security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
13,746 Commits 1 Branch 57 Tags
89d2d00a5b2ca20a217c1b29dd6bae625cdb6cfb
Commit Graph

1397 Commits

Author SHA1 Message Date
Florian Roth 356ab98ada fix: FPs with Important Scheduled Task Deleted 2022-12-09 12:55:41 +01:00
Nasreddine Bencherchali fa318243c2 Merge branch 'SigmaHQ:master' into nasbench-rule-devel 2022-12-08 19:22:11 +01:00
Nasreddine Bencherchali 80ef3b70dc fix: broken single item lists 2022-12-08 16:23:58 +01:00
Nasreddine Bencherchali 18c3c8528d fix: remove tamper protection value 2022-12-08 12:13:14 +01:00
Nasreddine Bencherchali 0567ca8ca3 fix: fix unused selection 2022-12-08 11:57:40 +01:00
Nasreddine Bencherchali f12975bc6b fix: update description 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2022-12-07 22:34:56 +01:00
Nasreddine Bencherchali b1a657b7de fix: add spaces to avoid fp with other keys 2022-12-07 22:27:27 +01:00
Nasreddine Bencherchali 9a5a0fed20 feat: update test to include more cases 2022-12-07 22:21:05 +01:00
Nasreddine Bencherchali 1d749cee54 fix: duplicate id 2022-12-07 02:44:31 +01:00
Nasreddine Bencherchali 899b1606f8 fix: duplicate id 2022-12-07 02:38:19 +01:00
Nasreddine Bencherchali a425ef65e5 feat: update metadata and add more cases for rules 2022-12-07 02:26:21 +01:00
Nasreddine Bencherchali a7bfb349ee fix: fix fp found in testing 2022-12-07 02:25:52 +01:00
Nasreddine Bencherchali 850d4fcd50 feat: update windefend rules 2022-12-07 00:20:56 +01:00
Nasreddine Bencherchali 42b99b165d feat: new rules and fixes (#3759) 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2022-12-06 12:13:20 +01:00
Florian Roth e493a41bc6 Merge pull request #3757 from SigmaHQ/aurora-false-positive-fixing 
fix: FPs noticed in Nextron testing CI
 2022-12-05 18:54:31 +01:00
Florian Roth 1796502b90 fix: FPs noticed in Nextron testing CI 2022-12-05 17:39:42 +01:00
frack113 54739006a9 Fix workflow warning 2022-12-04 15:29:08 +01:00
Nasreddine Bencherchali b6492e731b feat: general updates and fixes 2022-12-02 23:16:03 +01:00
frack113 a674ee246b Update Title (#3739) 2022-11-30 11:44:15 +01:00
Nasreddine Bencherchali 4b9075e557 feat: new rules related to service creation 
New service creation rules related to remote software tools
 2022-11-28 12:09:00 +01:00
frack113 c820216541 Update Title (#3733) 2022-11-28 06:43:17 +01:00
frack113 cd4121d966 Update Title (#3731) 
Co-authored-by: Florian Roth <venom14@gmail.com>
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-11-27 19:19:27 +01:00
Qasim Qlf ed54bf44a5 Minor Fix 2022-11-22 18:13:34 +05:00
Nasreddine Bencherchali 87b709a3e6 feat: add missing /r to cmd 2022-11-18 13:45:01 +01:00
Nasreddine Bencherchali 6603ca9202 fix: update rules to not use regex 2022-11-18 11:16:13 +01:00
Nasreddine Bencherchali 569d1d757a fix: remove non existent eid and fix #2744 2022-11-15 22:58:19 +01:00
Florian Roth 187cb6b47e Merge pull request #3694 from SigmaHQ/aurora-false-positive-fixing 
Aurora false positive fixing
 2022-11-15 09:35:45 +01:00
phantinuss 64d10f845a fix: FPs in testing environment 2022-11-14 08:54:47 +01:00
Florian Roth 0fb1295157 fix: FPs noticed with Aurora 2022-11-13 20:26:03 +01:00
Nasreddine Bencherchali 04b7b92b64 fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2022-11-11 10:03:24 +01:00
Nasreddine Bencherchali 0a51dcdf5c fix: rename rule to reflect new title 2022-11-10 18:24:36 +01:00
Nasreddine Bencherchali 1ab9e9640e fix: enhance description 2022-11-10 18:19:39 +01:00
Nasreddine Bencherchali f09ea65ec4 fix: update code integrity rules 2022-11-10 17:43:22 +01:00
Nasreddine Bencherchali 30869e1b2b fix: fp with defender def updates 2022-11-10 17:15:22 +01:00
Nasreddine Bencherchali cd871bbc04 fix: update rules with more cases 2022-11-10 17:04:52 +01:00
Florian Roth 928f07c366 Merge pull request #3683 from SigmaHQ/rule-devel 
rule: KDC RC4-HMAC downgrade CVE-2022-37966
 2022-11-09 10:19:04 +01:00
Yamato Security 5de1fd6f2d Rule add: windows access token abuse (#3675) 
Co-authored-by: Florian Roth <venom14@gmail.com>
 2022-11-09 09:43:15 +01:00
Florian Roth 0de60f2b9f revert: changes in krbrelay service rule 2022-11-09 09:33:37 +01:00
Florian Roth f7b91b0f05 rule: kerberos rc4 rule 2022-11-09 09:31:31 +01:00
Florian Roth 869b0962b3 rule: KDC RC4-HMAC downgrade CVE-2022-37966 2022-11-09 09:08:22 +01:00
Nasreddine Bencherchali fc8eeb7b1e Fix FP 2022-11-07 12:11:30 +01:00
Florian Roth 5e9083261a Merge pull request #3665 from nasbench/nasbench-rule-devel 
Rule Dev
 2022-11-01 18:57:31 +01:00
phantinuss 97d5255c2e fix: new FPs found in testing environment 2022-11-01 16:19:14 +01:00
Nasreddine Bencherchali 96b7303a31 New Rules 2022-10-31 20:59:33 +01:00
Nasreddine Bencherchali fb50c78531 Optimize selection 2022-10-31 20:57:48 +01:00
phantinuss 8c2b14a7ab Merge pull request #3661 from phantinuss/master 
FP fixes
 2022-10-31 11:44:39 +01:00
phantinuss 91af76417b fix: new code integrity offenders 2022-10-31 11:13:56 +01:00
Florian Roth 897580f294 Update win_codeintegrity_attempted_dll_load.yml 2022-10-29 09:52:36 +02:00
Florian Roth 07cf7ae5fa fix: FP with Code Integrity Attempted DLL Load 2022-10-28 16:28:49 +02:00
phantinuss f7319989e4 fix: new FP with Avast 2022-10-28 08:47:09 +02:00