security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,433 Commits 1 Branch 57 Tags
a85c19db173ae6a6aed6b8cbcf5798de046e8691
Commit Graph

125 Commits

Author SHA1 Message Date
remotephone@gmail.com a85c19db17 updating files to cover broader network discovery logic, renaming alert, adding recommended changes 2020-10-13 00:39:53 -05:00
remotephone@gmail.com 781c7ce6dc Cleaning up falsepositives section of both rules 2020-10-11 23:52:47 -05:00
remotephone@gmail.com 48edc674bd updating keywords to CommandLine|contains and splitting rule into two 2020-10-11 22:43:28 -05:00
remotephone@gmail.com e967cce211 change new lines to LF instead of CLRF 2020-10-07 23:02:03 -05:00
remotephone@gmail.com 9802704a2b not sure why i'm failing the tests on a line I didn't change. copying format from another file 2020-10-07 22:54:31 -05:00
remotephone@gmail.com ff2ba5f876 double checking new line characters 2020-10-07 22:43:38 -05:00
remotephone@gmail.com 83ed39f95c adding UID, renaming 2020-10-07 22:25:54 -05:00
remotephone@gmail.com 4486c3ffc9 adding new line at end of file 2020-10-07 22:11:05 -05:00
remotephone@gmail.com cde0020d30 T1016 detection rules 2020-10-07 22:09:15 -05:00
yugoslavskiy edad1695f6 Merge branch 'oscd' of https://github.com/mrblacyk/sigma into mrblacyk-oscd 2019-12-02 02:56:53 +01:00
yugoslavskiy 48a94d1609 Update lnx_dd_delete_file.yml 2019-12-02 02:54:48 +01:00
yugoslavskiy ca1c2f4436 Update lnx_chattr_immutable_removal.yml 2019-12-02 02:54:32 +01:00
yugoslavskiy 9e90335a5a Update lnx_pers_systemd_reload.yml 2019-12-02 02:54:13 +01:00
yugoslavskiy 46ca68436e Update lnx_file_or_folder_permissions.yml 2019-12-02 02:53:35 +01:00
mrblacyk 9d0889def4 Adding auditd compatibility 2019-11-29 09:34:08 +01:00
mrblacyk cafbb25d2e Update lnx_file_or_folder_permissions.yml 2019-11-29 09:33:04 +01:00
mrblacyk bf5e6cc56b Adding auditd compatibility 2019-11-29 09:32:05 +01:00
mrblacyk a15c84eb80 Adding auditd compatibility 2019-11-29 09:27:31 +01:00
yugoslavskiy efc404fbae resolve conflicts with rule IDs; restored and deprecated sysmon_mimikatz_detection_lsass.yml 2019-11-19 02:11:19 +01:00
Thomas Patzke 0592cbb67a Added UUIDs to rules 2019-11-12 23:12:27 +01:00
Thomas Patzke 5f6a4225ec Unified line terminators of rules to Unix 2019-11-12 23:05:36 +01:00
yugoslavskiy a4331b0eec Merge pull request #498 from theRabbitCode/oscd 
[OSCD] Added Atomic Blue Detections Repo
 2019-11-11 23:22:57 +03:00
yugoslavskiy bdff2c312b Update lnx_auditd_ld_so_preload_mod.yml 2019-11-11 01:44:53 +03:00
yugoslavskiy 69a99bc2c3 Merge pull request #493 from alx1m1k/oscd 
[OSCD] rules from Jet CSIRT team
 2019-11-10 23:11:24 +03:00
yugoslavskiy 82f23c5f63 Merge pull request #477 from zinint/oscd 
add 13 new rules:

- rules/linux/auditd/lnx_auditd_masquerading_crond.yml 
- rules/linux/auditd/lnx_auditd_user_discovery.yml 
- rules/linux/auditd/lnx_data_compressed.yml 
- rules/linux/auditd/lnx_network_sniffing.yml 
- rules/windows/powershell/powershell_data_compressed.yml 
- rules/windows/powershell/powershell_winlogon_helper_dll.yml 
- rules/windows/process_creation/win_change_default_file_association.yml 
- rules/windows/process_creation/win_data_compressed_with_rar.yml 
- rules/windows/process_creation/win_local_system_owner_account_discovery.yml 
- rules/windows/process_creation/win_network_sniffing.yml 
- rules/windows/process_creation/win_query_registry.yml 
- rules/windows/process_creation/win_service_execution.yml 
- rules/windows/process_creation/win_xsl_script_processing.yml 

modify 1 rule:

