blue-team-tools

Author	SHA1	Message	Date
$frack113$ frack113	89d2d00a5b	Redcannary	2022-12-11 16:46:32 +01:00
$frack113$ frack113	646d861471	Redcannary	2022-12-11 10:57:28 +01:00
Veramine	9662897442	Update proc_creation_win_susp_conhost_option.yml (#3763 )	2022-12-09 21:13:58 +01:00
$frack113$ frack113	e1224b7fce	Merge pull request #3770 from qasimqlf/patch-16 fix: condition	2022-12-09 19:45:03 +01:00
Nasreddine Bencherchali	bacd8078c5	feat: update detection section	2022-12-09 19:18:09 +01:00
Nasreddine Bencherchali	ac706c5f56	Merge pull request #3771 from SigmaHQ/aurora-false-positive-fixing fix: FPs with Important Scheduled Task Deleted	2022-12-09 13:39:16 +01:00
Florian Roth	356ab98ada	fix: FPs with Important Scheduled Task Deleted	2022-12-09 12:55:41 +01:00
Qasim Qlf	fb8e0894b0	fix: condition	2022-12-09 13:42:49 +05:00
Florian Roth	4013ee645e	Merge pull request #3767 from qasimqlf/patch-14 Added more FPs	2022-12-09 09:07:17 +01:00
Florian Roth	9afbf6d530	Merge pull request #3769 from qasimqlf/patch-15 Fix the filter	2022-12-09 09:07:04 +01:00
Florian Roth	30ca3019e4	Merge pull request #3761 from nasbench/nasbench-rule-devel feat: new rules and general updates	2022-12-09 09:06:36 +01:00
Thomas Patzke	51d4239345	Merge pull request #3768 from SigmaHQ/dependabot/pip/certifi-2022.12.7 chore(deps): bump certifi from 2021.5.30 to 2022.12.7	2022-12-09 07:46:28 +01:00
Qasim Qlf	868be248dd	Fix the filter	2022-12-09 11:27:28 +05:00
dependabot[bot]	ab18539fce	chore(deps): bump certifi from 2021.5.30 to 2022.12.7 Bumps [certifi](https://github.com/certifi/python-certifi) from 2021.5.30 to 2022.12.7. - [Release notes](https://github.com/certifi/python-certifi/releases) - [Commits](https://github.com/certifi/python-certifi/compare/2021.05.30...2022.12.07) --- updated-dependencies: - dependency-name: certifi dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2022-12-09 05:18:26 +00:00
BlueTeamOps	47b5272fcd	Create azure_ad_azurehound_discovery.yml (#3762 ) Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>	2022-12-08 20:21:02 +01:00
Nasreddine Bencherchali	fa318243c2	Merge branch 'SigmaHQ:master' into nasbench-rule-devel	2022-12-08 19:22:11 +01:00
Florian Roth	e78cb13cfd	Merge pull request #3764 from pbssubhash/master Detection for LSASS Shtinkering	2022-12-08 17:36:18 +01:00
Florian Roth	63d3533a4a	Merge pull request #3766 from nasbench/enhance-single-item-list-test feat: enhance single item lists test	2022-12-08 17:35:19 +01:00
Florian Roth	ece1d01038	fix: syntax error, additional comma	2022-12-08 17:34:56 +01:00
Qasim Qlf	c18f634c02	Added more FPs	2022-12-08 21:08:01 +05:00
Nasreddine Bencherchali	80ef3b70dc	fix: broken single item lists	2022-12-08 16:23:58 +01:00
Nasreddine Bencherchali	c560baf673	feat: enhance test	2022-12-08 16:23:48 +01:00
Nasreddine Bencherchali	5337eaa48f	Merge pull request #3765 from nasbench/enhance-unused-selection-test feat: enhance unused selection test	2022-12-08 14:17:44 +01:00
Nasreddine Bencherchali	18c3c8528d	fix: remove tamper protection value	2022-12-08 12:13:14 +01:00
Nasreddine Bencherchali	0567ca8ca3	fix: fix unused selection	2022-12-08 11:57:40 +01:00
Nasreddine Bencherchali	2506d29bc9	feat: add more checks for the test	2022-12-08 11:57:26 +01:00
Nasreddine Bencherchali	bfcdcf2b9c	fix: remove fp filter	2022-12-08 11:44:59 +01:00
Nasreddine Bencherchali	edc99c92a2	fix: enhance rules related to Lsass-Shtinkering	2022-12-08 11:02:56 +01:00
pbssubhash	bea46b2b9e	Update to modify FP and UUID	2022-12-08 12:13:25 +05:30
pbssubhash	4bb1df9f6e	Update to remove FP	2022-12-08 12:03:02 +05:30
pbssubhash	9ea5fac51c	Update proc_creation_lsass_shtinkering.yml	2022-12-08 11:56:40 +05:30
pbssubhash	d393b57c36	Detection for LSASS Shtinkering	2022-12-08 11:49:53 +05:30
Nasreddine Bencherchali	f12975bc6b	fix: update description Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2022-12-07 22:34:56 +01:00
Nasreddine Bencherchali	b1a657b7de	fix: add spaces to avoid fp with other keys	2022-12-07 22:27:27 +01:00
Nasreddine Bencherchali	8482d33708	fix: add rule to fp filter	2022-12-07 22:27:14 +01:00
Nasreddine Bencherchali	9a5a0fed20	feat: update test to include more cases	2022-12-07 22:21:05 +01:00
Nasreddine Bencherchali	b59566ad0f	fix: fix FP found in testing	2022-12-07 11:52:38 +01:00
Nasreddine Bencherchali	1d749cee54	fix: duplicate id	2022-12-07 02:44:31 +01:00
Nasreddine Bencherchali	899b1606f8	fix: duplicate id	2022-12-07 02:38:19 +01:00
Nasreddine Bencherchali	a425ef65e5	feat: update metadata and add more cases for rules	2022-12-07 02:26:21 +01:00
Nasreddine Bencherchali	a7bfb349ee	fix: fix fp found in testing	2022-12-07 02:25:52 +01:00
Nasreddine Bencherchali	0d3cb52266	feat: enhance typos test	2022-12-07 01:04:25 +01:00
Nasreddine Bencherchali	850d4fcd50	feat: update windefend rules	2022-12-07 00:20:56 +01:00
Nasreddine Bencherchali	1091b83d59	Merge branch 'SigmaHQ:master' into nasbench-rule-devel	2022-12-07 00:15:14 +01:00
BlueTeamOps	8fa8a73551	Updated proc_creation_win_iis_service_account_password_dumped.yml (#3682 ) Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>	2022-12-06 13:10:58 +01:00
Nasreddine Bencherchali	42b99b165d	feat: new rules and fixes (#3759 ) Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2022-12-06 12:13:20 +01:00
$frack113$ frack113	4b82b00ae9	Sysmoneop CMd shell (#3760 ) Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>	2022-12-06 12:12:43 +01:00
Nasreddine Bencherchali	1c5e4371e7	fix: add missing modified date	2022-12-06 10:56:06 +01:00
Nasreddine Bencherchali	9657446647	fix: apply suggestions from code review Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com> Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>	2022-12-06 10:53:57 +01:00
Nasreddine Bencherchali	f673ac9235	feat: add parent selection	2022-12-06 01:41:18 +01:00

1 2 3 4 5 ...

13746 Commits