security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,848 Commits 1 Branch 57 Tags
a36724ffdf1baf74720fd66d3509db2ce4bf752d
Commit Graph

7843 Commits

Author SHA1 Message Date
phantinuss a36724ffdf fix: FP found in testing environment 2022-09-19 15:28:05 +02:00
Florian Roth 959585fe33 Merge pull request #3511 from SigmaHQ/aurora-false-positive-fixing 
fix: FP with VBScript in registry key rule
 2022-09-19 09:57:23 +02:00
Florian Roth 2a94527714 fix: FP with VBScript in registry key rule 2022-09-19 09:23:15 +02:00
Florian Roth cab32f2be4 Merge pull request #3510 from SigmaHQ/aurora-false-positive-fixing 
Windows 2022 false positive fixing
 2022-09-18 16:50:34 +02:00
Florian Roth 6161fb91b3 fix: typo in modifier 2022-09-18 16:33:49 +02:00
Florian Roth b052302ac0 fix: syntax error 2022-09-18 16:24:07 +02:00
Florian Roth b6e595a8eb Merge branch 'aurora-false-positive-fixing' of https://github.com/SigmaHQ/sigma into aurora-false-positive-fixing 2022-09-18 16:21:49 +02:00
Florian Roth bf660b2de2 fix: FPs (testing, and Windows 2022 test system) 2022-09-18 16:21:05 +02:00
Florian Roth 968f0ae11f Merge pull request #3508 from SigmaHQ/aurora-false-positive-fixing 
fix: FPs noticed with Aurora
 2022-09-18 13:24:07 +02:00
Florian Roth 1c4a73f123 fix: FP with PS ISE 2022-09-18 12:56:52 +02:00
Florian Roth 34d7ad03f7 fix: FPs noticed with Aurora 2022-09-18 12:54:37 +02:00
Florian Roth e6d2faf25f Merge pull request #3507 from SigmaHQ/aurora-false-positive-fixing 
Aurora false positive fixing
 2022-09-18 11:47:16 +02:00
Florian Roth 34957a784b fix: modified date update 2022-09-18 10:42:19 +02:00
Florian Roth 2e8717d603 fix: taskhostw FPs with lsass access 2022-09-18 10:39:56 +02:00
Florian Roth eb87ed8f40 Merge pull request #3506 from SigmaHQ/aurora-false-positive-fixing 
Aurora false positive fixing
 2022-09-18 10:05:31 +02:00
Florian Roth 2da0554bed fix: temporarily disable Kernel-Audit-API-Calls 2022-09-18 09:57:04 +02:00
Florian Roth 9f6604cf81 fix: aurora mtach calltrace msedeg.exe 2022-09-18 09:41:51 +02:00
tr0mb1r 8b60317e2e Microsoft Teams Suspicious ObjectAccess events (#3500) 2022-09-17 08:47:35 +02:00
Florian Roth 1264429681 Merge pull request #3499 from nasbench/linux-rules-update 
Linux Rules Update
 2022-09-16 21:13:19 +02:00
Florian Roth cb4dcded1e Merge pull request #3452 from FabFaeb/master 
Add rule: Repeated failed mounting of administrative share
 2022-09-16 21:12:09 +02:00
Florian Roth a5cdd0dfeb Merge pull request #3501 from phantinuss/master 
FP Tuning / Local Test Script / Rule Refactor
 2022-09-16 21:11:53 +02:00
Borna Talebi 4ede1b413f Update reference 2022-09-16 21:46:45 +04:30
phantinuss bbc4aa3298 improve detection rate 2022-09-16 16:40:41 +02:00
phantinuss bde1335005 fix: FP with .NET ngen on test system 2022-09-16 16:40:40 +02:00
phantinuss 68a80844ea fix: new FPs in testing environment 2022-09-16 16:40:40 +02:00
nasreddine.bencherchali@nextron-systems.com 7f3158d09e Fix after review 2022-09-16 11:47:19 +02:00
Florian Roth cb55ed9f93 Merge pull request #3496 from krestinichev/add-new-rule 
Add new rule: proc_creation_disable_SEP
 2022-09-16 10:37:02 +02:00
Florian Roth c2256845b2 refactor: renamed and changed title 2022-09-16 09:45:56 +02:00
nasreddine.bencherchali@nextron-systems.com 7a5017696f Add more flag to curl windows rule 2022-09-16 09:23:15 +02:00
Florian Roth b4376ea580 refactor: CRLF to LF 2022-09-16 09:22:21 +02:00
Florian Roth 6d9d08e1de Update proc_creation_disable_SEP.yml 2022-09-16 09:18:27 +02:00
Florian Roth 67072ecc91 Merge pull request #3488 from frack113/redcannary_20220910 
Add posh_ps_disable_windowsoptionalfeature
 2022-09-16 09:13:16 +02:00
Florian Roth 92b6ba95e6 reduce the timeframe to 1min 2022-09-16 09:12:08 +02:00
frack113 c4d2ed0478 Merge pull request #3497 from bornatalebi/master 
New Rule: Windows DNS Client Rule command
 2022-09-16 06:33:41 +02:00
frack113 c1293c3365 Merge pull request #3495 from nasbench/nasbench-rule-devel 
Rule Dev (Updates)
 2022-09-16 06:32:53 +02:00
Borna Talebi 2af0431efa Change Title 2022-09-16 00:53:55 +04:30
Borna Talebi b984d52c65 Fixing conditions 2022-09-16 00:32:47 +04:30
Borna Talebi 0e7085bee5 Update posh_ps_add_dnsclient_rule.yml 2022-09-14 23:23:58 +04:30
Borna Talebi 227c2f6bb9 Update posh_ps_add_dnsclient_rule.yml 2022-09-14 23:11:52 +04:30
Borna Talebi d078d47360 New Rule: Windows DNS Client Rule 2022-09-14 22:32:35 +04:30
nasreddine.bencherchali@nextron-systems.com eb4247fdb4 Add missing modified field 2022-09-14 15:03:50 +02:00
krestinichev 02cfd972ed Add files via upload 2022-09-14 15:37:51 +03:00
nasreddine.bencherchali@nextron-systems.com 653ad66f21 Updates 2022-09-14 12:29:57 +02:00
Nasreddine Bencherchali fb44c6fa87 Update meta info 2022-09-13 22:14:45 +02:00
phantinuss 2ed0605dc4 Revert "Revert "Merge branch 'master' of github.com:elhoim/sigma"" 
This reverts commit 6c1761a7b7.
 2022-09-13 15:52:07 +02:00
Florian Roth 67bca96744 fix: wrong image selection 2022-09-13 13:13:16 +02:00
Qasim Qlf 3b4fc8c3fd VS Code Filter Fix - Undo the last commit 
Previous Filter of Image was wrong. Image can't endsWith (Code.exe and attrib.exe) at the same time. Same condition with other scenario.
CommandLine filter is good.
 2022-09-13 16:02:17 +05:00
Florian Roth f581d77e5d Merge branch 'aurora-false-positive-fixing' of https://github.com/SigmaHQ/sigma into aurora-false-positive-fixing 2022-09-13 11:30:37 +02:00
Florian Roth 264bc0787d fix: FP with Malwarebytes 2022-09-13 11:30:27 +02:00
Nasreddine Bencherchali 8a504bee9e Add %tmp% env variable 2022-09-13 10:49:14 +02:00