security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
2,410 Commits 1 Branch 57 Tags
a0bad54dbda170d5369f54ccede5f11f999da4de
Commit Graph

2410 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tareq AlKhatib c3b079990a Properly end anchored the regex 2019-03-09 19:23:50 +03:00
Florian Roth 361f2ffa5f Product Support - RANK VASA 2019-03-08 16:32:22 +01:00
Florian Roth fe9e50167f Rule: renamed bitsadmin rule 2019-03-08 16:25:16 +01:00
Florian Roth 49532438eb Rule: Bitsadmin wot uncommon TLD 2019-03-08 16:20:10 +01:00
John Tuckner a1ba04aec8 modified process creation logic 2019-03-08 00:01:43 -06:00
Thomas Patzke 082ee586bf Merge branch 'christophetd-elastalert-alert-types' 2019-03-08 00:05:08 +01:00
Thomas Patzke 6d97c6d0bb Extended elastalert CI testing 2019-03-08 00:04:43 +01:00
Thomas Patzke a429f09cc1 Merge branch 'elastalert-alert-types' of https://github.com/christophetd/sigma into christophetd-elastalert-alert-types 2019-03-07 23:54:05 +01:00
Thomas Patzke 3c1948f089 Merge pull request #277 from megan201296/patch-18 
Remove invalid link
 2019-03-07 23:49:13 +01:00
Thomas Patzke c235944a0c Merge pull request #278 from krakow2600/master 
fixed incorrect date format
 2019-03-07 23:46:12 +01:00
tuckner c97f0f097b Merge branch 'master' of https://github.com/tuckner/sigma 2019-03-07 16:29:01 -06:00
tuckner e9ddd933f8 more fixes for process creation 2019-03-07 16:28:35 -06:00
Yugoslavskiy Daniil 475113b1c1 fixed incorrect date format 2019-03-07 22:52:11 +01:00
megan201296 c2a16591af Remove invalid link 
Cybereason link was broken. Couldn't find anything with a super similar file path. The below link might be a valid replacement but went better safe than sorry and just removed it completely. https://www.cybereason.com/hubfs/Cybereason%20Labs%20Analysis%20Operation%20Cobalt%20Kitty-Part1.pdf
 2019-03-07 14:22:29 -06:00
John Tuckner 1182ee2de2 added ala to makefile 2019-03-07 10:43:22 -06:00
John Tuckner 5a64f572e3 update 2019-03-07 10:32:59 -06:00
Florian Roth a82ea0a022 Merge pull request #276 from krakow2600/master 
ATC windows rules review
 2019-03-06 17:16:32 +01:00
Florian Roth 83c0c71bc7 Reworked for process_creation rules 2019-03-06 17:09:43 +01:00
Florian Roth d7c25adfb6 Merge pull request #274 from TareqAlKhatib/multifile_yamls 
Updated to use the new process_creation logsource
 2019-03-06 17:06:04 +01:00
Yugoslavskiy Daniil cb7243de5d fixed wrong tags 2019-03-06 06:18:38 +01:00
Yugoslavskiy Daniil 8bec627ff1 fixed multiple tags issue 2019-03-06 06:09:37 +01:00
Yugoslavskiy Daniil 5154460726 changed service to product 2019-03-06 05:57:01 +01:00
Yugoslavskiy Daniil 05cc7e455d atc review 2019-03-06 05:25:12 +01:00
yugoslavskiy 725ab99e90 Merge pull request #1 from AverageS/master 
Fix rules
 2019-03-06 04:31:01 +01:00
John Tuckner 283bd278f4 added eventid to sysmon process creation 2019-03-05 20:58:23 -06:00
John Tuckner 971bd49071 accomodated process creation and slash escapes 2019-03-05 20:50:30 -06:00
Wydra Mateusz 534f250c35 Merge branch 'master' of https://github.com/krakow2600/sigma 2019-03-06 00:45:16 +01:00
Wydra Mateusz bb95347745 rules update 2019-03-06 00:43:42 +01:00
mrblacyk 6232362f04 Missing tags 2019-03-06 00:16:40 +01:00
mrblacyk 07807837ee Missing tags 2019-03-06 00:02:37 +01:00
mikhail be108d95cc Merge branch 'master' of https://github.com/AverageS/sigma 2019-03-06 01:57:38 +03:00
mikhail 40241c1fdf Fix 4 rules 2019-03-06 01:56:05 +03:00
mrblacyk 99595a7f89 Added missing tags and some minor improvements 2019-03-05 23:25:49 +01:00
Tareq AlKhatib 879017818f More conversions to the new process_creation logsource 2019-03-05 09:46:53 +03:00
tuckner 2c0cc87ab8 Added schema file checking 2019-03-04 11:57:30 -06:00
tuckner cf186387af Added schema file checking 2019-03-04 11:53:51 -06:00
tuckner c5796d7853 Added Azure Log Analytics backend 2019-03-04 10:49:50 -06:00
tuckner 8179d182c4 added azure log analytics 2019-03-04 10:44:45 -06:00
Tareq AlKhatib b2952b9f78 Fixing failed CI build - take 2 2019-03-04 16:51:39 +03:00
Tareq AlKhatib c8be6e649b Fixing failed CI build 2019-03-04 16:44:30 +03:00
Tareq AlKhatib 45458121c6 Updated to use the new process_creation logsource 2019-03-04 16:13:27 +03:00
Florian Roth ae1541242c New custom suspicious TLD in rule ".pw" 2019-03-03 10:58:12 +01:00
Thomas Patzke 17e9729ddd Merge pull request #273 from TareqAlKhatib/process_create 
Process create
 2019-03-02 21:57:59 +01:00
Tareq AlKhatib 58c61430a2 updated to use process_creation 2019-03-02 21:05:15 +03:00
Tareq AlKhatib be2ca8dc4d Added checks for Sysmon 1 or EID 4688 instead of process_creation 2019-03-02 20:51:49 +03:00
Florian Roth 33e490e4fa Titles in Examples 2019-03-02 12:23:44 +01:00
Florian Roth 7b3d67ae66 fix: bugfix in new proc creation rule 2019-03-02 11:28:13 +01:00
Florian Roth 9a3ceb8421 Sigmac Usage Examples 2019-03-02 10:58:02 +01:00
Liam Sennitt bef5f03015 fix tagging in turla png dropper service rule 2019-03-02 09:01:00 +00:00
Florian Roth 1a583c158d fixed typo as in pull request by @m0jtaba 2019-03-02 08:16:25 +01:00