security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
14,589 Commits 1 Branch 57 Tags
87879f69cfdfa1e759c69cda797c8dfd4c8bb2dd
Commit Graph

1478 Commits

Author SHA1 Message Date
frack113 18e9704e2c Merge pull request #3964 from YamatoSecurity/master 
update pw spraying via explicit creds rules
 2023-01-28 07:59:00 +01:00
frack113 6928cdf702 Update win_security_susp_failed_logons_explicit_credentials.yml 2023-01-28 07:53:37 +01:00
frack113 5087b95155 Merge remote-tracking branch 'upstream/master' into pormotion_status 2023-01-27 11:29:27 +01:00
frack113 1033b3f404 change status to test 2023-01-27 06:48:34 +01:00
Yamato Security 3a4d447d1e update pw spraying via explicit creds rules 2023-01-27 10:51:43 +09:00
Nasreddine Bencherchali 85c5f21818 feat: more updates, renames and fixes 2023-01-27 00:30:16 +01:00
frack113 cb67871bd2 Revert "Change status of old rules" 2023-01-26 19:37:18 +01:00
frack113 5323fd4baa Change status of old rules 2023-01-25 18:41:18 +01:00
phantinuss 32c89da010 fix: FPs in testing environment 2023-01-25 16:23:10 +01:00
Nick Moore 0312c481d9 Change rules using all of required-lists to |all 
When a Sigma rule writer wants to create a list of values where all of
them must be matched for the rule to trigger, the approach used
previously was to have an `all of` condition for a single selector.
However, this has now changed, and the new approach is to use an empty
key and the |all modifier (i.e., `'|all'`).

This commit (tries to) identify all the rules that used the old
approach and modifies them to use the new approach instead.

See SigmaHQ/sigma-specification#53 for further discussion.
 2023-01-23 14:37:25 +00:00
Nasreddine Bencherchali ef0c3d35c4 fix: filter fp found in testing 2023-01-20 11:39:08 +01:00
Nasreddine Bencherchali 0909b65bff feat: update sharing websites 2023-01-19 22:07:31 +01:00
Nasreddine Bencherchali dd9987527a fix: final fp 2023-01-19 00:49:32 +01:00
Nasreddine Bencherchali 0d242195c7 fix: fp found in test set 2023-01-19 00:38:55 +01:00
Nasreddine Bencherchali 3a473b8313 fix: small metadata fixes 2023-01-18 23:30:40 +01:00
Nasreddine Bencherchali 0cb78e498a fix: more fp found in testing 2023-01-18 20:16:34 +01:00
Nasreddine Bencherchali 02e4a5112d fix: fp found in testing 2023-01-18 18:41:07 +01:00
Nasreddine Bencherchali 4682f3fb7a fix: broken title 2023-01-17 19:14:32 +01:00
Nasreddine Bencherchali 8f46f2f061 fix: fp in firewall rule 2023-01-17 19:07:30 +01:00
Nasreddine Bencherchali 1c0bf6e262 feat: update windows firewall rules 2023-01-17 19:01:37 +01:00
Nasreddine Bencherchali 1c340493c6 fix: broken logsource 2023-01-17 01:13:50 +01:00
Nasreddine Bencherchali 85fb255bc9 feat: new rules and updates 2023-01-17 01:00:44 +01:00
frack113 2b0b680775 Merge pull request #3925 from frack113/lsa-server 
Microsoft-Windows-LSA
 2023-01-13 18:24:43 +01:00
Nasreddine Bencherchali c7f1f52b7b fix: apply suggestions from code review 2023-01-13 18:19:32 +01:00
Nasreddine Bencherchali 432710c47b fix: description 2023-01-13 18:01:10 +01:00
frack113 c6942cba65 Add lsa-server 2023-01-13 17:58:40 +01:00
frack113 deeac89f36 Add lsa-server 2023-01-13 17:56:02 +01:00
Nasreddine Bencherchali 8707345be7 fix: add related metadata 2023-01-13 17:21:21 +01:00
frack113 5d0b0f6663 Add more TaskName 2023-01-13 13:06:02 +01:00
frack113 a0cc836d0a Add filter 2023-01-13 13:03:30 +01:00
frack113 1b11e29fef Move rules 2023-01-13 12:15:08 +01:00
frack113 0c61fffa82 Merge pull request #3915 from frack113/appxdeployment 
Add appxdeployment-server rule by eventid
 2023-01-12 18:53:32 +01:00
frack113 4708bc61c6 Update win_appxdeployment_server_applocker_block.yml 2023-01-12 18:47:14 +01:00
frack113 b85d87ddf3 Apply suggestions from code review 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2023-01-12 18:39:46 +01:00
Nasreddine Bencherchali e824131450 fix: add new ref 2023-01-12 18:37:35 +01:00
frack113 45d7d1cd30 Update win_software_restriction_policies_block.yml 2023-01-12 18:30:45 +01:00
frack113 1470c3ebce Update win_software_restriction_policies_block.yml 2023-01-12 18:30:07 +01:00
frack113 b0b8c8cba6 Add win_software_restriction_policies_block 2023-01-12 18:20:12 +01:00
frack113 6d85fcb2b3 Add rule by eventid 2023-01-12 17:56:14 +01:00
Nasreddine Bencherchali a5df41cf39 fix: update title and description 2023-01-12 15:49:40 +01:00
Nasreddine Bencherchali 9a671e25d9 fix: add missing eid 400 2023-01-12 15:12:20 +01:00
Nasreddine Bencherchali e7a2e1c169 fix: remove version from name 
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-01-12 10:37:34 +01:00
Nasreddine Bencherchali 0470f45246 fix: apply suggestions from code review 
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-01-12 10:36:13 +01:00
Nasreddine Bencherchali 67ea98a6db feat: more updates and fixes 2023-01-12 01:05:48 +01:00
Nasreddine Bencherchali d0b2e2cbba fix: more fp and duplicate id 2023-01-11 23:47:12 +01:00
Nasreddine Bencherchali b6b1eba014 fix: fp and add related fields 2023-01-11 23:39:15 +01:00
Nasreddine Bencherchali debd658aac feat: new rules related to appx packages 2023-01-11 23:04:37 +01:00
Nasreddine Bencherchali 28a3413aa7 feat: updates and enhancements 2023-01-11 01:03:52 +01:00
frack113 4023bf2c83 Remove mitre url 2023-01-10 18:09:04 +01:00
Nasreddine Bencherchali 81f75c1d2e feat: updates and enhancements 2023-01-10 00:13:37 +01:00