security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
14,589 Commits 1 Branch 57 Tags
87879f69cfdfa1e759c69cda797c8dfd4c8bb2dd
Commit Graph

13 Commits

Author SHA1 Message Date
Nick Moore 0312c481d9 Change rules using all of required-lists to |all 
When a Sigma rule writer wants to create a list of values where all of
them must be matched for the rule to trigger, the approach used
previously was to have an `all of` condition for a single selector.
However, this has now changed, and the new approach is to use an empty
key and the |all modifier (i.e., `'|all'`).

This commit (tries to) identify all the rules that used the old
approach and modifies them to use the new approach instead.

See SigmaHQ/sigma-specification#53 for further discussion.
 2023-01-23 14:37:25 +00:00
Tim Brown 4b52acd2fe feat: add rules for BGP and LDP authentication failures 2023-01-12 01:59:16 +01:00
frack113 756a248032 update logsource 2023-01-04 18:52:24 +01:00
frack113 ad3a3e3b71 Order yaml field 4 (#3628) 2022-10-25 09:30:05 +02:00
frack113 4631d0c482 remove invalid tag 2022-01-19 18:23:30 +01:00
frack113 01dc930c17 Change status for old rules 2021-11-27 11:33:14 +01:00
Mike Wade 1ddba05eb2 Second round 2020-09-15 07:02:30 -06:00
Yugoslavskiy Daniil 71fec94417 review network/cisco/aaa 2020-09-03 00:34:41 +02:00
Florian Roth 80f4b4ec71 fix: rules with duplicate tags 2020-07-27 11:44:47 +02:00
Florian Roth 58b68758b4 fix: wrong MITRE ATT&CK ids used in the beta version 2020-07-14 17:53:32 +02:00
Ivan Kirillov 0fbfcc6ba9 Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
Florian Roth 35e43db7a7 fix: converted CRLF line break to LF 2020-03-25 14:36:34 +01:00
Florian Roth 4ad71c44bc chore: moved network device rules to the 'network' folder 2020-01-30 14:30:26 +01:00