blue-team-tools

Author	SHA1	Message	Date
Nasreddine Bencherchali	a425ef65e5	feat: update metadata and add more cases for rules	2022-12-07 02:26:21 +01:00
Nasreddine Bencherchali	a7bfb349ee	fix: fix fp found in testing	2022-12-07 02:25:52 +01:00
Nasreddine Bencherchali	0d3cb52266	feat: enhance typos test	2022-12-07 01:04:25 +01:00
Nasreddine Bencherchali	850d4fcd50	feat: update windefend rules	2022-12-07 00:20:56 +01:00
Nasreddine Bencherchali	1091b83d59	Merge branch 'SigmaHQ:master' into nasbench-rule-devel	2022-12-07 00:15:14 +01:00
BlueTeamOps	8fa8a73551	Updated proc_creation_win_iis_service_account_password_dumped.yml (#3682 ) Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>	2022-12-06 13:10:58 +01:00
Nasreddine Bencherchali	42b99b165d	feat: new rules and fixes (#3759 ) Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2022-12-06 12:13:20 +01:00
$frack113$ frack113	4b82b00ae9	Sysmoneop CMd shell (#3760 ) Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>	2022-12-06 12:12:43 +01:00
Nasreddine Bencherchali	1c5e4371e7	fix: add missing modified date	2022-12-06 10:56:06 +01:00
Nasreddine Bencherchali	9657446647	fix: apply suggestions from code review Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com> Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>	2022-12-06 10:53:57 +01:00
Nasreddine Bencherchali	f673ac9235	feat: add parent selection	2022-12-06 01:41:18 +01:00
Nasreddine Bencherchali	c541d52d44	fix: update mitre tags and `OriginalFileName`	2022-12-06 01:32:46 +01:00
Nasreddine Bencherchali	72bba4c822	fix: update rule to be more generic	2022-12-06 00:37:07 +01:00
Nasreddine Bencherchali	4184d05e80	fix: escape special "?" character	2022-12-06 00:16:09 +01:00
Nasreddine Bencherchali	dbf114e7cb	feat: add rules related to scheduled tasks	2022-12-05 23:52:11 +01:00
Florian Roth	1aab97e8f9	Merge pull request #3758 from SigmaHQ/aurora-false-positive-fixing fix: missing modified date update	2022-12-05 20:40:05 +01:00
Florian Roth	2b769fcfc8	fix: missing modified date update	2022-12-05 19:58:10 +01:00
Florian Roth	e493a41bc6	Merge pull request #3757 from SigmaHQ/aurora-false-positive-fixing fix: FPs noticed in Nextron testing CI	2022-12-05 18:54:31 +01:00
Florian Roth	1796502b90	fix: FPs noticed in Nextron testing CI	2022-12-05 17:39:42 +01:00
$frack113$ frack113	ba601ff4ba	Merge pull request #3756 from nasbench/enahance-duplicate-id-test feat: change duplicate test to check lower case	2022-12-05 14:45:19 +01:00
Nasreddine Bencherchali	f81a960044	fix: split mavinject rule	2022-12-05 12:23:48 +01:00
Nasreddine Bencherchali	d50739ed3e	fix: rename rule for lolbin convention	2022-12-05 12:18:51 +01:00
Nasreddine Bencherchali	3bcce88786	fix: fix issue #3742	2022-12-05 12:18:14 +01:00
gs3cl	122cb47d71	Gs3cl patch 1 (#3753 )	2022-12-05 10:39:58 +01:00
Nasreddine Bencherchali	e343d016e9	feat: change check to lower	2022-12-05 00:31:51 +01:00
$frack113$ frack113	32160be8bf	Merge pull request #3755 from frack113/fix_sigma_warning Fix workflow warning	2022-12-04 18:08:24 +01:00
$frack113$ frack113	53e04deae9	Merge pull request #3751 from fukusuket/refactor-remove-unnecessary-escape-regex refactor: remove unnesessary escape(in \|re block)	2022-12-04 18:00:37 +01:00
Florian Roth	9375fe95b4	Merge pull request #3748 from SigmaHQ/rule-devel Rule refactoring, improvements	2022-12-04 17:55:14 +01:00
Florian Roth	d7a9fa9e1b	Merge pull request #3754 from SigmaHQ/aurora-false-positive-fixing fix: FPs	2022-12-04 17:54:28 +01:00
$frack113$ frack113	54739006a9	Fix workflow warning	2022-12-04 15:29:08 +01:00
Florian Roth	6390915eb0	fix: FPs	2022-12-04 14:36:22 +01:00
Florian Roth	0db7f7f7cc	rule: SysmonEOP	2022-12-04 14:36:04 +01:00
$frack113$ frack113	75c6f44f12	Update Workflow (#3752 )	2022-12-04 11:18:11 +01:00
Florian Roth	e3ba9ee336	Merge pull request #3750 from nasbench/nasbench-rule-devel feat: general updates and fixes	2022-12-03 14:50:50 +01:00
fukusuket	9c76aac1fc	refactor: remove unnesessary escape.	2022-12-03 21:56:00 +09:00
$frack113$ frack113	3ab7ed6436	Update proc_creation_win_gpg4win_susp_usage.yml	2022-12-03 13:09:50 +01:00
Nasreddine Bencherchali	77b1234572	fix: apply code review changes	2022-12-03 11:55:54 +01:00
$frack113$ frack113	76a624e4a9	Merge pull request #3747 from SigmaHQ/aurora-false-positive-fixing Aurora false positive fixing	2022-12-03 09:36:55 +01:00
$frack113$ frack113	064132a5a8	Merge pull request #3744 from fukusuket/refactor-remove-unnecessary-escape refactor: remove unneeded escapes(in `\|re` block)	2022-12-03 09:36:09 +01:00
phantinuss	cb5c19d696	fix: FPs found in testing env (#3743 )	2022-12-03 09:35:34 +01:00
Florian Roth	6e0417b65c	refactor: ngrok rule	2022-12-03 09:13:37 +01:00
Florian Roth	de0561edba	Update rules/windows/registry/registry_set/registry_set_creation_service_susp_folder.yml Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>	2022-12-03 09:09:51 +01:00
Nasreddine Bencherchali	0c3a0d4c39	fix: fp metadata	2022-12-02 23:38:18 +01:00
Nasreddine Bencherchali	3c90fb1c33	fix: fix metadata information	2022-12-02 23:22:23 +01:00
Nasreddine Bencherchali	b6492e731b	feat: general updates and fixes	2022-12-02 23:16:03 +01:00
securepeacock	b5e783a6d5	Update and rename proc_creation_win_rundll32_not_from_c_drive.yml to … (#3609 ) Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com> Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>	2022-12-02 19:44:44 +01:00
$frack113$ frack113	0f3eefdc9c	Update title (#3746 ) Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>	2022-12-02 18:10:43 +01:00
fukusuket	ead6831b25	update modified date.	2022-12-02 21:57:37 +09:00
Florian Roth	c545af6b47	Merge pull request #3740 from nasbench/add-ref-desc-test feat: new test for special references case	2022-12-02 13:52:06 +01:00
fukusuket	a05742b420	refactor: remove unnesessary escape.	2022-12-02 21:26:45 +09:00

1 2 3 4 5 ...

13707 Commits