security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
13,995 Commits 1 Branch 57 Tags
b19abdaeda7669c379bca72fa7ca8eada4677c5b
Commit Graph

97 Commits

Author SHA1 Message Date
Nasreddine Bencherchali b9ae5303f1 Merge pull request #2801 from tuanhxh1/master 
add rules related to usage of "usermod"
 2022-12-21 20:33:04 +01:00
Nasreddine Bencherchali d51ff694a4 fix: rule status 2022-12-21 19:23:23 +01:00
Nasreddine Bencherchali c97463e774 fix: update linux rules 2022-12-21 17:59:46 +01:00
frack113 c820216541 Update Title (#3733) 2022-11-28 06:43:17 +01:00
jstnk9 a573a8e1bc Title modified in several rules (#3728) 2022-11-25 15:34:38 +01:00
frack113 11cb03181e Order yaml field 2022-10-25 08:53:44 +02:00
frack113 931fb30853 old experimental rule promotion 2022-10-09 16:54:04 +02:00
Nasreddine Bencherchali 545d8170e6 Update proc_creation_lnx_sudo_cve_2019_14287.yml 2022-10-06 00:18:18 +02:00
Nasreddine Bencherchali 2c26614ce4 Update Wildcard + Int to Str fields 2022-10-05 23:15:20 +02:00
Nasreddine Bencherchali 7176d672b5 Fix wildcard 2022-10-05 17:21:34 +02:00
Rachel Rice 24e87d0f34 fix: Rename Linux process creation rule to use established pattern 
One rule had filename beginning 'prox' rather than 'proc'.

Signed-off-by: Rachel Rice <rachel.rice@lacework.net>
 2022-09-22 17:42:54 +01:00
nasreddine.bencherchali@nextron-systems.com 9d5652c4c2 Update proc_creation_lnx_services_stop_and_disable.yml 2022-09-16 13:43:01 +02:00
nasreddine.bencherchali@nextron-systems.com 7f3158d09e Fix after review 2022-09-16 11:47:19 +02:00
nasreddine.bencherchali@nextron-systems.com 5dfa871cef Update proc_creation_lnx_base64_shebang_cli.yml 2022-09-16 09:38:00 +02:00
nasreddine.bencherchali@nextron-systems.com 33271e9034 Quick update 2022-09-16 09:29:45 +02:00
nasreddine.bencherchali@nextron-systems.com 4fc62dee7c Linux rules update 2022-09-16 09:22:57 +02:00
Nasreddine Bencherchali be25ff87e2 Update proc_creation_lnx_webshell_detection.yml 2022-08-01 23:40:34 +01:00
Nasreddine Bencherchali f45eba2002 Update proc_creation_lnx_webshell_detection.yml 2022-08-01 23:28:49 +01:00
Paul Hager ecf12bf6af new rules: lnx susp shell exec 2022-07-26 16:40:12 +02:00
Nasreddine Bencherchali a0a318edfc Update proc_creation_lnx_cve_2022_33891_spark_shell_command_injection.yml 2022-07-21 15:17:48 +01:00
Nasreddine Bencherchali a46b20b78c Update proc_creation_lnx_cve_2022_33891_spark_shell_command_injection.yml 2022-07-21 14:42:54 +01:00
Nasreddine Bencherchali a8b283ba5f Update 2022-07-20 13:40:24 +01:00
Nasreddine Bencherchali 1392ca1ec5 Fix review 2022-07-11 20:27:42 +01:00
Nasreddine Bencherchali cee1206b18 Update proc_creation_lnx_system_network_discovery.yml 2022-07-11 18:18:38 +01:00
Nasreddine Bencherchali 238e0ecd7d Update Ref+Selection 2022-07-11 14:11:53 +01:00
Nasreddine Bencherchali aec95b6d65 Update selections and indentation 2022-07-07 20:13:45 +01:00
Nasreddine Bencherchali d03f6df250 Reference Update [Batch 1] 2022-07-07 15:24:15 +01:00
Nasreddine Bencherchali d89b20d06e Switch links to permalinks 2022-07-05 19:43:07 +01:00
Nasreddine Bencherchali 498cc55a86 Triple Cross Rules 2022-07-05 15:58:22 +01:00
Florian Roth 926d72f7c2 fix: missing upper tick 2022-06-22 07:07:38 +02:00
Florian Roth e04003577f Update proc_creation_lnx_susp_history_recon.yml 2022-06-22 07:05:03 +02:00
Florian Roth fe72dbf62f Update proc_creation_lnx_susp_history_delete.yml 2022-06-22 07:04:30 +02:00
Florian Roth 8096f06c18 fix: condition 2022-06-21 17:55:49 +02:00
Florian Roth ffbe19404e fix: two rules 2022-06-21 17:45:50 +02:00
Florian Roth 3f189e52c1 fix: typo in status 2022-06-21 17:21:44 +02:00
Florian Roth d2e86f9001 rule: Linux cmdline rules 2022-06-21 08:26:23 +02:00
Florian Roth f728893364 refactor: rule level adjustments - critical to high 2022-06-18 17:43:22 +02:00
Nasreddine Bencherchali 143d70a959 Renamed CVE rule 5 2022-06-14 22:06:07 +01:00
Florian Roth 21c363cec9 Merge pull request #3102 from securepeacock/patch-25 
Create proc_creation_lnx_nohup.yml
 2022-06-07 10:47:34 +02:00
Florian Roth cc67d69360 Merge pull request #3100 from hazedav/dd-endswith 
fix(rule): lnx_dd_file_overwrite /bin symlinks
 2022-06-07 10:45:56 +02:00
Florian Roth 9d4822b400 Update proc_creation_lnx_nohup.yml 2022-06-07 10:35:08 +02:00
securepeacock e7b47c9069 Create proc_creation_lnx_nohup.yml 2022-06-06 23:22:50 -04:00
David Hazekamp bc26970596 fix(rule): lnx_dd_file_overwrite /bin symlinks 
This rule is subject to false negatives for *nix distros which
alias /bin to /usr/bin.  By using endswith we can catch dd usage
for either /bin or /usr/bin.
 2022-06-06 09:27:27 -05:00
securepeacock 1641eddaeb Create proc_creation_lnx_susp_chmod_directories.yml 2022-06-03 19:24:02 -04:00
phantinuss c2c1a2dcb7 Merge pull request #3090 from frack113/refractor_condition 
Refactor condition
 2022-06-03 17:02:31 +02:00
frack113 8de0027ca3 refactor condition 2022-06-03 15:35:24 +02:00
phantinuss 8bdd2562fb fix: avoid regex, not actually needed 2022-06-03 14:55:09 +02:00
phantinuss 1cb985487c windows and linux python pty spawning 2022-06-03 12:17:33 +02:00
phantinuss 984b0e553c chore: reduce rule level 2022-06-03 12:17:33 +02:00
Nasreddine Bencherchali 777b123ad0 Update proc_creation_lnx_atlassian_confluence_cve_2022_26134.yml 2022-06-03 08:38:24 +01:00