security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
13,086 Commits 1 Branch 57 Tags
8d9c11b26ef6bb370cc0a262cc579dfd2945fdb2
Commit Graph

281 Commits

Author SHA1 Message Date
frack113 cf7a348028 Fix related 2022-10-09 17:28:05 +02:00
frack113 931fb30853 old experimental rule promotion 2022-10-09 16:54:04 +02:00
Florian Roth e2a172e257 Merge pull request #3569 from SigmaHQ/aurora-false-positive-fixing 
Aurora false positive fixing
 2022-10-07 22:52:24 +02:00
Florian Roth ee47f14dbe fix: more changes 2022-10-07 22:36:21 +02:00
Florian Roth c76b488941 fix: FPs during os upgrade 2022-10-07 22:31:13 +02:00
Florian Roth 4a298c56ce fix: FPs during Windows upgrade 2022-10-07 22:13:47 +02:00
Nasreddine Bencherchali adae180bc2 Update image_load_uipromptforcreds_dlls.yml 2022-10-07 16:49:02 +02:00
Nasreddine Bencherchali cdd9aff032 Fix FP 2022-09-29 11:20:08 +02:00
Nasreddine Bencherchali e3b3265240 Update image_load_side_load_from_non_system_location.yml 2022-09-28 10:48:30 +02:00
Florian Roth e6d7ba8224 Merge branch 'master' into aurora-false-positive-fixing 2022-09-27 00:20:07 +02:00
Florian Roth 0503e2b8f7 fix: FPs on Azure 2022-09-27 00:17:53 +02:00
phantinuss b7f20b884c fix: FPs from new evtx-baseline 2022-09-21 13:51:19 +02:00
Nasreddine Bencherchali 4a74129048 Fix after review 2022-09-21 13:12:21 +02:00
Nasreddine Bencherchali 59530f49d4 Fix more FP in testing 2022-09-21 11:53:39 +02:00
Nasreddine Bencherchali 2f7a54cc31 Fix FP 2022-09-20 11:20:33 +02:00
Florian Roth 968f0ae11f Merge pull request #3508 from SigmaHQ/aurora-false-positive-fixing 
fix: FPs noticed with Aurora
 2022-09-18 13:24:07 +02:00
Florian Roth 1c4a73f123 fix: FP with PS ISE 2022-09-18 12:56:52 +02:00
phantinuss 68a80844ea fix: new FPs in testing environment 2022-09-16 16:40:40 +02:00
Florian Roth 72aa55f1c7 Merge branch 'master' into aurora-false-positive-fixing 2022-09-13 08:07:26 +02:00
Florian Roth a5fe285776 fix: too many FPs during Windows update - User empty 2022-09-11 16:28:04 +02:00
Florian Roth e7084eee04 Merge pull request #3487 from SigmaHQ/aurora-false-positive-fixing 
fix: fixing multiple FPs with the use of VSCode
 2022-09-10 12:07:01 +02:00
Florian Roth 7dbdd4d1c6 fix: fixing multiple FPs with the use of VSCode 2022-09-10 11:42:44 +02:00
Florian Roth 1641f4590a fix: duplicate UUIDs 2022-09-07 17:12:12 +02:00
Florian Roth b293a7a181 refactor: SysmonEnte, SharpEvtMute, SysmonQuiet 2022-09-07 16:01:05 +02:00
Florian Roth cab6ccc18a Merge branch 'master' into aurora-false-positive-fixing 2022-09-05 16:57:10 +02:00
David André 8a595cd3fd Merge branch 'SigmaHQ:master' into add_quotes_to_strings 2022-09-04 10:10:14 +02:00
Florian Roth c7eddebe40 fix: Msiexec FPs noticed with Aurora 2022-09-03 09:30:24 +02:00
Nasreddine Bencherchali 1adbd8f0b3 Fix after review 2022-09-02 17:44:53 +02:00
Nasreddine Bencherchali 116a72c206 Fix FP 2022-09-02 13:31:49 +02:00
David ANDRE 0b0190ccb1 Added quotes to strings 2022-09-01 15:22:26 +02:00
Nasreddine Bencherchali 80098113d0 Update image_load_susp_cmstp.yml 2022-08-31 09:53:07 +02:00
Nasreddine Bencherchali ea183cae13 Updates+New Rules 2022-08-31 09:39:16 +02:00
Wagga 6494e185cf Update image_load_vmware_xfer_load_dll_from_nondefault_path.yml 2022-08-29 18:46:34 +02:00
Wagga dc9f4fbb49 Update image_load_defender_load_dll_from_nondefault_path.yml 2022-08-29 07:28:07 +02:00
Nasreddine Bencherchali 781c69e04c Fix FP 2022-08-24 01:17:53 +01:00
Nasreddine Bencherchali 88295a305c Rule Dev 2022-08-24 01:05:40 +01:00
Nasreddine Bencherchali ed907f36d1 Update ID 2022-08-18 18:57:14 +01:00
Nasreddine Bencherchali 0e40cee045 Update rules 2022-08-18 18:22:28 +01:00
Nasreddine Bencherchali af765e6055 Update image_load_side_load_third_party_location.yml 2022-08-17 20:33:44 +01:00
Nasreddine Bencherchali 52f26a14a2 Rule Update 2022-08-17 20:27:55 +01:00
phantinuss bc2188c72b Merge pull request #3375 from nasbench/nasbench-rule-devel 
Rule Dev [New Rules+Updates]
 2022-08-16 16:46:27 +02:00
Nasreddine Bencherchali a0f8e508b5 Update image_load_side_load_from_non_system_location.yml 2022-08-15 12:49:46 +01:00
Nasreddine Bencherchali 1bb24879fe Update image_load_side_load_from_non_system_location.yml 2022-08-15 00:42:46 +01:00
Nasreddine Bencherchali 2879329818 Update image_load_side_load_from_non_system_location.yml 2022-08-15 00:34:58 +01:00
Nasreddine Bencherchali 8869bc6cff New rules 2022-08-15 00:22:16 +01:00
Nasreddine Bencherchali 6798d69d00 Update 2022-08-15 00:22:08 +01:00
frack113 3426dfb6e9 Update backslash 2022-08-13 09:59:31 +02:00
phantinuss 342ec1c9cc fix: FP with wrongly matching folders 2022-08-10 11:23:42 +02:00
phantinuss 7ff91656ed fix: remove duplicate filter 2022-08-09 10:56:58 +02:00
phantinuss a90ba27a1c fix: do not use wildcard, where not needed 2022-08-09 10:55:05 +02:00