blue-team-tools

Author	SHA1	Message	Date
$frack113$ frack113	b424e699c0	Merge pull request #2236 from frack113/pipenv_2021_5_29 Use correct pipenv version	2021-11-08 19:00:59 +01:00
$frack113$ frack113	8ed456258f	Use correct pipenv version	2021-11-08 18:22:23 +01:00
$frack113$ frack113	7f087797d6	Merge pull request #2175 from frack113/elastic_is_bad_in_regex manage start end regex for Elastic	2021-11-05 12:27:18 +01:00
$frack113$ frack113	80d2aee944	Merge pull request #2227 from redsand/remove_duplicate_powershell_check Removing duplicate rule of Powershell memory check	2021-11-05 11:15:38 +01:00
$frack113$ frack113	3416db7301	Merge pull request #2225 from frack113/cmdl32 add win_pc_susp_cmdl32_lolbas	2021-11-04 20:58:50 +01:00
$frack113$ frack113	a811acde00	Merge pull request #2224 from frack113/schtasks_appdata add win_pc_susp_schtasks_user_temp	2021-11-04 20:58:31 +01:00
Tim Shelton	dda204bd51	updating yaml	2021-11-04 18:56:07 +00:00
Tim Shelton	e266491f0a	adding obsoletes tags	2021-11-04 18:36:55 +00:00
$frack113$ frack113	e058e56c22	fix unknown	2021-11-04 18:07:16 +01:00
Tim Shelton	1ae596b634	removing rule 867613fb-fa60-4497-a017-a82df74a172c . this is a duplicate of 092bc4b9-3d1d-43b4-a6b4-8c8acd83522f and does not contain an allow list of known processes.	2021-11-04 17:07:00 +00:00
$frack113$ frack113	5506b1c566	add OriginalFileName	2021-11-04 13:42:04 +01:00
$frack113$ frack113	b43d1bf809	Merge pull request #2223 from zakibro/master Linux - Auditd - Loading of Kernel Module via Insmod rule	2021-11-03 21:10:45 +01:00
$frack113$ frack113	edb1458791	add win_pc_susp_cmdl32_lolbas	2021-11-03 20:45:21 +01:00
$frack113$ frack113	be6186fa1c	Forget the Local	2021-11-03 17:01:34 +01:00
$frack113$ frack113	5a4db26ec7	add win_pc_susp_schtasks_user_temp	2021-11-03 15:14:34 +01:00
zakibro	30f13d41f5	Update lnx_auditd_load_module_insmod.yml fixing missing date	2021-11-02 17:16:59 +01:00
Pawel Mazur	dd7817917c	Linux - Auditd - Loading of Kernel Module via Insmod rule	2021-11-02 17:04:39 +01:00
$frack113$ frack113	eb9428ff6a	Merge pull request #2221 from skirankumar/master Added another application	2021-11-02 16:28:33 +01:00
$frack113$ frack113	e599ddc26a	Merge pull request #2220 from frack113/unsecure_level add win_pc_set_policies_to_unsecure_level	2021-11-02 16:28:21 +01:00
$frack113$ frack113	d7612739e7	Merge pull request #2219 from jordischoots/fix-error-introduced-in-commit-58d9e41 Fix errors introduced at commit `58d9e41`	2021-11-02 06:34:46 +01:00
S.kiran kumar	802cdb0189	Added another application	2021-11-01 21:41:57 +05:30
Jordi Schoots	23ed626287	Change location value=str(value)	2021-11-01 16:05:34 +01:00
$frack113$ frack113	2a2bfab06e	add win_pc_set_policies_to_unsecure_level	2021-11-01 15:35:46 +01:00
Jordi Schoots	9d0123e782	Fix errors introduced at commit `58d9e41`	2021-11-01 12:40:41 +01:00
$frack113$ frack113	fb750721b2	Merge pull request #2212 from frack113/new_status New status from discussions	2021-10-31 20:38:28 +01:00
$frack113$ frack113	eb242fba28	Merge pull request #2214 from elhoim/patch-1 Adding multiple named pipes	2021-10-31 07:44:31 +01:00
$frack113$ frack113	9f7d4a832e	Update sysmon_mal_namedpipes.yml	2021-10-31 07:03:27 +01:00
$frack113$ frack113	21654923be	Merge pull request #2218 from frack113/malware_run add user temp folder	2021-10-31 07:01:10 +01:00
$frack113$ frack113	eba2f3b68f	add temp folder	2021-10-30 17:28:07 +02:00
David André	0de88e2f30	Added four other named pipes and corrected one missing slash	2021-10-29 16:33:07 +02:00
David André	8c57d29561	Added turla hyperstack named pipe	2021-10-29 15:49:04 +02:00
$frack113$ frack113	bcdf13c680	Merge pull request #2213 from frack113/fix_rule Fix detection file_event_mal_vhd_download.yml	2021-10-29 12:26:06 +02:00
$frack113$ frack113	a936f1afb7	Merge pull request #2211 from nasbench/master Update winlogbeat-modules-enabled.yml	2021-10-29 12:25:30 +02:00
$frack113$ frack113	e34ac47b03	Merge pull request #2210 from phantinuss/newrules fix FPs found in production environment	2021-10-29 12:25:19 +02:00
phantinuss	4b18d5e45c	chore: set status to test	2021-10-29 09:57:19 +02:00
$frack113$ frack113	ef0f836a71	Fix detection	2021-10-29 08:21:41 +02:00
$frack113$ frack113	626d794f15	Merge branch 'new_status' of github.com:frack113/sigma into new_status	2021-10-29 06:54:03 +02:00
$frack113$ frack113	b2d66c41f3	change to unsupported status	2021-10-29 06:53:24 +02:00
$frack113$ frack113	f4b1dcfc72	cleanup code	2021-10-28 20:56:19 +02:00
$frack113$ frack113	c49b0d49fa	Add deprecated status	2021-10-28 20:08:27 +02:00
$frack113$ frack113	e9d163cdd1	add filter not status	2021-10-28 19:46:36 +02:00
Nasreddine Bencherchali	1015d3fe68	Update winlogbeat-modules-enabled.yml - Fixed typos in FileVersion, Description, Product, and Company fields for image_load category. - Added separate OriginalFileName fields for process_creation, image_load categories.	2021-10-28 16:05:40 +01:00
phantinuss	6fb27eeb76	fix: fix FPs found in production environment	2021-10-28 13:32:15 +02:00
$frack113$ frack113	8b86a79ef0	Merge pull request #2206 from frack113/order Move rules to correct directory	2021-10-28 06:26:45 +02:00
$frack113$ frack113	7f56dc1e18	Merge pull request #2205 from frack113/sysmon13_30 Add sysmon 13.30 ParentUser	2021-10-28 06:26:22 +02:00
$frack113$ frack113	d91eb0d0c0	Merge pull request #2204 from phantinuss/newrules New Rule: windows commandline path obfuscation	2021-10-28 06:25:52 +02:00
$frack113$ frack113	957ba042f0	Merge pull request #2203 from OTRF/feature/Sysmon-v1330-Rules Unsupported rules now possible with Sysmonv13.30	2021-10-28 06:25:35 +02:00
Roberto Rodriguez	7543b3e2a6	added definition to Sysmon 13.30 rule for priv escalation	2021-10-27 11:56:19 -04:00
$frack113$ frack113	781598351d	Add SourceUser and TargetUser	2021-10-27 17:13:34 +02:00
$frack113$ frack113	c228cde0cb	Move to correct directory	2021-10-27 14:38:51 +02:00

1 2 3 4 5 ...

8609 Commits