security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
12,805 Commits 1 Branch 57 Tags
914aa4ee3153185b400e72d0107ce2c5ffbd307c
Commit Graph

659 Commits

Author SHA1 Message Date
Wagga 4573ab0a21 Fix a lot of typos in rules text and comments #Part 3 (#3446) 2022-08-30 08:21:25 +02:00
frack113 823cf26633 Merge pull request #3356 from Zandmann/patch-3 
Create BPF_Door_port_redirect.yml
 2022-08-13 10:34:38 +02:00
Zandmann 1339317b16 Update lnx_auditd_bpfdoor_port_redirect.yml 2022-08-12 21:41:35 +02:00
Zandmann 5bc4b2de27 Update lnx_auditd_bpfdoor_file_accessed.yml 2022-08-12 21:39:11 +02:00
Zandmann 1d6199494d Update lnx_auditd_bpfdoor_port_redirect.yml 2022-08-11 19:51:48 +02:00
Zandmann a3dcc61eac Rename lnx_auditd_BPF_Door_port_redirect.yml to lnx_auditd_bpfdoor_port_redirect.yml 2022-08-11 19:34:43 +02:00
Zandmann 28ee157216 Rename lnx_auditd_BPFDoor_file_accessed.yml to lnx_auditd_bpfdoor_file_accessed.yml 2022-08-11 19:32:17 +02:00
Zandmann 35d69a5a4b Update and rename BPF_Door_port_redirect.yml to lnx_auditd_BPF_Door_port_redirect.yml 2022-08-11 19:04:17 +02:00
Zandmann f001d35c8b Update and rename BPFDoor_abnormal_process_id_or_lock_file_accessed.yml to lnx_auditd_BPFDoor_file_accessed.yml 2022-08-11 18:59:58 +02:00
Zandmann 327a2b7e7b Create BPF_Door_port_redirect.yml 
BPFDoor ports redirect for evasion
 2022-08-10 19:14:14 +02:00
Zandmann a1b9065a19 Create BPFDoor_abnormal_process_id_or_lock_file_accessed.yml 
detection for BPFDoor IoC files run from temporary file storage
 2022-08-10 19:12:35 +02:00
Florian Roth 8041ab5130 Merge pull request #3325 from nasbench/nasbench-rule-devel 
Update+New Rules
 2022-08-05 23:42:09 +02:00
Florian Roth d5f7de1314 Merge pull request #3324 from SigmaHQ/rule-devel 
Suspicious IIS Registration, Plink refactoring, remove Github compromise rules
 2022-08-05 09:39:41 +02:00
Florian Roth 664ec8b43e refactor: remove rules for false alarm 
https://twitter.com/cyb3rops/status/1555242921850544131
 2022-08-04 20:05:16 +02:00
Nasreddine Bencherchali d6a2c13738 Update rules (desc, selection, logic) 2022-08-04 18:08:08 +01:00
Florian Roth 3c67479ce2 Merge pull request #3318 from SigmaHQ/rule-devel 
rule: myjino github repo compromise
 2022-08-03 08:42:17 +02:00
Florian Roth 72dbfffc0f rule: myjino github repo compromise 2022-08-03 08:34:28 +02:00
Nasreddine Bencherchali be25ff87e2 Update proc_creation_lnx_webshell_detection.yml 2022-08-01 23:40:34 +01:00
Nasreddine Bencherchali f45eba2002 Update proc_creation_lnx_webshell_detection.yml 2022-08-01 23:28:49 +01:00
Paul Hager ecf12bf6af new rules: lnx susp shell exec 2022-07-26 16:40:12 +02:00
Nasreddine Bencherchali a0a318edfc Update proc_creation_lnx_cve_2022_33891_spark_shell_command_injection.yml 2022-07-21 15:17:48 +01:00
