master' into pormotion_status 2023-01-27 11:29:27 +01:00
frack113 2ba6c3c3f5 Merge pull request #3961 from tropChaud/patch-4 
Create proc_creation_win_rhadamanthys_dll_launch.yml
 2023-01-27 11:23:21 +01:00
Nasreddine Bencherchali 79010f45f0 Merge pull request #3959 from nasbench/nasbench-rule-devel 
feat: updates and fixes
 2023-01-27 11:14:00 +01:00
frack113 0f9ce8de60 Update registry_set_susp_pendingfilerenameoperations.yml 2023-01-27 11:09:45 +01:00
Nasreddine Bencherchali c9d29d5bdd fix: typo in the description 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-01-27 10:53:59 +01:00
Nasreddine Bencherchali af9b78971e Merge branch 'nasbench-rule-devel' of https://github.com/nasbench/sigma into nasbench-rule-devel 2023-01-27 10:50:37 +01:00
Nasreddine Bencherchali 0b5a4fd7c9 fix: add missing modified date 2023-01-27 10:50:04 +01:00
frack113 40dffb5c92 Add registry_set_susp_pendingfilerenameoperations 2023-01-27 10:49:58 +01:00