blue-team-tools

Author	SHA1	Message	Date
$frack113$ frack113	8de7cc28ee	Merge pull request #2086 from frack113/sigmacover contrib Sigmacover	2021-09-27 08:34:45 +02:00
$frack113$ frack113	6bce0f967a	Merge pull request #2079 from zakibro/master New Rule - Linux - Auditd - Clipboard Collection	2021-09-27 08:34:30 +02:00
$frack113$ frack113	74c2d39d53	Merge pull request #2081 from austinsonger/ecs-ms365_defender.yml ecs-ms365_defender.yml	2021-09-27 08:03:36 +02:00
zakibro	6a2785492d	Update lnx_auditd_clipboard_collection.yml Changes after suggestion.	2021-09-27 07:59:43 +02:00
$frack113$ frack113	8f99625a25	Fix ubuntu 20	2021-09-26 18:28:07 +02:00
$frack113$ frack113	776cccce30	Fix windows10	2021-09-26 17:07:58 +02:00
$frack113$ frack113	964f51d5ce	Merge pull request #2083 from frack113/debug_file Add more debug info to sigmac	2021-09-26 12:40:39 +02:00
$frack113$ frack113	5e5af2918b	Add sigmacover.py	2021-09-26 11:24:25 +02:00
Florian Roth	f196e3174d	refactor: moved last global rule to unsupported	2021-09-26 10:54:11 +02:00
Florian Roth	756656b2ec	Merge pull request #2082 from SigmaHQ/rule-devel refactor: removed all old Joomla rules, new generic rule	2021-09-26 10:47:47 +02:00
$frack113$ frack113	d08d3712be	Add more debug info	2021-09-25 19:33:30 +02:00
Florian Roth	93bff7f49d	docs: new ID	2021-09-25 11:37:39 +02:00
Florian Roth	31ef53738d	refactor: removed old Joomla rules, made generic path traversal	2021-09-25 11:37:02 +02:00
$frack113$ frack113	0109a5f013	Merge pull request #2080 from austinsonger/ecs-azure-ad_signinlogs.yml ecs-azure-ad_signinlogs.yml	2021-09-25 07:56:50 +02:00
$frack113$ frack113	7dc574bc01	Merge pull request #2078 from kidrek/win_process_dump_rdrleakdiag add new rule win_process_dump_rdrleakdiag	2021-09-25 07:55:52 +02:00
$frack113$ frack113	8fe222a92c	Merge pull request #2077 from frack113/remove_re Convert re to endswith	2021-09-25 07:55:22 +02:00
$frack113$ frack113	278fb0a2de	Merge pull request #2076 from BlackB0lt/patch-20 Create web_cve_2021_22005_vmware_file_upload	2021-09-25 07:54:45 +02:00
Sittikorn S	7c8df0eb55	Update web_cve_2021_22005_vmware_file_upload.yml	2021-09-25 08:05:00 +07:00
Austin Songer	00f4773eeb	Create ecs-ms365_defender.yml	2021-09-24 20:02:39 -05:00
Austin Songer	696f343ac3	Delete ecs-ms365_defender.yml	2021-09-24 20:02:04 -05:00
Austin Songer	176b9662fc	Update ecs-ms365_defender.yml	2021-09-24 20:01:00 -05:00
Austin Songer	dd2f3e50db	Create ecs-ms365_defender.yml	2021-09-24 19:53:21 -05:00
Austin Songer	527975c02f	Update ecs-azure-ad_signinlogs.yml	2021-09-24 19:33:01 -05:00
Austin Songer	9ca1ea993d	Create ecs-azure-ad_signinlogs.yml	2021-09-24 19:29:40 -05:00
Austin Songer	5227f31331	Merge branch 'SigmaHQ:master' into master	2021-09-24 19:28:40 -05:00
kidrek	267da51745	The issues have been fixed	2021-09-24 22:18:00 +02:00
Pawel Mazur	4bbe4962b0	New Rule - Linux - Auditd - Clipboard Collection	2021-09-24 18:40:10 +02:00
kidrek	ecd4719a20	add new rule win_process_dump_rdrleakdiag	2021-09-24 18:22:06 +02:00
Sittikorn S	dea89ad324	Update and rename web_cve_2021_22005_vmware_file_upload to web_cve_2021_22005_vmware_file_upload.yml	2021-09-24 21:35:04 +07:00
Sittikorn S	f903640b73	Update web_cve_2021_22005_vmware_file_upload	2021-09-24 21:29:43 +07:00
Sittikorn S	16452ca80e	Create web_cve_2021_22005_vmware_file_upload	2021-09-24 21:21:09 +07:00
$frack113$ frack113	ef75695647	convert re to endswith	2021-09-24 15:39:56 +02:00
$frack113$ frack113	a7b237e6f3	Merge pull request #2075 from stevengoossensB/master Rename auditbeat.yml	2021-09-24 09:43:46 +02:00
Steven Goossens	02ba717c97	Merge branch 'SigmaHQ:master' into master	2021-09-24 09:01:26 +02:00
Steven	9cb826b0d1	Rename auditbeat.yml to ecs-auditbeat-modules-enabled.yml	2021-09-24 09:00:26 +02:00
$frack113$ frack113	93493d1c93	Merge pull request #2073 from stevengoossensB/master Auditbeat configuration - mainly auditd	2021-09-23 19:36:55 +02:00
Steven	73f3ed6e34	Merge branch 'master' of https://github.com/stevengoossensB/sigma	2021-09-23 18:57:09 +02:00
Steven	bf1a8c2415	Fix yamllint	2021-09-23 18:56:29 +02:00
Steven Goossens	10aff6a3cb	Merge branch 'SigmaHQ:master' into master	2021-09-23 18:05:10 +02:00
Austin Songer	b9123422b8	Delete aws_attached_malicious_lambda_layer.yml	2021-09-23 08:37:34 -05:00
Austin Songer	9e9fd4c23d	Create aws_attached_malicious_lambda_layer.yml	2021-09-23 08:37:20 -05:00
$frack113$ frack113	6fa0610ced	Merge pull request #2071 from frack113/fix_name Fix filename	2021-09-23 15:26:27 +02:00
Steven	35a710eec6	Added configuration for auditbeat, mapping to Elastic ECS	2021-09-23 14:59:51 +02:00
$frack113$ frack113	aa96f21d0f	fix filename	2021-09-23 14:52:56 +02:00
$frack113$ frack113	934e391159	fix filename	2021-09-23 14:51:59 +02:00
$frack113$ frack113	44feb3ddf6	fix filename	2021-09-23 14:46:13 +02:00
$frack113$ frack113	89776b8c14	fix filename	2021-09-23 14:44:51 +02:00
$frack113$ frack113	8b5f62bdb7	fix filename	2021-09-23 14:41:16 +02:00
$frack113$ frack113	c029e62c64	fix filename	2021-09-23 14:37:34 +02:00
Florian Roth	bb2e6acd40	Merge pull request #1926 from pbssubhash/master Adding CVE's Exploitation attempt detection: Year - 2010	2021-09-23 14:08:15 +02:00

1 2 3 4 5 ...

8213 Commits