security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
16,483 Commits 1 Branch 57 Tags
b2acd800981e1c8d9f747173eb7803f0405cebd6
Commit Graph

62 Commits

Author SHA1 Message Date
phantinuss a38664c771 Merge PR #5443 from @phantinuss - Pin Sigma Validator package to minor version only 
chore: Pin Sigma Validator package to minor version only
 2025-06-04 14:58:58 +02:00
phantinuss 19568ae667 chore: update pySigma validators 2025-05-08 11:00:04 +02:00
phantinuss 58cb9a11e3 chore: add tests/sigma_cli_conf.yml to tracked files 2025-05-05 10:17:15 +02:00
phantinuss f47604b735 chore: update pySigma validators 2025-04-30 11:31:22 +02:00
Nasreddine Bencherchali 598d29f811 Merge PR #4950 from @nasbench - Comply With v2 Spec Changes 
chore: change tags, date, modified fields to comply with v2 of the Sigma spec.
chore: update the related type from `obsoletes` to `obsolete`.
chore: update local json schema to the latest version.
 2024-08-12 12:02:50 +02:00
frack113 51d0119a58 Merge PR #4959 from @frack113 - Freeze pySigma to 0.11.9 before migration to v2 
chore: freeze pySigma before migrating all rules to v2
 2024-08-10 11:26:33 +02:00
Nasreddine Bencherchali c2915a678b Merge PR #4912 from @nasbench - update pySigma-validators-sigmahq to version 0.7.0 and sigma_cli_conf.yml 
chore: update `pySigma-validators-sigmahq` to version 0.7.0 and `sigma_cli_conf.yml`

---------

Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2024-07-11 11:24:01 +02:00
frack113 2cfa9a2d1f Merge PR #4847 from @frack113 - Update test Workflow to use pySigma-validators-sigmahq 
chore: update workflow to use "pySigma-validators-sigmahq"
 2024-05-10 10:32:54 +02:00
frack113 583f08ecac Merge PR #4768 from @frack113 - Update workflows action version 
chore: update workflows action version
 2024-03-14 11:29:54 +01:00
phantinuss 2c24b24cf1 Merge PR #4585 from @phantinuss - Update evtx-baseline to v0.8 and fix FP found in baseline 
chore: update evtx-baseline to v0.8
chore: add file paths that impact the test
chore: split goodlog and QA tests into two separate workflows
fix: File or Folder Permissions Modifications - FPs with partial paths
 2023-11-21 15:16:18 +01:00
phantinuss 130227bc05 Merge PR #4581 from @phantinuss - Remove in changlog, additional attribution, workflow optimization, FP tuning 
chore: run sigma rule repo tests only on specific paths
chore: add manual thanks and list removed rules in changelog
fix: Rundll32 Execution Without DLL File - remove command line restriction bc of numerous FPs

---------

Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2023-11-20 13:45:53 +01:00
frack113 d577872761 Merge PR #4551 from @frack113 - chore: move more tests to pySigma 
chore: Add attacktag and tlptag to pySigma tests
---------

Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2023-11-15 16:40:33 +01:00
frack113 f6eca9a262 Merge PR #4541 from @frack113 - Update SIGMA tests 
chore: remove duplicate tests that already covered by pysigma validation
 2023-11-06 13:06:55 +01:00
frack113 271f972468 Merge PR #4538 from @frack113 - Add Sigma CLI Configuration File 
chore: add sigma-cli configuration file
fix: Suspicious Non-Browser Network Communication With Google API - Fix escaped wildcard issue and Update modifiers
fix: Uncommon PowerShell Hosts - Fix escaped wildcard issue
fix: Potential Active Directory Reconnaissance/Enumeration Via LDAP - Update logsource

---------

Co-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>
 2023-11-03 16:59:53 +01:00
phantinuss 4852ee4648 Merge PR #4500 From @phantinuss
Create Release / Create Release (push) Has been cancelled
Details 
chore: clarify latest release location in release message
 2023-10-23 11:45:45 +02:00
Nasreddine Bencherchali 95793d73bd Merge PR #4482 From @nasbench - Add New Automation Workflows 
chore: update workflows and add quality of life updates and automation to the repository

---------

Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-10-18 11:53:44 +02:00
phantinuss 733de447de Merge PR #4464 from @phantinuss - Update Goodlog Test 
chore: add threat hunting rules to goodlog tests

