security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
14,589 Commits 1 Branch 57 Tags
87879f69cfdfa1e759c69cda797c8dfd4c8bb2dd
Commit Graph

315 Commits

Author SHA1 Message Date
Qasim Qlf 4938f9b44c Rename registry_set_persistance_xll.yml to registry_set_persistence_xll.yml 
Updated persistance to persistence
 2023-01-30 14:33:49 +05:00
frack113 1948b1cb6d Merge pull request #3965 from frack113/pormotion_status 
change status to test
 2023-01-27 17:56:12 +01:00
frack113 dabf286c17 Merge pull request #3966 from frack113/PendingFileRenameOperations 
Add registry_set_susp_pendingfilerenameoperations
 2023-01-27 17:55:51 +01:00
frack113 7ea3db18f7 Fix test errors 2023-01-27 15:09:43 +01:00
Nasreddine Bencherchali 35dabc529c fix: update metadata 2023-01-27 13:55:19 +01:00
frack113 5087b95155 Merge remote-tracking branch 'upstream/master' into pormotion_status 2023-01-27 11:29:27 +01:00
frack113 0f9ce8de60 Update registry_set_susp_pendingfilerenameoperations.yml 2023-01-27 11:09:45 +01:00
frack113 40dffb5c92 Add registry_set_susp_pendingfilerenameoperations 2023-01-27 10:49:58 +01:00
frack113 1033b3f404 change status to test 2023-01-27 06:48:34 +01:00
Nasreddine Bencherchali 58912f5eda Merge branch 'nasbench-rule-devel' of https://github.com/nasbench/sigma into nasbench-rule-devel 2023-01-26 23:01:51 +01:00
Nasreddine Bencherchali c538550b03 feat: updates and fixes 2023-01-26 22:42:56 +01:00
frack113 cb67871bd2 Revert "Change status of old rules" 2023-01-26 19:37:18 +01:00
frack113 5323fd4baa Change status of old rules 2023-01-25 18:41:18 +01:00
Nasreddine Bencherchali ae0fe8393e fix: optimize pwsh reg logging tamper rule 2023-01-21 12:28:28 +01:00
Nasreddine Bencherchali 5710475311 feat: update pwsh reg logging tamper 2023-01-20 16:19:50 +01:00
Nasreddine Bencherchali 6d6721ba24 fix: reposition selection for readability 2023-01-20 09:46:24 +01:00
Nasreddine Bencherchali d9f37de1cf fix: fp found in testing 2023-01-19 18:47:11 +01:00
Nasreddine Bencherchali e213252c4c feat: logic update to multiple rules 2023-01-19 16:37:10 +01:00
Nasreddine Bencherchali 3a473b8313 fix: small metadata fixes 2023-01-18 23:30:40 +01:00
Nasreddine Bencherchali 02e4a5112d fix: fp found in testing 2023-01-18 18:41:07 +01:00
Nasreddine Bencherchali 679207b6c4 fix: update metadata 2023-01-16 11:15:45 +01:00
frack113 c3f285d945 Add redcannary rules 2023-01-15 12:01:11 +01:00
Nasreddine Bencherchali 8707345be7 fix: add related metadata 2023-01-13 17:21:21 +01:00
frack113 1b11e29fef Move rules 2023-01-13 12:15:08 +01:00
Nasreddine Bencherchali 90c1e45d83 feat: add new reg variant of dev mode 2023-01-12 15:05:53 +01:00
Nasreddine Bencherchali 0470f45246 fix: apply suggestions from code review 
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-01-12 10:36:13 +01:00
Nasreddine Bencherchali d0b2e2cbba fix: more fp and duplicate id 2023-01-11 23:47:12 +01:00
Nasreddine Bencherchali b6b1eba014 fix: fp and add related fields 2023-01-11 23:39:15 +01:00
Nasreddine Bencherchali debd658aac feat: new rules related to appx packages 2023-01-11 23:04:37 +01:00
Nasreddine Bencherchali 8dc2418ea9 fix: some issues 2023-01-11 11:18:54 +01:00
Nasreddine Bencherchali 28a3413aa7 feat: updates and enhancements 2023-01-11 01:03:52 +01:00
frack113 4023bf2c83 Remove mitre url 2023-01-10 18:09:04 +01:00
Nasreddine Bencherchali df2c86f941 fix: separate selection and add missing modified 2023-01-06 17:41:01 +01:00
Nasreddine Bencherchali e56d3763b5 fix: unused selection 2023-01-06 17:16:20 +01:00
Nasreddine Bencherchali 7e73028c5e feat: updates and enhancements 2023-01-06 16:35:34 +01:00
Nasreddine Bencherchali 711ba956e3 feat: updates and enhancements 2023-01-04 17:49:32 +01:00
Nasreddine Bencherchali 6819d264cc fix: update evtx tamper rules 2023-01-02 15:25:19 +01:00
vadim 440706e971 Rules for detecting changes in the storage paths of evtx logs 2023-01-02 13:21:33 +03:00
frack113 aee5ca7afc Fix invalid field cast or name (#3841) 2022-12-30 11:46:21 +01:00
frack113 7060db3d47 Promotion rules (#3821) 
* Promotion rules

* fix missing null

* fix: modified date

Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-27 12:29:10 +01:00
Nasreddine Bencherchali 03cc78e916 feat: filename test enhancements (#3812) 2022-12-23 09:25:16 +01:00
Nasreddine Bencherchali 4b6f5f143d feat: add more suspicious cases 
Co-authored-by: Florian Roth <venom14@gmail.com>
 2022-12-21 00:18:44 +01:00
Florian Roth 2580b84de3 fix: typo 2022-12-21 00:07:51 +01:00
Nasreddine Bencherchali beccf416da feat: add two new rules 2022-12-20 23:44:44 +01:00
Nasreddine Bencherchali ba3e985bed feat: multiple update and enhancements 2022-12-19 17:41:40 +01:00
Florian Roth c98e9ec3cc fix: list with one element issue 2022-12-14 13:23:28 +01:00
Florian Roth 232d7f840a fix: FPs noticed with Aurora 2022-12-14 13:05:58 +01:00
frack113 0328946e69 Merge pull request #3774 from frack113/redcanary_20221211 
Redcannary rules
 2022-12-12 13:30:20 +01:00
frack113 d797bf0eb1 Apply suggestions from code review 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-12 13:23:59 +01:00
frack113 89d2d00a5b Redcannary 2022-12-11 16:46:32 +01:00