security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
14,235 Commits 1 Branch 57 Tags
bcce3a85aa43a936412fd32ffdfd41ea71ce1e02
Commit Graph

730 Commits

Author SHA1 Message Date
frack113 d6059d801b Filename normalisation 2023-01-07 08:52:11 +01:00
Nasreddine Bencherchali ea4b844c8e fix: broken selections 2023-01-06 17:28:29 +01:00
Nasreddine Bencherchali 7e73028c5e feat: updates and enhancements 2023-01-06 16:35:34 +01:00
frack113 39d4b577a1 Merge pull request #3872 from frack113/linux_order 
order linux file
 2023-01-05 10:18:53 +01:00
frack113 379fa4f3df Update modified 2023-01-05 09:11:49 +01:00
xFFninja a499c7076d fix Image field 
On Linux git has no .exe extension
 2023-01-05 09:47:11 +02:00
frack113 01e7adeb30 order linux file 2023-01-05 08:14:19 +01:00
Nasreddine Bencherchali d8b8cf04bd fix: wrong fp 2023-01-04 18:38:04 +01:00
Nasreddine Bencherchali 2b04519923 fix: unique item list 2023-01-04 18:26:59 +01:00
Nasreddine Bencherchali 711ba956e3 feat: updates and enhancements 2023-01-04 17:49:32 +01:00
frack113 b6426ab3f9 Fix file name 2022-12-31 18:23:37 +01:00
frack113 c2ce5d01fc Add sysmon linux v1.0.2 2022-12-31 18:08:11 +01:00
frack113 ddb5cd0ead Add sysmon linux v1.0.2 2022-12-31 18:04:21 +01:00
signalblur 73f56c2f0e Hidden Linux Binary Execution (#3108) 
Co-authored-by: Florian Roth <venom14@gmail.com>
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2022-12-31 08:27:32 +01:00
Nasreddine Bencherchali 425c29cf1c feat: add new linux rules 2022-12-29 11:17:42 +01:00
Nasreddine Bencherchali 85aa0220d0 Merge pull request #3819 from blueteam0ps/master 
lnx_auditd_debugfs_usage.yml
 2022-12-27 16:57:22 +01:00
Nasreddine Bencherchali 0d2ddb4a9b fix: small selection fix for clarity 2022-12-27 16:23:09 +01:00
Nasreddine Bencherchali 256d6a839e fix: update condition 
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2022-12-27 16:13:56 +01:00
Nasreddine Bencherchali 281dc11fc5 fix: remove correlation 2022-12-27 15:31:51 +01:00
frack113 7060db3d47 Promotion rules (#3821) 
* Promotion rules

* fix missing null

* fix: modified date

Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-27 12:29:10 +01:00
tuan 2d759cad94 Add rule delete group or user (#3822) 
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-27 11:21:14 +01:00
BlueTeamOps 1d8256fa69 Update lnx_auditd_debugfs_usage.yml 2022-12-25 09:47:19 +11:00
BlueTeamOps 81d8d1a5a7 replaced timeframe with timespan 2022-12-25 08:10:03 +11:00
BlueTeamOps 976d994cee Updated to include additional tools 
Expanded the list of Linux tools that may be used to obtain volume meta info and also included the auditd.
Removed specific switches for tools as those tools and debugfs exec within that time period will be rare.
 2022-12-25 07:57:18 +11:00
BlueTeamOps de84fbcd62 lnx_auditd_debugfs_usage.yml 2022-12-24 23:41:20 +11:00
Nasreddine Bencherchali 57e51cca2a fix: typo in near operator 2022-12-22 16:08:21 +01:00
Nasreddine Bencherchali e71d45b007 Merge branch 'SigmaHQ:master' into nasbench-rule-devel 2022-12-21 21:39:37 +01:00
Nasreddine Bencherchali 9d4bbec633 Merge pull request #3805 from zakibro/master 
Create lnx_privileged_user_creation.yml
 2022-12-21 21:35:59 +01:00
Nasreddine Bencherchali 4c7db89847 fix: improve overall structure 2022-12-21 20:40:29 +01:00
Nasreddine Bencherchali b9ae5303f1 Merge pull request #2801 from tuanhxh1/master 
add rules related to usage of "usermod"
 2022-12-21 20:33:04 +01:00
zakibro a0c07b2fba Update rules/linux/builtin/lnx_privileged_user_creation.yml 
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2022-12-21 19:31:34 +01:00
zakibro 14f006382a Update rules/linux/builtin/lnx_privileged_user_creation.yml 
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2022-12-21 19:31:24 +01:00
Nasreddine Bencherchali d51ff694a4 fix: rule status 2022-12-21 19:23:23 +01:00
zakibro 0fa4f8a454 Create lnx_privileged_user_creation.yml 
Adding new use case for tracking of Creation of privileged user in linux
 2022-12-21 18:16:20 +01:00
Nasreddine Bencherchali c97463e774 fix: update linux rules 2022-12-21 17:59:46 +01:00
Nasreddine Bencherchali 120196b2fc fix: resolve #2613 2022-12-21 10:33:31 +01:00
Nasreddine Bencherchali c36acb333f fix: typo in comment 2022-12-20 22:28:49 +01:00
Nasreddine Bencherchali e72bc1dcaf fix: add reference 2022-12-20 22:14:46 +01:00
Nasreddine Bencherchali 592e0062a1 fix: update condition and add new ref 2022-12-20 22:14:14 +01:00
zakibro 1a117d38e7 Update rules/linux/auditd/lnx_auditd_create_account.yml 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-20 19:30:26 +01:00
zakibro 59e4dc3e1c Modifying Creation Of An User Account 
Added additional test for record type of ADD_USER which should be generated whether you have created auditd rule or not.
 2022-12-20 15:51:40 +01:00
frack113 646351808e Refractor (#3794) 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-18 21:00:14 +01:00
jstnk9 647f6dc2ef Update title (#3734) 2022-11-29 07:36:45 +01:00
frack113 c820216541 Update Title (#3733) 2022-11-28 06:43:17 +01:00
frack113 cd4121d966 Update Title (#3731) 
Co-authored-by: Florian Roth <venom14@gmail.com>
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-11-27 19:19:27 +01:00
jstnk9 a573a8e1bc Title modified in several rules (#3728) 2022-11-25 15:34:38 +01:00
Nasreddine Bencherchali 6674ed0554 fix: add removed comments 2022-11-17 00:57:24 +01:00
Nasreddine Bencherchali ae149345b5 fix: fix #1972 2022-11-17 00:53:00 +01:00
Florian Roth be9bda1d54 Merge pull request #3673 from SigmaHQ/rule-devel 
fix: Adfind rule, rework: Racoon stealer UA, rule: ngrok tunneling
 2022-11-04 17:55:21 +01:00
Florian Roth ffbaee0c56 Update rules/linux/network_connection/net_connection_lnx_ngrok_tunnel.yml 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-11-04 10:49:12 +01:00