Nasreddine Bencherchali a46b20b78c Update proc_creation_lnx_cve_2022_33891_spark_shell_command_injection.yml 2022-07-21 14:42:54 +01:00
Nasreddine Bencherchali a8b283ba5f Update 2022-07-20 13:40:24 +01:00
Nasreddine Bencherchali 1392ca1ec5 Fix review 2022-07-11 20:27:42 +01:00
Nasreddine Bencherchali cee1206b18 Update proc_creation_lnx_system_network_discovery.yml 2022-07-11 18:18:38 +01:00
Nasreddine Bencherchali 62574e9b0c Update Ref+Selection 3 2022-07-11 18:12:51 +01:00
Nasreddine Bencherchali 238e0ecd7d Update Ref+Selection 2022-07-11 14:11:53 +01:00
Nasreddine Bencherchali aec95b6d65 Update selections and indentation 2022-07-07 20:13:45 +01:00
Nasreddine Bencherchali d03f6df250 Reference Update [Batch 1] 2022-07-07 15:24:15 +01:00
Nasreddine Bencherchali 6cd83a232d Update file_create_lnx_persistence_sudoers_files.yml 2022-07-05 19:43:58 +01:00
Nasreddine Bencherchali d89b20d06e Switch links to permalinks 2022-07-05 19:43:07 +01:00
Nasreddine Bencherchali 83387d2ca9 Update and Fix 2022-07-05 19:28:28 +01:00
Nasreddine Bencherchali 9024f223e7 Update file_create_lnx_triple_cross_rootkit_persistence.yml 2022-07-05 16:06:49 +01:00
Nasreddine Bencherchali 498cc55a86 Triple Cross Rules 2022-07-05 15:58:22 +01:00
securepeacock ecdd32c462 Update lnx_auditd_hidden_files_directories.yml 
Fixing typo.
 2022-06-29 13:24:24 -04:00
Florian Roth 926d72f7c2 fix: missing upper tick 2022-06-22 07:07:38 +02:00
Florian Roth e04003577f Update proc_creation_lnx_susp_history_recon.yml 2022-06-22 07:05:03 +02:00
Florian Roth fe72dbf62f Update proc_creation_lnx_susp_history_delete.yml 2022-06-22 07:04:30 +02:00
Florian Roth 8096f06c18 fix: condition 2022-06-21 17:55:49 +02:00
Florian Roth ffbe19404e fix: two rules 2022-06-21 17:45:50 +02:00
Florian Roth 3f189e52c1 fix: typo in status 2022-06-21 17:21:44 +02:00
Florian Roth d2e86f9001 rule: Linux cmdline rules 2022-06-21 08:26:23 +02:00
Florian Roth f728893364 refactor: rule level adjustments - critical to high 2022-06-18 17:43:22 +02:00
Nasreddine Bencherchali 143d70a959 Renamed CVE rule 5 2022-06-14 22:06:07 +01:00
Nasreddine Bencherchali 5bf7b49671 Renamed More Rules 2022-06-14 19:28:27 +01:00
Florian Roth 21c363cec9 Merge pull request #3102 from securepeacock/patch-25 
Create proc_creation_lnx_nohup.yml
 2022-06-07 10:47:34 +02:00
Florian Roth cc67d69360 Merge pull request #3100 from hazedav/dd-endswith 
fix(rule): lnx_dd_file_overwrite /bin symlinks
 2022-06-07 10:45:56 +02:00
Florian Roth 9d4822b400 Update proc_creation_lnx_nohup.yml 2022-06-07 10:35:08 +02:00
securepeacock e7b47c9069 Create proc_creation_lnx_nohup.yml 2022-06-06 23:22:50 -04:00
David Hazekamp bc26970596 fix(rule): lnx_dd_file_overwrite /bin symlinks 
This rule is subject to false negatives for *nix distros which
alias /bin to /usr/bin.  By using endswith we can catch dd usage
for either /bin or /usr/bin.
 2022-06-06 09:27:27 -05:00