security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
2,410 Commits 1 Branch 57 Tags
a0bad54dbda170d5369f54ccede5f11f999da4de
Commit Graph

2410 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Thomas Patzke 116a0e9f03 Merge branch 'master' of https://github.com/tuckner/sigma into tuckner-master 2018-11-07 22:27:41 +01:00
Thomas Patzke fe79be894b Merge branch 'master' of https://github.com/Neo23x0/sigma 2018-11-07 14:01:21 +01:00
Thomas Patzke 5053cc4e95 Fixed optimizing of not conditions with subexpressions 
Optimization pass traversal is cut at ConditionNOT nodes.
 2018-11-07 13:54:45 +01:00
Thomas Patzke a88b1e81ec Optimizer debugging code cleanup 
* Removed commented debugging code
* Output to stdin
* Coverage exception for _dumpNode
 2018-11-07 13:49:08 +01:00
Florian Roth 0ee515db47 Merge pull request #192 from neu5ron/patch-2 
Update win_alert_ad_user_backdoors.yml
 2018-11-07 08:34:16 +01:00
Nate Guagenti 9bfdcba400 Update win_alert_ad_user_backdoors.yml 
add another detection rule for delegation via the attack described in harmj0y's blog:
https://www.harmj0y.net/blog/redteaming/another-word-on-delegation/
 2018-11-05 21:08:19 -05:00
Thomas Patzke 42ed8acec9 Improved test coverage 
* Adding tests
* Removal of coverage measurement for debugging code
 2018-11-04 23:28:40 +01:00
Thomas Patzke 418f8d10a3 Wrap conditions generated by mappings into sub-expression 2018-11-04 23:00:04 +01:00
Thomas Patzke 0e4842962b Added tests 2018-11-04 22:16:20 +01:00
tuckner bd5b823725 Removed specific NetWintess config from test 2018-10-31 14:32:13 -05:00
tuckner ca6ba4a85b Added NetWitness backend and tests 2018-10-31 14:24:14 -05:00
tuckner 26f73d60fa Added NetWitness backend and tests 2018-10-31 14:07:59 -05:00
Florian Roth 37294d023f Suspicious svchost.exe executions 2018-10-30 09:37:40 +01:00
Florian Roth 580692aab4 Improved procdump on lsass rule 2018-10-30 09:37:40 +01:00
Thomas Patzke eacfaa7460 Check for forbidden null values in list items in Splunk backend 2018-10-27 01:07:03 +02:00
Thomas Patzke 423a73efd5 Dropped .py suffix 2018-10-22 23:02:05 +02:00
Thomas Patzke 1b1f22c5c2 Added sigma2misp to README 2018-10-22 23:02:05 +02:00
Thomas Patzke b2d6d73034 Added requirements 2018-10-22 22:43:59 +02:00
Thomas Patzke 16e3838a90 Renamed script 2018-10-19 21:23:33 +02:00
Thomas Patzke 6b14930302 Recursive path traversal 2018-10-19 21:21:33 +02:00
Thomas Patzke 67b416379f Improved import of multiple rules 2018-10-19 19:53:00 +02:00
Thomas Patzke 60b6f5d50a Merge branch 'samsson-patch-9' 2018-10-18 16:21:11 +02:00
Thomas Patzke ff98991c80 Fixed rule 2018-10-18 16:20:51 +02:00
Thomas Patzke a2da73053d Merge branch 'patch-9' of https://github.com/samsson/sigma into samsson-patch-9 2018-10-18 16:16:57 +02:00
Thomas Patzke 96d6d520b7 Merge branch 'pivotforensics-master' 2018-10-18 16:14:53 +02:00
Thomas Patzke 0fd8b986fd Added CI tests 2018-10-18 16:14:16 +02:00
Thomas Patzke 0cc8b77307 Merge branch 'master' of https://github.com/pivotforensics/sigma into pivotforensics-master 2018-10-18 15:56:26 +02:00
Thomas Patzke 732de3458f Merge pull request #186 from megan201296/patch-15 
Update sysmon_cmstp_com_object_access.yml
 2018-10-18 15:49:06 +02:00
Thomas Patzke fdd0823e07 Merge pull request #187 from megan201296/patch-16 
Additional MITRE ATT&CK Tagging
 2018-10-18 15:38:11 +02:00
Thomas Patzke 60765d903a Merge branch 'ntim-master' 2018-10-18 15:34:34 +02:00
Thomas Patzke 5609728a8a included XPack Watcher JSON output in CI tests 2018-10-18 14:56:21 +02:00
ntim e501c4a5b9 Added additional output type 'json' to the xpack-watcher backend which prints each watcher as compress json, one watcher per line 2018-10-17 10:38:56 +02:00
Thomas Patzke 44ff9d154e Increased test coverage for mapping corner cases 2018-10-16 14:53:12 +02:00
Thomas Patzke 265ce115a0 Fixed conditional field mapping usage in mapping chains 2018-10-16 13:57:51 +02:00
Thomas Patzke a61b3d352a Added test cases 
* Generic log sources
* Splunk index queries
 2018-10-15 15:24:18 +02:00
Michael H 5b33713ef8 Quick fix for string formatting bug 2018-10-13 20:21:37 -05:00
Michael H 38ec257f7e Re-doing LogName formatting 2018-10-13 20:18:57 -05:00
Michael H 9f48265eb1 Adding re.sub for LogName that accounts for expression grouping 2018-10-13 20:09:54 -05:00
Michael H 7e184f01c6 Removing invalid fieldmapping 2018-10-13 19:53:39 -05:00
Michael H ab2ebae6b0 Merge branch 'master' of https://github.com/Neo23x0/sigma 2018-10-13 19:41:18 -05:00
Florian Roth 3c3b14a26b rule: new malware UA 2018-10-10 15:27:58 +02:00
Florian Roth fd34437575 fix: fixed date in rule 2018-10-10 15:27:58 +02:00
megan201296 fdd264d946 Update sysmon_susp_powershell_rundll32.yml 2018-10-09 19:11:47 -05:00
megan201296 440b0ddffe Update sysmon_susp_powershell_parent_combo.yml 2018-10-09 19:11:17 -05:00
megan201296 b0983047eb Update sysmon_powersploit_schtasks.yml 2018-10-09 19:10:37 -05:00
megan201296 2f533c54b3 Update sysmon_powershell_network_connection.yml 2018-10-09 19:10:17 -05:00
megan201296 1b92a158b5 Add MITRE ATT&CK Tagging 2018-10-09 19:09:19 -05:00
megan201296 ffbb968fcd Update sysmon_cmstp_com_object_access.yml 
Edit tule logic for `and` instead of `or
 2018-10-09 19:03:30 -05:00
Florian Roth 182781229c Merge pull request #184 from megan201296/patch-14 
Remove duplicate value
 2018-10-09 09:37:54 +02:00
megan201296 7997cb3001 Remove duplicate value 2018-10-08 13:00:59 -05:00