blue-team-tools

Author	SHA1	Message	Date
github-actions[bot]	ec827cccb6	Merge PR #5448 from @nasbench - Promote older rules status from `experimental` to `test` Co-authored-by: nasbench <nasbench@users.noreply.github.com>	2025-06-02 13:29:48 +02:00
$frack113$ frack113	83b9ff50bc	Merge PR #5418 from @frack113 - chore: 🧹 Update MITRE V17 DLL tags chore: Update MITRE T1574.002 as is now merge into T1574.001 in the V17	2025-05-15 12:17:10 +02:00
Nasreddine Bencherchali	598d29f811	Merge PR #4950 from @nasbench - Comply With v2 Spec Changes chore: change tags, date, modified fields to comply with v2 of the Sigma spec. chore: update the related type from `obsoletes` to `obsolete`. chore: update local json schema to the latest version.	2024-08-12 12:02:50 +02:00
Josh	22f02953b5	Merge PR #4952 from @joshnck - Fix `Potential DLL Sideloading Of DbgModel.DLL` fix: Potential DLL Sideloading Of DbgModel.DLL - Exclude Dell Support Assistant --------- Co-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>	2024-08-07 10:25:18 +02:00
Nasreddine Bencherchali	779111a0dd	Merge PR #4928 from @nasbench - Fix FPs and issues found in testing fix: Potential DLL Sideloading Of DbgModel.DLL - Update selection name to match the condition fix: NTLM Logon - Remove unnecessary field fix: Potential Commandline Obfuscation Using Unicode Characters - Remove legitimate currency characters as they could be used in document names fix: Suspicious SYSTEM User Process Creation - Update `ping` filter to account for other FP variants found in the wild.	2024-07-24 09:22:49 +02:00
fornotes	d4cb9fde6f	Merge PR #4906 from @fornotes - Update and add new dll sideloading rules update: Potential System DLL Sideloading From Non System Locations - Add new entries to increase coverage new: Potential DLL Sideloading Of DbgModel.DLL new: Potential DLL Sideloading Of MpSvc.DLL new: Potential DLL Sideloading Of MsCorSvc.DLL --------- Co-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>	2024-07-11 12:57:37 +02:00

6 Commits