- rules/windows/process_creation/win_possible_applocker_bypass.yml
 2019-11-05 04:55:29 +03:00
yugoslavskiy 534f5fc0e1 Update lnx_network_sniffing.yml 2019-11-05 04:40:40 +03:00
yugoslavskiy 70fdd9c7d7 Update lnx_data_compressed.yml 2019-11-05 04:38:27 +03:00
yugoslavskiy 75f2b8536f Update lnx_auditd_user_discovery.yml 2019-11-04 22:14:30 +03:00
yugoslavskiy 8b2216e94e Update lnx_auditd_masquerading_crond.yml 2019-11-04 22:14:10 +03:00
yugoslavskiy 0d5489bbb0 Update lnx_auditd_user_discovery.yml 2019-11-04 22:07:30 +03:00
yugoslavskiy bb71f95810 Update lnx_auditd_masquerading_crond.yml 2019-11-04 21:58:42 +03:00
yugoslavskiy 1f1fd68331 Merge pull request #472 from feedb/oscd 
add 11 new rules:

- rules/linux/auditd/lnx_auditd_web_rce.yml
- rules/windows/process_creation/process_creation_susp_bginfo.yml
- rules/windows/process_creation/process_creation_susp_cdb.yml
- rules/windows/process_creation/process_creation_susp_devtoolslauncher.yml
- rules/windows/process_creation/process_creation_susp_dnx.yml
- rules/windows/process_creation/process_creation_susp_dxcap.yml
- rules/windows/process_creation/process_creation_susp_msoffice.yml
- rules/windows/process_creation/process_creation_susp_odbcconf.yml
- rules/windows/process_creation/process_creation_susp_openwith.yml
- rules/windows/process_creation/process_creation_susp_psr_capture_screenshots.yml
- rules/windows/sysmon/sysmon_webshell_creation_detect.yml
 2019-11-04 20:40:58 +03:00
yugoslavskiy 8a35a51211 Update lnx_auditd_web_rce.yml 2019-11-04 18:08:17 +03:00
zinint 11e7bdc727 Update lnx_network_sniffing.yml 2019-10-30 22:59:46 +03:00
zinint fd09c00b35 Update lnx_network_sniffing.yml 2019-10-30 20:59:07 +03:00
zinint 3d106d8e7f Update lnx_network_sniffing.yml 2019-10-30 19:11:51 +03:00
zinint e0c5479f0a Update lnx_network_sniffing.yml 2019-10-30 19:10:48 +03:00
zinint b5b40f2861 Update lnx_network_sniffing.yml 2019-10-30 19:07:05 +03:00
zinint cc4a8df5e3 Update lnx_network_sniffing.yml 2019-10-30 19:06:53 +03:00
zinint 7e3d8ccaf3 T1040 2019-10-30 19:05:50 +03:00
zinint 4a560e9375 T1002 2019-10-29 22:56:45 +03:00
zinint 583980f8ec Delete win_data_compressed.yml 2019-10-29 22:56:30 +03:00
zinint 4eb7965662 T1002 2019-10-29 22:54:42 +03:00
zinint 950796f71f Update lnx_auditd_masquerading_crond.yml 2019-10-29 22:48:39 +03:00
zinint c5599399b5 Update lnx_auditd_masquerading_crond.yml 2019-10-29 22:48:00 +03:00
zinint 47f7d648a3 T1036 2019-10-29 22:33:03 +03:00
Yugoslavskiy Daniil 3376cf4dd8 fix some typos and remove redundand references 2019-10-29 01:40:06 +03:00
RRRabbit becfca6b41 Added Atomic Blue Detections Repo 2019-10-28 11:59:49 +01:00
zinint d1cf80d9b6 Update lnx_auditd_user_discovery.yml 2019-10-28 00:00:06 +03:00
zinint 68b4541274 t1033 2019-10-27 23:59:16 +03:00