blue-team-tools

Author	SHA1	Message	Date
unknown	528cdd199b	Update modified date	2022-02-24 14:38:35 -05:00
unknown	03048a1fdb	Fix criteria to contains bckupkey	2022-02-24 13:55:34 -05:00
$frack113$ frack113	ffe2dd2a00	fix Provider_Name	2022-02-24 06:54:22 +01:00
Florian Roth	6ce92b27be	refactor: more regex avoidance	2022-02-03 20:05:10 +01:00
Florian Roth	8c07a51ab9	fix: non-ascii character in description	2022-02-03 19:52:07 +01:00
Florian Roth	b715894497	refactor: avoid regex use	2022-02-03 19:48:19 +01:00
$frack113$ frack113	4631d0c482	remove invalid tag	2022-01-19 18:23:30 +01:00
Tom Maier	2cd464e77c	Adjusted modified field to current date	2022-01-17 14:18:33 +01:00
Tom Maier	82e7ce7799	Adjust case sensitivity of Provider_Name field	2022-01-17 10:36:09 +01:00
$frack113$ frack113	5890c1bb20	Fix logsource	2022-01-16 08:56:51 +01:00
$frack113$ frack113	f7e670d55e	Simple Quote	2022-01-11 13:40:53 +01:00
$frack113$ frack113	ac240b1487	Merge pull request #2527 from frack113/promote_366d Change status to test	2022-01-09 08:02:36 +01:00
Florian Roth	3cf4c9845c	Merge pull request #2530 from SigmaHQ/rule-devel docs: changed title of rules that were equal	2022-01-07 14:15:17 +01:00
Florian Roth	d31f5258eb	docs: changed title of rules that were equal	2022-01-07 13:07:35 +01:00
$frack113$ frack113	c6014b1205	Change status to test	2022-01-07 07:04:24 +01:00
$frack113$ frack113	73f258e2d1	Change double quote to quote	2022-01-06 14:02:35 +01:00
Florian Roth	e9702af82b	rule: sAMAccountName Spoofing CVE-2021-42287	2021-12-22 08:50:05 +01:00
Florian Roth	baa1dcd608	Merge pull request #2417 from stbe/imp_lsass_defender Added Defender to win_susp_lsass_dump_generic.yml	2021-12-10 00:00:22 +01:00
stbe	44db55c4fd	Refined definition of defender executable	2021-12-09 22:55:09 +01:00
$frack113$ frack113	e049058d14	Merge pull request #2415 from frack113/condition builtin/security simplified condition	2021-12-09 16:24:24 +01:00
stbe	20f185f2b8	Added Defender to win_susp_lsass_dump_generic.yml	2021-12-09 13:57:09 +01:00
Florian Roth	af2c6a0ecb	Lower the level to "low" In case that some backends/scripts/tools don't respect the "deprecated" status	2021-12-09 13:01:12 +01:00
$frack113$ frack113	62207b80ba	Change to deprecated as too many FP	2021-12-09 09:34:08 +01:00
$frack113$ frack113	3ce9336e79	simplified condition	2021-12-08 20:12:57 +01:00
Florian Roth	157fa31f1b	Merge pull request #2400 from redsand/fixing_errs_with_invoke_obfus Fixing errs with invoke obfus	2021-12-08 14:49:42 +01:00
stbe	7566207026	Corrected filter field name in win_pass_the_hash.yml	2021-12-08 14:03:13 +01:00
stbe	88b5e1bd9e	Corrected filter field name in win_pass_the_hash_2.yml	2021-12-08 13:49:18 +01:00
Tim Shelton	3bf8eb6aff	reverting modified date, batch 2	2021-12-07 17:55:52 +00:00
Tim Shelton	d79a0e029b	reverting modified date, batch 1	2021-12-07 17:53:50 +00:00
Tim Shelton	c9e08884f6	updating date	2021-12-07 16:27:01 +00:00
Tim Shelton	aa16afd09c	updating date	2021-12-07 16:26:38 +00:00
Tim Shelton	3fa1624b68	order matters... need to use most intensive match last	2021-12-07 16:11:42 +00:00
Tim Shelton	fddf423878	order matters... need to use most intensive match last	2021-12-07 16:10:33 +00:00
Tim Shelton	3873872381	order matters... need to use most intensive match last	2021-12-07 16:09:35 +00:00
Tim Shelton	8f20846524	order matters... need to use most intensive match last	2021-12-07 16:08:37 +00:00
Tim Shelton	f31b3865ae	order matters... need to use most intensive match last	2021-12-07 16:07:18 +00:00
Tim Shelton	8086c3446f	order matters... need to use most intensive match last	2021-12-07 16:04:21 +00:00
Tim Shelton	9122b3c881	order matters... need to use most intensive match last	2021-12-07 16:03:09 +00:00
Tim Shelton	3fcda9704e	order matters... need to use most intensive match last	2021-12-07 16:01:28 +00:00
Tim Shelton	31be528fa0	adding sql\query to name pipe list	2021-12-06 22:27:57 +00:00
$frack113$ frack113	e215f4606b	Order rules	2021-12-04 10:07:07 +01:00

41 Commits