security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
8,609 Commits 1 Branch 57 Tags
b424e699c091da17a316844f67cd00a894e4b211
Commit Graph

872 Commits

Author SHA1 Message Date
frack113 f8574fcd81 Add cve tags 2021-10-25 18:40:50 +02:00
phantinuss 1099d40473 rename the field 'Provider Name' to 'Provider_Name' 2021-10-13 13:04:11 +02:00
phantinuss 3d8002a237 fix: Use 'Provider Name' for windows eventlog log sources 2021-10-13 11:40:24 +02:00
phantinuss 04c37d977b fix: prevent FP triggering of other sources utilising ID 1102 2021-10-08 16:43:14 +02:00
frack113 80d09483d9 move to builtin 2021-10-05 07:33:50 +02:00
frack113 4f86a245f8 Order file i correct directory 2021-10-05 07:30:43 +02:00
frack113 c27084dd0c Merge pull request #2094 from frack113/backend_sysmon 
Fix logsource  not a string
 2021-09-28 16:22:58 +02:00
frack113 bcf40fa4e4 Fix logsource not a string 2021-09-27 18:59:05 +02:00
Florian Roth 5ef1c913cf fix: wrong condition 
https://github.com/SigmaHQ/sigma/issues/2089
 2021-09-27 18:33:57 +02:00
Florian Roth f196e3174d refactor: moved last global rule to unsupported 2021-09-26 10:54:11 +02:00
frack113 aa96f21d0f fix filename 2021-09-23 14:52:56 +02:00
frack113 c59b0eb543 Merge pull request #2063 from frack113/last_global 
Split Last Global Rules
 2021-09-23 13:54:57 +02:00
frack113 6e6d57b019 fix filename 2021-09-22 18:45:08 +02:00
frack113 3c906b52a0 fix filename 2021-09-22 16:21:07 +02:00
frack113 db9e6124e3 fix too many blank lines 2021-09-21 20:24:02 +02:00
frack113 6e08ba55c4 fix error 2021-09-21 20:16:26 +02:00
frack113 b5e91d7185 fix field name and date 2021-09-21 19:41:46 +02:00
frack113 d37685d7cc split global win_cobaltstrike_service_installs.yml 2021-09-21 19:36:34 +02:00
frack113 06a07605fd split global win_mal_creddumper.yml 2021-09-21 19:31:52 +02:00
frack113 dde3b17c20 split global win_mal_service_installs.yml 2021-09-21 16:17:59 +02:00
frack113 b9d14ef55a split global win_metasploit_or_impacket_smb_psexec_service_install.yml 2021-09-21 16:02:47 +02:00
frack113 9dbc71ca2f split global win_meterpreter_or_cobaltstrike_getsystem_service_installation.yml 2021-09-21 15:50:06 +02:00
frack113 7c8d1ab037 split global win_moriya_rootkit.yml 2021-09-21 15:18:25 +02:00
frack113 a4ad7e5358 split global win_net_ntlm_downgrade.yml 2021-09-21 15:10:08 +02:00
frack113 a5c8fba7a5 fix error 2021-09-21 15:01:51 +02:00
frack113 20a785bad3 split global win_powershell_script_installed_as_service.yml 2021-09-21 13:55:04 +02:00
frack113 8c13bd23b9 split global win_powershell_web_request 2021-09-21 13:44:19 +02:00
frack113 ba3c7a020a split global win_root_certificate_installed.yml 2021-09-21 13:34:32 +02:00
frack113 6368a88ad3 split global win_software_discovery.yml 2021-09-21 13:28:47 +02:00
frack113 332bed7906 split global win_susp_eventlog_cleared.yml 2021-09-21 13:22:40 +02:00
frack113 99f24a95a6 split global win_susp_failed_logons_single_source.yml 2021-09-21 13:19:00 +02:00
frack113 06ed7c41af split clobal win_tap_driver_installation.yml 2021-09-21 13:15:21 +02:00
frack113 10d11b7890 fix 4697 fieldname 2021-09-20 22:53:59 +02:00
frack113 b6dc4de5e1 split global win_invoke_obfuscation_* 2021-09-20 22:42:59 +02:00
frack113 feee70644f split global win_invoke_obfuscation_* 2021-09-20 22:40:33 +02:00
frack113 d5108502a2 split win_apt_chafer_mar18.yml 2021-09-19 11:48:20 +02:00
frack113 faff9e6db7 spli win_apt_slingshot.yml 2021-09-19 11:36:40 +02:00
frack113 e69ec4624a split win_apt_gallium.yml 2021-09-19 11:24:17 +02:00
frack113 06de91c92a split win_apt_wocao.yml 2021-09-19 11:07:24 +02:00
frack113 dc8ad15d1a split win_exchange_transportagent.yml 2021-09-19 11:03:16 +02:00
frack113 0288f5b626 fix condition operator case 2021-09-10 13:51:52 +02:00
Florian Roth 72ffe99b20 Merge pull request #2001 from SigmaHQ/rule-devel 
filter: empty thumbprint, PetitPotam rule
 2021-09-08 09:09:58 +02:00
frack113 e712d9696b Merge pull request #2000 from frack113/split_global 
Split frack113 global rules
 2021-09-08 06:26:35 +02:00
Thomas Patzke 143744bc12 Various fixes 
* Backslashes in regular expressions
* Casing of condition operators
* Further small errors
 2021-09-07 23:38:07 +02:00
Florian Roth 1a55f4a294 filter: empty thumbprint, PetitPotam rule 2021-09-07 14:37:03 +02:00
frack113 0e5e4fa19d Split global rules 2021-09-07 13:30:32 +02:00
Florian Roth 6b2bacd2cc Merge pull request #1979 from frack113/test_global 
Change ID in global action rule
 2021-09-06 08:44:14 +02:00
frack113 44a5792be3 Revert win_apt_apt29_tor.yml 2021-09-05 12:34:24 +02:00
frack113 ca4c156fa4 Update win_apt_apt29_tor.yml 2021-09-05 11:20:57 +02:00
frack113 acf2bfbd27 Update sigma_uuid verify 
Make a better verify code
 2021-09-05 10:43:42 +02:00