security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
14,235 Commits 1 Branch 57 Tags
bcce3a85aa43a936412fd32ffdfd41ea71ce1e02
Commit Graph

105 Commits

Author SHA1 Message Date
frack113 379fa4f3df Update modified 2023-01-05 09:11:49 +01:00
xFFninja a499c7076d fix Image field 
On Linux git has no .exe extension
 2023-01-05 09:47:11 +02:00
Nasreddine Bencherchali d8b8cf04bd fix: wrong fp 2023-01-04 18:38:04 +01:00
Nasreddine Bencherchali 2b04519923 fix: unique item list 2023-01-04 18:26:59 +01:00
Nasreddine Bencherchali 711ba956e3 feat: updates and enhancements 2023-01-04 17:49:32 +01:00
Nasreddine Bencherchali 425c29cf1c feat: add new linux rules 2022-12-29 11:17:42 +01:00
frack113 7060db3d47 Promotion rules (#3821) 
* Promotion rules

* fix missing null

* fix: modified date

Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-27 12:29:10 +01:00
tuan 2d759cad94 Add rule delete group or user (#3822) 
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-27 11:21:14 +01:00
Nasreddine Bencherchali b9ae5303f1 Merge pull request #2801 from tuanhxh1/master 
add rules related to usage of "usermod"
 2022-12-21 20:33:04 +01:00
Nasreddine Bencherchali d51ff694a4 fix: rule status 2022-12-21 19:23:23 +01:00
Nasreddine Bencherchali c97463e774 fix: update linux rules 2022-12-21 17:59:46 +01:00
frack113 c820216541 Update Title (#3733) 2022-11-28 06:43:17 +01:00
jstnk9 a573a8e1bc Title modified in several rules (#3728) 2022-11-25 15:34:38 +01:00
frack113 11cb03181e Order yaml field 2022-10-25 08:53:44 +02:00
frack113 931fb30853 old experimental rule promotion 2022-10-09 16:54:04 +02:00
Nasreddine Bencherchali 545d8170e6 Update proc_creation_lnx_sudo_cve_2019_14287.yml 2022-10-06 00:18:18 +02:00
Nasreddine Bencherchali 2c26614ce4 Update Wildcard + Int to Str fields 2022-10-05 23:15:20 +02:00
Nasreddine Bencherchali 7176d672b5 Fix wildcard 2022-10-05 17:21:34 +02:00
Rachel Rice 24e87d0f34 fix: Rename Linux process creation rule to use established pattern 
One rule had filename beginning 'prox' rather than 'proc'.

Signed-off-by: Rachel Rice <rachel.rice@lacework.net>
 2022-09-22 17:42:54 +01:00
nasreddine.bencherchali@nextron-systems.com 9d5652c4c2 Update proc_creation_lnx_services_stop_and_disable.yml 2022-09-16 13:43:01 +02:00
nasreddine.bencherchali@nextron-systems.com 7f3158d09e Fix after review 2022-09-16 11:47:19 +02:00
nasreddine.bencherchali@nextron-systems.com 5dfa871cef Update proc_creation_lnx_base64_shebang_cli.yml 2022-09-16 09:38:00 +02:00
nasreddine.bencherchali@nextron-systems.com 33271e9034 Quick update 2022-09-16 09:29:45 +02:00
nasreddine.bencherchali@nextron-systems.com 4fc62dee7c Linux rules update 2022-09-16 09:22:57 +02:00
Nasreddine Bencherchali be25ff87e2 Update proc_creation_lnx_webshell_detection.yml 2022-08-01 23:40:34 +01:00
Nasreddine Bencherchali f45eba2002 Update proc_creation_lnx_webshell_detection.yml 2022-08-01 23:28:49 +01:00
Paul Hager ecf12bf6af new rules: lnx susp shell exec 2022-07-26 16:40:12 +02:00
Nasreddine Bencherchali a0a318edfc Update proc_creation_lnx_cve_2022_33891_spark_shell_command_injection.yml 2022-07-21 15:17:48 +01:00
Nasreddine Bencherchali a46b20b78c Update proc_creation_lnx_cve_2022_33891_spark_shell_command_injection.yml 2022-07-21 14:42:54 +01:00
Nasreddine Bencherchali a8b283ba5f Update 2022-07-20 13:40:24 +01:00
Nasreddine Bencherchali 1392ca1ec5 Fix review 2022-07-11 20:27:42 +01:00
Nasreddine Bencherchali cee1206b18 Update proc_creation_lnx_system_network_discovery.yml 2022-07-11 18:18:38 +01:00
Nasreddine Bencherchali 238e0ecd7d Update Ref+Selection 2022-07-11 14:11:53 +01:00
Nasreddine Bencherchali aec95b6d65 Update selections and indentation 2022-07-07 20:13:45 +01:00
Nasreddine Bencherchali d03f6df250 Reference Update [Batch 1] 2022-07-07 15:24:15 +01:00
Nasreddine Bencherchali d89b20d06e Switch links to permalinks 2022-07-05 19:43:07 +01:00
Nasreddine Bencherchali 498cc55a86 Triple Cross Rules 2022-07-05 15:58:22 +01:00
Florian Roth 926d72f7c2 fix: missing upper tick 2022-06-22 07:07:38 +02:00
Florian Roth e04003577f Update proc_creation_lnx_susp_history_recon.yml 2022-06-22 07:05:03 +02:00
Florian Roth fe72dbf62f Update proc_creation_lnx_susp_history_delete.yml 2022-06-22 07:04:30 +02:00
Florian Roth 8096f06c18 fix: condition 2022-06-21 17:55:49 +02:00
Florian Roth ffbe19404e fix: two rules 2022-06-21 17:45:50 +02:00
Florian Roth 3f189e52c1 fix: typo in status 2022-06-21 17:21:44 +02:00
Florian Roth d2e86f9001 rule: Linux cmdline rules 2022-06-21 08:26:23 +02:00
Florian Roth f728893364 refactor: rule level adjustments - critical to high 2022-06-18 17:43:22 +02:00
Nasreddine Bencherchali 143d70a959 Renamed CVE rule 5 2022-06-14 22:06:07 +01:00
Florian Roth 21c363cec9 Merge pull request #3102 from securepeacock/patch-25 
Create proc_creation_lnx_nohup.yml
 2022-06-07 10:47:34 +02:00
Florian Roth cc67d69360 Merge pull request #3100 from hazedav/dd-endswith 
fix(rule): lnx_dd_file_overwrite /bin symlinks
 2022-06-07 10:45:56 +02:00
Florian Roth 9d4822b400 Update proc_creation_lnx_nohup.yml 2022-06-07 10:35:08 +02:00
securepeacock e7b47c9069 Create proc_creation_lnx_nohup.yml 2022-06-06 23:22:50 -04:00