security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
16,483 Commits 1 Branch 57 Tags
b2acd800981e1c8d9f747173eb7803f0405cebd6
Commit Graph

16 Commits

Author SHA1 Message Date
Nasreddine Bencherchali 6901221767 Merge PR #4967 from @nasbench - Revert accidental change introduced in #4950 
chore: fix `Powershell Token Obfuscation - Powershell` - Revert accidental change introduced in #4950
 2024-08-13 02:59:39 +02:00
Nasreddine Bencherchali 598d29f811 Merge PR #4950 from @nasbench - Comply With v2 Spec Changes 
chore: change tags, date, modified fields to comply with v2 of the Sigma spec.
chore: update the related type from `obsoletes` to `obsolete`.
chore: update local json schema to the latest version.
 2024-08-12 12:02:50 +02:00
Fukusuke Takahashi c8a376179b Merge PR #4964 from @fukusuket - Fix rules to not use Lookahead regex 
fix: Powershell Token Obfuscation - Powershell - Changed to not use Lookahead regex
fix: Powershell Token Obfuscation - Process Creation - Changed to not use Lookahead regex 

---------

Co-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>
 2024-08-11 11:54:46 +02:00
peterydzynski ace902b68f Merge PR #4957 from @peterydzynski - Update regex for Powershell Token Obfuscation rules 
update: Powershell Token Obfuscation - Process Creation - Optimized used regex
update: Powershell Token Obfuscation - Powershell - Optimized used regex
chore: Fixed SigmaHQ conventions broken links
 2024-08-10 13:26:42 +02:00
github-actions[bot] 367ebd9395 Merge PR #4700 from @nasbench - Promote older rules status from experimental to test 
chore: promote older rules status from experimental to test
 2024-02-01 02:09:31 +01:00
Nasreddine Bencherchali 95793d73bd Merge PR #4482 From @nasbench - Add New Automation Workflows 
chore: update workflows and add quality of life updates and automation to the repository

---------

Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-10-18 11:53:44 +02:00
phantinuss 85423f784c fix: condition filtering on all filters 2023-03-24 10:59:01 +01:00
phantinuss aa1ab49773 fix: FPs found in testing environment 2023-03-24 10:41:21 +01:00
phantinuss ecc41ad20b fix: FP with chocolatey 2023-02-21 16:38:05 +01:00
phantinuss a41a374901 fix: FPs found in testing environment 2023-01-24 10:30:43 +01:00
Nasreddine Bencherchali 711ba956e3 feat: updates and enhancements 2023-01-04 17:49:32 +01:00
Nasreddine Bencherchali a6ff066baa fix: unused filter 2023-01-03 00:32:02 +01:00
Florian Roth 2b04ae2e35 Merge branch 'master' into aurora-false-positive-fixing 2023-01-03 00:17:11 +01:00
Florian Roth fefaa57d3c fix: FPs noticed in CI testing 2023-01-03 00:16:32 +01:00
fukusuket 42ab7c0484 fix regex escape 2022-12-30 00:11:52 +09:00
frack113 0392f92a0d PowerShell Token Obfuscation (#3825) 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-27 20:03:05 +01:00