security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,701 Commits 1 Branch 57 Tags
bc2e0a54e85d64c69ca00829f5035147cd9f7290
Commit Graph

12202 Commits

Author SHA1 Message Date
phantinuss bc2e0a54e8 fix: level 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2023-08-22 11:43:40 +02:00
phantinuss 24e7333f15 fix: typo 2023-08-22 11:43:04 +02:00
Nasreddine Bencherchali 89c6ea2ef0 Update rules/web/proxy_generic/proxy_webdav_search_ms.yml 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-08-22 11:42:08 +02:00
Nasreddine Bencherchali 201066947b feat: update detection & metadata 2023-08-22 11:00:55 +02:00
Micah Babinski edd3c4dc76 Corrected 'related' section 2023-08-04 19:42:18 -07:00
Micah Babinski acc59520fa Renamed process creation rule to proper format. 2023-08-04 18:19:21 -07:00
Micah Babinski 8d16ed2cc2 Added search(-ms)/WebDAV rules 2023-08-04 17:37:54 -07:00
Nasreddine Bencherchali 4735f5bb62 Merge pull request #4366 from nasbench/new-rules-august-23 
feat: new rules and updates
 2023-08-04 13:25:46 +02:00
Nasreddine Bencherchali 134c3ff3aa Update rules/windows/process_creation/proc_creation_win_csc_susp_parent.yml 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-08-04 11:30:44 +02:00
Nasreddine Bencherchali db8e3d2661 Update rules/windows/registry/registry_set/registry_set_persistence_shim_database_susp_application.yml 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-08-04 11:12:18 +02:00
phantinuss bca13a3612 fix: wording 2023-08-04 10:44:46 +02:00
Nasreddine Bencherchali 73a8284411 Merge pull request #4371 from faisalusuf/new_rules 2023-08-04 10:31:20 +02:00
Nasreddine Bencherchali 1e0fb02ef7 Update proc_creation_lnx_ssm_agent_abuse.yml 2023-08-04 00:09:48 +02:00
Nasreddine Bencherchali 30933109cd feat: more updates 2023-08-03 18:50:16 +02:00
z00t d854c66616 Title has been update to avoid duplication. 2023-08-03 19:38:29 +05:00
phantinuss 8837bb770b fix: FP with perfmon.exe 2023-08-03 15:55:11 +02:00
z00t 5c0f48ae55 New rule created for Linux OS. 2023-08-03 18:35:12 +05:00
z00t de4e50ff01 feat: add new rule related to "Amazon SSM Agent" potential abuse (#4369) 2023-08-03 11:42:50 +02:00
Nasreddine Bencherchali b9beedee76 feat: update csc rules 2023-08-02 13:16:10 +02:00
Nasreddine Bencherchali 381b135ba7 feat: update shim rules 2023-08-01 23:13:18 +02:00
Nasreddine Bencherchali e69daf27a1 fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-07-31 12:28:34 +02:00
Nasreddine Bencherchali 2e45a9ca73 Update win_security_susp_lsass_dump_generic.yml 2023-07-31 10:17:20 +02:00
Nasreddine Bencherchali 8dca7aa1ba feat: more updates 2023-07-28 14:32:57 +02:00
Nasreddine Bencherchali 9a73c33554 fix: duplicate ids and missing selections 2023-07-27 14:58:47 +02:00
Nasreddine Bencherchali b24e863a1c feat: add VMwareToolBoxCmd persistence 2023-07-27 14:44:37 +02:00
Nasreddine Bencherchali 1d10fd8d52 feat: update curl & wget rules 2023-07-27 13:58:57 +02:00
Nasreddine Bencherchali b20e7b449c feat: rules update 2023-07-26 10:56:18 +02:00
phantinuss 250d6c0dd0 fix: selection to use all strings 2023-07-25 10:17:54 +02:00
phantinuss 9f9f2321de fix: FP found with missing commandlines 2023-07-25 10:17:54 +02:00
Nasreddine Bencherchali d79fdf6f51 Merge pull request #4355 from nasbench/new-rules-13-07-23 
feat: new rules and updates
 2023-07-24 14:58:49 +02:00
Nasreddine Bencherchali e1d07780b3 fix: fp 2023-07-24 14:08:45 +02:00
Nasreddine Bencherchali ad0d3f58ac fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-07-24 12:35:11 +02:00
Nasreddine Bencherchali 57a4dadd15 Merge pull request #4358 from frack113/redcannary_T1547_015 2023-07-24 12:13:34 +02:00
Nasreddine Bencherchali 72b658b4c2 Update proc_creation_win_susp_ntfs_short_name_use_image.yml 2023-07-24 11:44:59 +02:00
Nasreddine Bencherchali a97c96aacc fix: fp 2023-07-24 11:01:02 +02:00
Nasreddine Bencherchali 6794bb0e27 Update file_event_win_susp_windows_terminal_profile.yml 2023-07-24 10:37:56 +02:00
frack113 c46546a017 Add file_event_win_susp_windows_terminal_profile 
Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-07-22 10:07:45 +02:00
Nasreddine Bencherchali 1e02a7db4c Apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-07-20 15:47:14 +02:00
Nasreddine Bencherchali db9214e8d2 fix: typos 2023-07-20 14:13:13 +02:00
Nasreddine Bencherchali e6003c19cd Apply suggestions from code review 2023-07-20 14:08:49 +02:00
Nasreddine Bencherchali 1ed5629eb2 feat: update filter 2023-07-20 14:01:35 +02:00
Nasreddine Bencherchali f7acf07882 Merge branch 'SigmaHQ:master' into new-rules-13-07-23 2023-07-20 13:51:48 +02:00
Nasreddine Bencherchali 73f44e61d1 feat: add more rules 2023-07-20 13:47:30 +02:00
frack113 03ec08f933 Add Sysmon 28-29 rules 
Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-07-20 12:38:11 +02:00
frack113 9acc4e1823 feat: add rules related to pwsh set-acl cmdlet usage (#4352) 2023-07-20 11:08:44 +02:00
Florian Roth 764963c2c7 refactor: increased level 2023-07-18 14:09:12 +02:00
Josh f083be8458 Fixed typo in comment 
DragonOK and not dargonOK :)
 2023-07-17 14:39:48 -04:00
Nasreddine Bencherchali 7ca5639d1d Merge pull request #4346 from X-Junior/CVE-2023-36884-rules 
feat: new rules related to CVE-2023-36884
 2023-07-17 14:31:33 +02:00
phantinuss b99089e252 fix: typo 2023-07-17 13:57:27 +02:00
Nasreddine Bencherchali 2c3d19f335 Merge pull request #4293 from danielbohannon/patch-1 2023-07-17 12:19:05 +02:00