security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,410 Commits 1 Branch 57 Tags
a0bad54dbda170d5369f54ccede5f11f999da4de
Commit Graph

2410 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Florian Roth 1fd4c26005 Merge pull request #569 from Neo23x0/devel 
rule: improved bloodhound rule
 2019-12-20 17:32:21 +01:00
Florian Roth 0fa5ba925e rule :improved bloodhound rule 2019-12-20 17:23:40 +01:00
Florian Roth cbebaf637f Merge pull request #568 from Neo23x0/devel 
Devel
 2019-12-20 16:22:29 +01:00
Florian Roth 0e82dce2a0 fix: fixed wrong condition 2019-12-20 16:11:39 +01:00
Florian Roth 0000257371 rule: improved bloodhound rule 2019-12-20 16:08:26 +01:00
Florian Roth 3a933c38f2 rule: changed level of BloodHound rule 2019-12-20 15:37:58 +01:00
Florian Roth 68efeb909d rule: false positive condition for BloodHound rule 2019-12-20 15:35:13 +01:00
Florian Roth 825b1edb0f Merge pull request #567 from Neo23x0/devel 
Devel
 2019-12-20 15:32:56 +01:00
Florian Roth 5f061c15d0 fix: fixed missing condition 2019-12-20 15:18:05 +01:00
Florian Roth bb466407ee rule: operation Wocao activity 2019-12-20 15:00:07 +01:00
Florian Roth 708c17e2bc rule: Bloodhound 2019-12-20 14:59:36 +01:00
Florian Roth ab038d1ac7 style: minor changes 2019-12-20 14:59:26 +01:00
christophetd e99b0fe2d7 Add sigma2attack 2019-12-19 00:00:13 +01:00
Florian Roth 0a26184286 Merge pull request #563 from Neo23x0/devel 
Devel
 2019-12-17 14:48:07 +01:00
Florian Roth c8b6b5c556 rule: updating csc.exe rule 2019-12-17 13:45:40 +01:00
Florian Roth 7a3041c593 rule: improved csc.exe rule 2019-12-17 11:05:43 +01:00
Florian Roth e8d92fab0c rule: ryuk ransomware 2019-12-16 20:33:12 +01:00
Florian Roth da06e5bc1c Merge pull request #562 from Neo23x0/devel 
Improved PowerShell Encoded Command Rule
 2019-12-16 19:31:15 +01:00
Florian Roth bbaa9df217 rule: better JAB rule 2019-12-16 19:08:51 +01:00
Florian Roth f83eb2268e rule: improved JAB expression 2019-12-16 19:04:05 +01:00
Florian Roth bd7c996588 rule: suspicious PS rule modified to cover newest malware campaigns 2019-12-16 19:02:57 +01:00
Florian Roth 7acfecbe66 Merge pull request #530 from bartblaze/master 
Add scriptlets
 2019-12-14 11:24:51 +01:00
Thomas Patzke d2a940a0a6 Merge branch 'devel' of https://github.com/Neo23x0/sigma 2019-12-13 22:01:40 +01:00
Thomas Patzke 5930c1c290 Updated changelog 2019-12-13 22:00:40 +01:00
Thomas Patzke ee4138c48e Merge pull request #526 from zouzias/hotfix_aggregate_count_distinct_groupby 
[feature] extend es-dsl to support nested aggregations
 2019-12-13 21:55:47 +01:00
Thomas Patzke a25b2ec361 Merge pull request #523 from refractionPOINT/lc-added-mtd 
LC added FP metadata
 2019-12-13 21:50:52 +01:00
Thomas Patzke 1369b3a2dc Merge pull request #537 from webhead404/webhead404-contrib-sigma 
Added sigma rule to detect external devices or USB drive
 2019-12-13 21:50:01 +01:00
Thomas Patzke 38b3ace461 Merge pull request #556 from Karneades/fixChangelog 
Add release date for each version in changelog
 2019-12-13 21:47:58 +01:00
Thomas Patzke 7a280ae092 Merge pull request #557 from robrankin/fix_dupe_rule_name 
Elastalert error, duplicate rule titles
 2019-12-13 21:46:58 +01:00
Florian Roth 1b42f2a0e2 Merge pull request #561 from Neo23x0/devel 
Devel
 2019-12-12 13:34:58 +01:00
Florian Roth 67dfd729fd rule: extended Proxy UA suspicious rule 2019-12-12 10:42:23 +01:00
Florian Roth 9c59e3cf13 Merge branch 'master' into devel 2019-12-12 09:40:02 +01:00
Florian Roth 065df363dc rule: added Empire UA 2019-12-12 09:39:28 +01:00
Florian Roth c25b902add Merge pull request #558 from vburov/patch-7 
Added svchost.exe as a parent image
 2019-12-10 20:17:22 +01:00
Florian Roth 611b72dba5 Merge pull request #559 from vburov/patch-8 
Added some suspicious locations
 2019-12-10 20:15:16 +01:00
Vasiliy Burov 977551c69d Added some suspicious locations 
Added 'C:\Windows\Tasks' and 'C:\Windows\System32\Tasks' as suspicious locations accordingly article: https://github.com/ThreatHuntingProject/ThreatHunting/blob/master/hunts/suspicious_process_creation_via_windows_event_logs.md
 2019-12-10 20:17:40 +03:00
Vasiliy Burov 0dd4324aba Added svchost.exe as a parent image 
Added svchost.exe as a parent image accordingly this article (https://www.carbonblack.com/2014/06/10/screenshot-demo-hunt-evil-faster-than-ever-with-carbon-black/) and my investigations.
 2019-12-10 19:31:12 +03:00
Karneades fd4536afb5 Resolve PR #556 merge conflict 2019-12-09 21:23:00 +01:00
Rob Rankin e251568760 Data Compressed duplciate titles 2019-12-09 16:24:10 +00:00
Rob Rankin b771dd3d3b Rule name conflicts in Elastalert output 2019-12-09 16:14:28 +00:00
Thomas Patzke b701e9be50 Added ECS proxy configuration 2019-12-09 16:34:07 +01:00
Karneades 1c05b858fd Add release date for each version in changelog 2019-12-09 16:18:58 +01:00
Thomas Patzke a9d6158dde Merge branch 'rules' 2019-12-09 16:17:39 +01:00
Thomas Patzke 2ea87f187c Added Ursnif proxy detections 2019-12-09 16:02:10 +01:00
Thomas Patzke 991108e64d Further proxy field name fixes (config + rules) 2019-12-07 00:23:30 +01:00
Thomas Patzke dd8442590f Fixed proxy rule field names 2019-12-07 00:11:33 +01:00
Thomas Patzke 51e9689425 Sigmatool release 0.15.0 0.15.0 2019-12-06 22:13:44 +01:00
Thomas Patzke 58d8512396 Merge pull request #553 from berggren/patch-1 
Add source distribution for PyPi when building
 2019-12-06 22:10:19 +01:00
Johan Berggren d8e1f56219 Add source distribution for PyPi when building 
Add sdist when building. This makes it easier to build packages from PyPi for example Debian PPA pkgs etc.
This will not affect anything else, just make the source distribution available in PyPi as a tar.gz archive.

If this gets merged, please bump the version and push to PyPi as well.
 2019-12-06 15:45:28 +01:00
Florian Roth e1244acf49 rule: fixed and extended bitsadmin rule 2019-12-06 13:39:04 +01:00