security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
13,536 Commits 1 Branch 57 Tags
a67ab607a18787f94a3de0f8e3379745fa0c1928
Commit Graph

262 Commits

Author SHA1 Message Date
Florian Roth 0fb1295157 fix: FPs noticed with Aurora 2022-11-13 20:26:03 +01:00
Nasreddine Bencherchali bd30f75335 Update proc_access_win_in_memory_assembly_execution.yml 2022-11-03 11:19:09 +01:00
Nasreddine Bencherchali 5ee9428e59 Fix 2022-11-03 09:39:48 +01:00
Nasreddine Bencherchali 0aff47946d Fix FP 2022-11-01 01:05:42 +01:00
Nasreddine Bencherchali aeefa4c022 Merge branch 'master' into fix-false-positives 2022-10-27 11:49:52 +02:00
Nasreddine Bencherchali ca9183c1fe Update process_access_win_shellcode_inject_msf_empire.yml 2022-10-27 11:39:58 +02:00
Nasreddine Bencherchali 308ab94f88 Update process_access_win_shellcode_inject_msf_empire.yml 2022-10-27 11:39:32 +02:00
phantinuss c24cd642fd fix: missing beginning of SourceImage path 2022-10-26 10:10:02 +02:00
frack113 a3eed2b760 Order yaml field 2022-10-26 09:42:26 +02:00
phantinuss 176f3ab1b9 fix: FP in testing environment 2022-10-25 16:21:14 +02:00
phantinuss c555b33314 fix: FP with new Aurora 2022-10-25 12:20:13 +02:00
Florian Roth e9d7c3fdfc Merge pull request #3611 from nasbench/fix-false-positives 
Fix FP In Testing
 2022-10-21 18:11:27 +02:00
phantinuss f4420ca3c3 fix: FPs found in testing environment 2022-10-20 17:25:23 +02:00
Nasreddine Bencherchali a13a5efd47 More FP tuning 2022-10-20 11:51:06 +02:00
phantinuss 09b94e2081 fix: FP on test system 2022-10-20 11:08:41 +02:00
phantinuss 7a6bb720d9 fix: FPs on test system 2022-10-19 15:44:00 +02:00
frack113 931fb30853 old experimental rule promotion 2022-10-09 16:54:04 +02:00
Florian Roth c76b488941 fix: FPs during os upgrade 2022-10-07 22:31:13 +02:00
Florian Roth a029de0390 fix: FPs noticed in testing env 2022-10-05 12:22:42 +02:00
Florian Roth cd8ed9870c fix: FPs noticed with Aurora 2022-09-30 20:01:07 +02:00
Florian Roth 14fdf75ab5 fix: FPs noticed with THOR 2022-09-29 13:51:09 +02:00
Florian Roth c31fe50f4d fix: FPs noticed in THOR testing 2022-09-29 13:41:20 +02:00
Nasreddine Bencherchali d9cd98838f Add descriptions 2022-09-21 12:02:15 +02:00
Nasreddine Bencherchali 59530f49d4 Fix more FP in testing 2022-09-21 11:53:39 +02:00
Nasreddine Bencherchali 2f7a54cc31 Fix FP 2022-09-20 11:20:33 +02:00
Florian Roth 34d7ad03f7 fix: FPs noticed with Aurora 2022-09-18 12:54:37 +02:00
Florian Roth 2da0554bed fix: temporarily disable Kernel-Audit-API-Calls 2022-09-18 09:57:04 +02:00
Florian Roth 9f6604cf81 fix: aurora mtach calltrace msedeg.exe 2022-09-18 09:41:51 +02:00
Florian Roth f581d77e5d Merge branch 'aurora-false-positive-fixing' of https://github.com/SigmaHQ/sigma into aurora-false-positive-fixing 2022-09-13 11:30:37 +02:00
Florian Roth 264bc0787d fix: FP with Malwarebytes 2022-09-13 11:30:27 +02:00
phantinuss 43e0d4fe6a fix: FP with windows defender 2022-09-09 13:51:53 +02:00
Florian Roth b293a7a181 refactor: SysmonEnte, SharpEvtMute, SysmonQuiet 2022-09-07 16:01:05 +02:00
Florian Roth 6ad167a4f3 rule: SysmonEnte usage 2022-09-07 14:33:44 +02:00
David ANDRE 0b0190ccb1 Added quotes to strings 2022-09-01 15:22:26 +02:00
Borna Talebi 8dfe06a33b Adding Google Chrome FP 2022-08-31 11:35:12 +04:30
Nasreddine Bencherchali 11a322f4f0 New + Update 2022-08-26 15:38:43 +01:00
frack113 3426dfb6e9 Update backslash 2022-08-13 09:59:31 +02:00
phantinuss a90ba27a1c fix: do not use wildcard, where not needed 2022-08-09 10:55:05 +02:00
phantinuss ef1f2b13ec fix: use wildcard * instead of plaintext * 
the changed files seem like they used an esacped * by mistake
 2022-08-08 17:54:46 +02:00
Florian Roth a7c5381366 fix: LSASS access wermgr 2022-07-21 18:31:36 +02:00
Nasreddine Bencherchali 238e0ecd7d Update Ref+Selection 2022-07-11 14:11:53 +01:00
Florian Roth c7eb123bc3 Merge branch 'master' into aurora-false-positive-fixing 2022-07-07 18:21:16 +02:00
Florian Roth b58c797c61 fix: FPs with Visual Studio 2022-07-07 18:20:10 +02:00
phantinuss ce1710a031 fix: FPs found in testing 2022-07-06 15:38:31 +02:00
Nasreddine Bencherchali c95df56222 New Rules 2022-07-01 16:56:45 +01:00
frack113 2f19daed62 Merge pull request #3163 from d4rk-d4nph3/master 
Rule for HandleKatz
 2022-07-01 14:29:45 +02:00
phantinuss 15cd71403a fix: FP found in testing 2022-07-01 11:11:08 +02:00
Florian Roth 2da48f5052 Merge pull request #3167 from SigmaHQ/rule-devel 
Rules: Bitsadmin coverage and minor improvements
 2022-06-28 17:25:03 +02:00
Bhabesh 1f7e37d2a0 Fixed CallTrace 2022-06-28 10:56:18 +05:45
Florian Roth 19ef1c153f rule: werfault accessing lsass 2022-06-27 15:49:30 +02:00