security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
13,707 Commits 1 Branch 57 Tags
a425ef65e5bd7e2602ee6fd6762dd8fb1065104f
Commit Graph

10679 Commits

Author SHA1 Message Date
Nasreddine Bencherchali a425ef65e5 feat: update metadata and add more cases for rules 2022-12-07 02:26:21 +01:00
Nasreddine Bencherchali a7bfb349ee fix: fix fp found in testing 2022-12-07 02:25:52 +01:00
Nasreddine Bencherchali 850d4fcd50 feat: update windefend rules 2022-12-07 00:20:56 +01:00
BlueTeamOps 8fa8a73551 Updated proc_creation_win_iis_service_account_password_dumped.yml (#3682) 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-06 13:10:58 +01:00
Nasreddine Bencherchali 42b99b165d feat: new rules and fixes (#3759) 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2022-12-06 12:13:20 +01:00
frack113 4b82b00ae9 Sysmoneop CMd shell (#3760) 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-06 12:12:43 +01:00
Florian Roth 1aab97e8f9 Merge pull request #3758 from SigmaHQ/aurora-false-positive-fixing 
fix: missing modified date update
 2022-12-05 20:40:05 +01:00
Florian Roth 2b769fcfc8 fix: missing modified date update 2022-12-05 19:58:10 +01:00
Florian Roth e493a41bc6 Merge pull request #3757 from SigmaHQ/aurora-false-positive-fixing 
fix: FPs noticed in Nextron testing CI
 2022-12-05 18:54:31 +01:00
Florian Roth 1796502b90 fix: FPs noticed in Nextron testing CI 2022-12-05 17:39:42 +01:00
gs3cl 122cb47d71 Gs3cl patch 1 (#3753) 2022-12-05 10:39:58 +01:00
frack113 32160be8bf Merge pull request #3755 from frack113/fix_sigma_warning 
Fix workflow warning
 2022-12-04 18:08:24 +01:00
frack113 53e04deae9 Merge pull request #3751 from fukusuket/refactor-remove-unnecessary-escape-regex 
refactor: remove unnesessary escape(in |re block)
 2022-12-04 18:00:37 +01:00
Florian Roth 9375fe95b4 Merge pull request #3748 from SigmaHQ/rule-devel 
Rule refactoring, improvements
 2022-12-04 17:55:14 +01:00
Florian Roth d7a9fa9e1b Merge pull request #3754 from SigmaHQ/aurora-false-positive-fixing 
fix: FPs
 2022-12-04 17:54:28 +01:00
frack113 54739006a9 Fix workflow warning 2022-12-04 15:29:08 +01:00
Florian Roth 6390915eb0 fix: FPs 2022-12-04 14:36:22 +01:00
Florian Roth 0db7f7f7cc rule: SysmonEOP 2022-12-04 14:36:04 +01:00
Florian Roth e3ba9ee336 Merge pull request #3750 from nasbench/nasbench-rule-devel 
feat: general updates and fixes
 2022-12-03 14:50:50 +01:00
fukusuket 9c76aac1fc refactor: remove unnesessary escape. 2022-12-03 21:56:00 +09:00
frack113 3ab7ed6436 Update proc_creation_win_gpg4win_susp_usage.yml 2022-12-03 13:09:50 +01:00
Nasreddine Bencherchali 77b1234572 fix: apply code review changes 2022-12-03 11:55:54 +01:00
frack113 76a624e4a9 Merge pull request #3747 from SigmaHQ/aurora-false-positive-fixing 
Aurora false positive fixing
 2022-12-03 09:36:55 +01:00
frack113 064132a5a8 Merge pull request #3744 from fukusuket/refactor-remove-unnecessary-escape 
refactor: remove unneeded escapes(in `|re` block)
 2022-12-03 09:36:09 +01:00
phantinuss cb5c19d696 fix: FPs found in testing env (#3743) 2022-12-03 09:35:34 +01:00
Florian Roth 6e0417b65c refactor: ngrok rule 2022-12-03 09:13:37 +01:00
Florian Roth de0561edba Update rules/windows/registry/registry_set/registry_set_creation_service_susp_folder.yml 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-03 09:09:51 +01:00
Nasreddine Bencherchali 0c3a0d4c39 fix: fp metadata 2022-12-02 23:38:18 +01:00
Nasreddine Bencherchali 3c90fb1c33 fix: fix metadata information 2022-12-02 23:22:23 +01:00
Nasreddine Bencherchali b6492e731b feat: general updates and fixes 2022-12-02 23:16:03 +01:00
securepeacock b5e783a6d5 Update and rename proc_creation_win_rundll32_not_from_c_drive.yml to … (#3609) 
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-02 19:44:44 +01:00
frack113 0f3eefdc9c Update title (#3746) 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-02 18:10:43 +01:00
fukusuket ead6831b25 update modified date. 2022-12-02 21:57:37 +09:00
Florian Roth c545af6b47 Merge pull request #3740 from nasbench/add-ref-desc-test 
feat: new test for special references case
 2022-12-02 13:52:06 +01:00
fukusuket a05742b420 refactor: remove unnesessary escape. 2022-12-02 21:26:45 +09:00
BlueTeamOps b09842f606 Create proc_creation_win_susp_secedit.yml (#3725) 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-02 13:21:36 +01:00
Florian Roth 2f44ed315b refactor: extend ngrok rule 2022-12-02 13:07:41 +01:00
Florian Roth 8fd31d5d11 Merge branch 'master' into aurora-false-positive-fixing 2022-12-02 12:18:17 +01:00
Florian Roth 9b5560844f fix: FP with Avast software 2022-12-02 12:18:11 +01:00
fukusuket 7b1d23621c refactor: remove unnesessary escape. 2022-12-02 20:17:39 +09:00
Florian Roth ce803476de refactor: rule with ??? causing issues in some backends 2022-12-01 14:02:15 +01:00
frack113 a674ee246b Update Title (#3739) 2022-11-30 11:44:15 +01:00
Fukusuke Takahashi 76fece654a fix: explicitly escape { to make it clear that it is a literal (#3737) 2022-11-30 11:43:49 +01:00
phantinuss 82afa90499 Merge pull request #3741 from nasbench/nasbench-rule-devel 
feat: new rules, fixes and general updates
 2022-11-30 08:51:15 +01:00
Nasreddine Bencherchali d82e3de11c fix: fix empty field in selection 2022-11-30 00:57:38 +01:00
Nasreddine Bencherchali 92965e6f7e fix: fix broken description 2022-11-29 23:43:03 +01:00
Nasreddine Bencherchali 02e68a3d26 feat: new powertool rule 2022-11-29 23:24:49 +01:00
Nasreddine Bencherchali 04a1d29eac feat: update driver rules 2022-11-29 23:24:34 +01:00
phantinuss 9c8e00fe66 fix: FP found in testing 2022-11-29 16:41:57 +01:00
Nasreddine Bencherchali 1ff75ce60e Merge branch 'SigmaHQ:master' into nasbench-rule-devel 2022-11-29 16:20:55 +01:00