security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
11,068 Commits 1 Branch 57 Tags
ab7d7dbed800d52acd720f8534b4e28bcaa248dc
Commit Graph

23 Commits

Author SHA1 Message Date
Florian Roth 69afab9b9a Update create_remote_thread_win_ttdinjec.yml 2022-05-16 16:52:27 +02:00
frack113 c240824bd0 ttdinject lolbin 2022-05-16 09:10:28 +02:00
Timon Hackenjos 649d2b2a22 rule: KeePass password dumping 2022-04-23 18:25:11 +02:00
phantinuss f5ca5c0579 fix: FPs from fresh Windows 2022 install 2022-04-07 14:15:44 +02:00
phantinuss 9376859b06 fix: remove duplicate list entry 2022-04-06 17:14:34 +02:00
phantinuss 4780447102 fix: FPs from fresh Win7 install 2022-04-06 17:07:00 +02:00
phantinuss 7cbfc7f16a fix: remove . from title 2022-04-06 17:04:10 +02:00
frack113 becf3baeb4 Merge pull request #2813 from phantinuss/master 
Changes to falsepositives metadata
 2022-03-17 14:31:27 +01:00
Florian Roth 16cac67751 fix: indentation 2022-03-16 15:35:54 +01:00
Florian Roth 1099c5630e rule: remote thread creation, get-addbaccount 2022-03-16 15:21:01 +01:00
phantinuss b23eee6ebf fix: unknown --> Unknown 2022-03-16 13:43:54 +01:00
frack113 4631d0c482 remove invalid tag 2022-01-19 18:23:30 +01:00
frack113 01dc930c17 Change status for old rules 2021-11-27 11:33:14 +01:00
frack113 ebcfcfebf4 Fix field name 2021-11-20 19:14:59 +01:00
frack113 8e39eb7fde Remove useless EventID 2021-11-12 11:28:09 +01:00
frack113 0288f5b626 fix condition operator case 2021-09-10 13:51:52 +02:00
frack113 0fb6c35b1f Cleanup PS rules 2021-08-21 09:58:58 +02:00
wagga40 11df697cdc Updated rules with modifiers instead of '*' and remove trailing '\\' 2021-06-27 14:51:29 +02:00
frack113 b23423beba convert to TargetImage|endswith 2021-06-21 20:51:26 +02:00
Jonhnathan e218c32a4c Update Threat Hunter Playbook Reference 2021-05-22 01:00:39 -03:00
Steven 850a002840 Merge branch 'master' of https://github.com/SigmaHQ/sigma 2021-04-15 01:25:48 +02:00
Steven 0c9a82af89 - Remove 'service: sysmon' since defining the categories made the rules generic 2020-10-02 09:37:52 +02:00
Steven 8b74abe0bc - Created new categories for sysmon events 
- Replaced the explicit EventIDs with the reference to the category
- Moved the rules to the corresponding directories
 2020-09-30 20:44:14 +02:00