security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
13,995 Commits 1 Branch 57 Tags
b19abdaeda7669c379bca72fa7ca8eada4677c5b
Commit Graph

705 Commits

Author SHA1 Message Date
Nasreddine Bencherchali 57e51cca2a fix: typo in near operator 2022-12-22 16:08:21 +01:00
Nasreddine Bencherchali e71d45b007 Merge branch 'SigmaHQ:master' into nasbench-rule-devel 2022-12-21 21:39:37 +01:00
Nasreddine Bencherchali 9d4bbec633 Merge pull request #3805 from zakibro/master 
Create lnx_privileged_user_creation.yml
 2022-12-21 21:35:59 +01:00
Nasreddine Bencherchali 4c7db89847 fix: improve overall structure 2022-12-21 20:40:29 +01:00
Nasreddine Bencherchali b9ae5303f1 Merge pull request #2801 from tuanhxh1/master 
add rules related to usage of "usermod"
 2022-12-21 20:33:04 +01:00
zakibro a0c07b2fba Update rules/linux/builtin/lnx_privileged_user_creation.yml 
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2022-12-21 19:31:34 +01:00
zakibro 14f006382a Update rules/linux/builtin/lnx_privileged_user_creation.yml 
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2022-12-21 19:31:24 +01:00
Nasreddine Bencherchali d51ff694a4 fix: rule status 2022-12-21 19:23:23 +01:00
zakibro 0fa4f8a454 Create lnx_privileged_user_creation.yml 
Adding new use case for tracking of Creation of privileged user in linux
 2022-12-21 18:16:20 +01:00
Nasreddine Bencherchali c97463e774 fix: update linux rules 2022-12-21 17:59:46 +01:00
Nasreddine Bencherchali 120196b2fc fix: resolve #2613 2022-12-21 10:33:31 +01:00
Nasreddine Bencherchali c36acb333f fix: typo in comment 2022-12-20 22:28:49 +01:00
Nasreddine Bencherchali e72bc1dcaf fix: add reference 2022-12-20 22:14:46 +01:00
Nasreddine Bencherchali 592e0062a1 fix: update condition and add new ref 2022-12-20 22:14:14 +01:00
zakibro 1a117d38e7 Update rules/linux/auditd/lnx_auditd_create_account.yml 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-20 19:30:26 +01:00
zakibro 59e4dc3e1c Modifying Creation Of An User Account 
Added additional test for record type of ADD_USER which should be generated whether you have created auditd rule or not.
 2022-12-20 15:51:40 +01:00
frack113 646351808e Refractor (#3794) 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-18 21:00:14 +01:00
jstnk9 647f6dc2ef Update title (#3734) 2022-11-29 07:36:45 +01:00
frack113 c820216541 Update Title (#3733) 2022-11-28 06:43:17 +01:00
frack113 cd4121d966 Update Title (#3731) 
Co-authored-by: Florian Roth <venom14@gmail.com>
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-11-27 19:19:27 +01:00
jstnk9 a573a8e1bc Title modified in several rules (#3728) 2022-11-25 15:34:38 +01:00
Nasreddine Bencherchali 6674ed0554 fix: add removed comments 2022-11-17 00:57:24 +01:00
Nasreddine Bencherchali ae149345b5 fix: fix #1972 2022-11-17 00:53:00 +01:00
Florian Roth be9bda1d54 Merge pull request #3673 from SigmaHQ/rule-devel 
fix: Adfind rule, rework: Racoon stealer UA, rule: ngrok tunneling
 2022-11-04 17:55:21 +01:00
Florian Roth ffbaee0c56 Update rules/linux/network_connection/net_connection_lnx_ngrok_tunnel.yml 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-11-04 10:49:12 +01:00
Florian Roth f27466ef2b Update rules/linux/network_connection/net_connection_lnx_ngrok_tunnel.yml 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-11-04 10:49:01 +01:00
Florian Roth 4fcac3089d Rule: Ngrok tunnel LNX 2022-11-03 17:41:23 +01:00
phantinuss 8c209f0ed1 Update lnx_shell_priv_esc_prep.yml 2022-11-01 12:32:46 +01:00
securepeacock f6acf8e4cc Update lnx_shell_priv_esc_prep.yml 
Added ip6tables
 2022-10-31 09:38:45 -04:00
frack113 11cb03181e Order yaml field 2022-10-25 08:53:44 +02:00
frack113 cf7a348028 Fix related 2022-10-09 17:28:05 +02:00
frack113 931fb30853 old experimental rule promotion 2022-10-09 16:54:04 +02:00
Nasreddine Bencherchali 545d8170e6 Update proc_creation_lnx_sudo_cve_2019_14287.yml 2022-10-06 00:18:18 +02:00
Nasreddine Bencherchali 2c26614ce4 Update Wildcard + Int to Str fields 2022-10-05 23:15:20 +02:00
Nasreddine Bencherchali 7176d672b5 Fix wildcard 2022-10-05 17:21:34 +02:00
Nasreddine Bencherchali 88f10a5d39 Fix issues 2022-10-05 17:19:48 +02:00
Rachel Rice 24e87d0f34 fix: Rename Linux process creation rule to use established pattern 
One rule had filename beginning 'prox' rather than 'proc'.

Signed-off-by: Rachel Rice <rachel.rice@lacework.net>
 2022-09-22 17:42:54 +01:00
nasreddine.bencherchali@nextron-systems.com 9d5652c4c2 Update proc_creation_lnx_services_stop_and_disable.yml 2022-09-16 13:43:01 +02:00
nasreddine.bencherchali@nextron-systems.com 7f3158d09e Fix after review 2022-09-16 11:47:19 +02:00
nasreddine.bencherchali@nextron-systems.com 5dfa871cef Update proc_creation_lnx_base64_shebang_cli.yml 2022-09-16 09:38:00 +02:00
nasreddine.bencherchali@nextron-systems.com 33271e9034 Quick update 2022-09-16 09:29:45 +02:00
nasreddine.bencherchali@nextron-systems.com 4fc62dee7c Linux rules update 2022-09-16 09:22:57 +02:00
Wagga 4573ab0a21 Fix a lot of typos in rules text and comments #Part 3 (#3446) 2022-08-30 08:21:25 +02:00
frack113 823cf26633 Merge pull request #3356 from Zandmann/patch-3 
Create BPF_Door_port_redirect.yml
 2022-08-13 10:34:38 +02:00
Zandmann 1339317b16 Update lnx_auditd_bpfdoor_port_redirect.yml 2022-08-12 21:41:35 +02:00
Zandmann 5bc4b2de27 Update lnx_auditd_bpfdoor_file_accessed.yml 2022-08-12 21:39:11 +02:00
Zandmann 1d6199494d Update lnx_auditd_bpfdoor_port_redirect.yml 2022-08-11 19:51:48 +02:00
Zandmann a3dcc61eac Rename lnx_auditd_BPF_Door_port_redirect.yml to lnx_auditd_bpfdoor_port_redirect.yml 2022-08-11 19:34:43 +02:00
Zandmann 28ee157216 Rename lnx_auditd_BPFDoor_file_accessed.yml to lnx_auditd_bpfdoor_file_accessed.yml 2022-08-11 19:32:17 +02:00
Zandmann 35d69a5a4b Update and rename BPF_Door_port_redirect.yml to lnx_auditd_BPF_Door_port_redirect.yml 2022-08-11 19:04:17 +02:00