security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
14,589 Commits 1 Branch 57 Tags
87879f69cfdfa1e759c69cda797c8dfd4c8bb2dd
Commit Graph

104 Commits

Author SHA1 Message Date
frack113 5087b95155 Merge remote-tracking branch 'upstream/master' into pormotion_status 2023-01-27 11:29:27 +01:00
frack113 1033b3f404 change status to test 2023-01-27 06:48:34 +01:00
Nasreddine Bencherchali 58912f5eda Merge branch 'nasbench-rule-devel' of https://github.com/nasbench/sigma into nasbench-rule-devel 2023-01-26 23:01:51 +01:00
Nasreddine Bencherchali c538550b03 feat: updates and fixes 2023-01-26 22:42:56 +01:00
frack113 cb67871bd2 Revert "Change status of old rules" 2023-01-26 19:37:18 +01:00
frack113 5323fd4baa Change status of old rules 2023-01-25 18:41:18 +01:00
Nasreddine Bencherchali 2a53a0b8c8 fix: fp in system file names 2023-01-24 16:59:39 +01:00
Nasreddine Bencherchali 9a03e4e13d fix: fp found in testing 2023-01-24 16:51:37 +01:00
Nasreddine Bencherchali 1c2b6f40a6 feat: updates and new rules 2023-01-22 23:31:02 +01:00
Nasreddine Bencherchali dfdc232f55 fix: optimize "Invoke-Sharp" coverage 2023-01-21 12:28:08 +01:00
Nasreddine Bencherchali 928e77881f feat: new rule related to psexec key file 2023-01-21 11:48:40 +01:00
Nasreddine Bencherchali ea536c33b3 feat: update and merge some pwsh rules 2023-01-20 17:07:23 +01:00
Nasreddine Bencherchali ef0c3d35c4 fix: filter fp found in testing 2023-01-20 11:39:08 +01:00
Nasreddine Bencherchali 02e4a5112d fix: fp found in testing 2023-01-18 18:41:07 +01:00
Nasreddine Bencherchali 459ba25cce Merge branch 'nasbench-rule-devel' of https://github.com/nasbench/sigma into nasbench-rule-devel 2023-01-17 01:01:38 +01:00
Nasreddine Bencherchali 85fb255bc9 feat: new rules and updates 2023-01-17 01:00:44 +01:00
frack113 c3f285d945 Add redcannary rules 2023-01-15 12:01:11 +01:00
Nasreddine Bencherchali a3fa8e8a90 Merge pull request #3914 from redsand/fp_citrix_receiver 
FP: citrix receiver storefront
 2023-01-12 17:25:08 +01:00
Tim Shelton ae51f1c472 FP: citrix receiver storefront 2023-01-12 16:09:36 +00:00
Nasreddine Bencherchali 81f75c1d2e feat: updates and enhancements 2023-01-10 00:13:37 +01:00
Nasreddine Bencherchali 18a77e79e3 fix: multiple issues 2023-01-06 18:04:04 +01:00
Nasreddine Bencherchali 2e85903a59 fix: broken condition 2023-01-06 17:41:30 +01:00
Nasreddine Bencherchali df2c86f941 fix: separate selection and add missing modified 2023-01-06 17:41:01 +01:00
Nasreddine Bencherchali 7e73028c5e feat: updates and enhancements 2023-01-06 16:35:34 +01:00
Nasreddine Bencherchali 711ba956e3 feat: updates and enhancements 2023-01-04 17:49:32 +01:00
Nasreddine Bencherchali 9f2b1e081b Merge pull request #3853 from D3F7A5105/master 
Rules for detecting changes in the storage paths of evtx logs
 2023-01-02 15:55:35 +01:00
Nasreddine Bencherchali 6819d264cc fix: update evtx tamper rules 2023-01-02 15:25:19 +01:00
Nasreddine Bencherchali 3749416a30 Merge branch 'SigmaHQ:master' into nasbench-rule-devel 2023-01-02 14:50:27 +01:00
Nasreddine Bencherchali a99b5082e1 feat: updates and enhancements 2023-01-02 14:49:45 +01:00
vadim 440706e971 Rules for detecting changes in the storage paths of evtx logs 2023-01-02 13:21:33 +03:00
frack113 e09850f968 fix field name 2023-01-02 11:06:57 +01:00
frack113 0e8d1f9b0d Check field name 2023-01-02 10:59:51 +01:00
frack113 aee5ca7afc Fix invalid field cast or name (#3841) 2022-12-30 11:46:21 +01:00
Nasreddine Bencherchali a25027fef8 fix: rename links from old repo to SigmaHQ 2022-12-27 21:05:16 +01:00
frack113 7060db3d47 Promotion rules (#3821) 
* Promotion rules

* fix missing null

* fix: modified date

Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-27 12:29:10 +01:00
Nasreddine Bencherchali 68f1ce8b9e Merge branch 'SigmaHQ:master' into nasbench-rule-devel 2022-12-20 22:24:56 +01:00
Nasreddine Bencherchali 05bdb9af74 fix: rename files to fit logic 2022-12-19 19:28:23 +01:00
Nasreddine Bencherchali 9c308642c7 fix: apply suggestions from code review 
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2022-12-19 19:21:55 +01:00
Nasreddine Bencherchali c374413664 fix: change to permalink 2022-12-19 18:15:57 +01:00
Nasreddine Bencherchali 060174e2dd fix: small fixes 
- Added modified date
- Updated DLL sideload version
 2022-12-19 18:14:01 +01:00
pbssubhash 8a9f1ee273 Update file_event_win_wermgr_local_privilege_escalation.yml 2022-12-19 22:39:05 +05:30
pbssubhash ae974d8f15 Modifying existing rule instead of a new one 2022-12-19 22:35:36 +05:30
pbssubhash b763ddd7c7 Update file_event_win_dircreate2system_privesc.yml 2022-12-19 22:21:37 +05:30
pbssubhash 8d617d2587 Create file_event_win_dircreate2system_privesc.yml 2022-12-19 22:14:25 +05:30
Nasreddine Bencherchali ba3e985bed feat: multiple update and enhancements 2022-12-19 17:41:40 +01:00
frack113 646351808e Refractor (#3794) 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-18 21:00:14 +01:00
Nasreddine Bencherchali a606223568 fix: add missing filename to the logic 2022-12-16 19:47:13 +01:00
Nasreddine Bencherchali 3868dd91c6 feat: updates and enhancements 2022-12-16 16:52:12 +01:00
Nasreddine Bencherchali 26cd02cff4 fix: add modified date 2022-12-09 19:24:44 +01:00
Nasreddine Bencherchali 14d174e218 feat: update rules related to dll sideloading 2022-12-09 17:36:24 +01:00