---------

Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2023-09-29 14:33:55 +02:00
phantinuss 78f323742f Merge PR #4455 from @phantinuss - Update Test Script 
chore: add rules-emerging-threats to goodlog tests
 2023-09-27 10:04:06 +02:00
phantinuss da8d42fa2b Merge pull request #4385 from @phantinuss - Update Workflow Pipeline 
- fix: Devil Bait Potential C2 Communication Traffic
- chore: update workflow to run on all rules
- chore: unpin the sigma-cli version from the workflow
 2023-08-23 14:18:49 +02:00
Thomas Patzke 0e8e5a0bd5 Restored thor.yml and fixed reference to it 2023-04-02 01:22:10 +02:00
Nasreddine Bencherchali 73293ce625 feat: update workflow 2023-02-22 14:49:09 +01:00
frack113 3c2e1a6a3e add new test 2022-12-30 16:00:42 +01:00
frack113 3b54304ac6 Update Workflow action (#3829) 2022-12-28 13:58:10 +01:00
frack113 75c6f44f12 Update Workflow (#3752) 2022-12-04 11:18:11 +01:00
phantinuss 54add15167 workflow: fix wrong filename 2022-09-21 13:51:20 +02:00
phantinuss e5e5cdd3b3 workflow: update evtx-baseline to v0.7 and add a new test for the data 2022-09-21 13:45:28 +02:00
Tobias Michalski 6f467656fe chore: Get Submodules for test_rules.py test 2022-08-12 14:33:31 +02:00
phantinuss b18184a58f workflow: add baseline chack for Windows 2022 domain controller 2022-04-21 10:48:59 +02:00
phantinuss 0aabb53bd6 chore: update to evtx-baseline v0.6 2022-04-21 10:48:58 +02:00
phantinuss 8a8226317f fix: indentation 2022-04-07 14:15:44 +02:00
phantinuss 25de8a926c workflow: new baseline check against Windows 2022 2022-04-07 14:15:44 +02:00
phantinuss d323753abd workflow: new baseline check against Windows 7 32-bit 2022-04-06 17:06:54 +02:00
phantinuss b0c1c3e726 workflow: new baseline check against Windows 11 2022-04-06 16:09:51 +02:00
Florian Roth fd6d2d7b65 fix: disable truthy check in yamllint 2022-03-22 18:11:11 +01:00
phantinuss 470bdd5252 hotfix: reenable rules check, might be refined later 2022-03-21 13:35:30 +01:00
Thomas Patzke 2d44696464 Replaced sigmatools tests with sigma-cli check 2022-03-16 00:19:16 +01:00
phantinuss 62949b0437 workflow: output cosmetics 2022-02-21 11:01:44 +01:00
phantinuss fc8cf7d4a0 workflow: fix: missing . in path 2022-02-21 11:01:44 +01:00
phantinuss 2cecd0e6ef workflow: rename steps 2022-02-21 11:01:44 +01:00
phantinuss 0c473a3e77 workflow: evaluate findings, exclude known FPs 2022-02-21 11:01:44 +01:00
phantinuss 20761d0332 workflow: link to latest release 2022-02-21 11:01:44 +01:00
phantinuss 48eefe29f7 workflow: verbose remove of deprecated rules 2022-02-21 11:01:43 +01:00
phantinuss 00f1f561dd workflow: fix: missing -l grep flag 2022-02-21 11:01:43 +01:00
phantinuss d3397929b4 workflow: fix: quote command with pipe 2022-02-21 11:01:43 +01:00
phantinuss e6fe8fdedd workflow: execute evtx-sigma-checker 2022-02-21 11:01:43 +01:00
frack113 8ed456258f Use correct pipenv version 2021-11-08 18:22:23 +01:00
Gábor Lipták d2592ee0b6 Add yamllint to GHA 
Signed-off-by: Gábor Lipták <gliptak@gmail.com>
 2021-07-26 21:26:16 -04:00
Florian Roth 6605d302cd fix: trying to fix pipenv issue 2021-05-03 13:05:21 +02:00
Thomas Patzke 1e029b98cf Merge branch 'oscd-merge' 2021-04-06 00:22:37 +02:00
Thomas Patzke 0a28a42498 CI: Install Python dependencies in virtual env 2021-04-05 22:57:50 +02:00