security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
9,157 Commits 1 Branch 57 Tags
bd575505ff75dd67a68c07122f6eca55f9cdb7ca
Commit Graph

165 Commits

Author SHA1 Message Date
Florian Roth 48289bdab9 Merge branch 'aurora-false-positive-fixing' of https://github.com/SigmaHQ/sigma into aurora-false-positive-fixing 2021-12-05 11:21:43 +01:00
Florian Roth cb4ee6fbee fix: FPs noticed with Aurora 2021-12-05 11:21:40 +01:00
Florian Roth 4a1b6bb5f8 Merge pull request #2380 from SigmaHQ/aurora-false-positive-fixing 
fix: FPs noticed with Aurora
 2021-12-04 12:12:18 +01:00
Florian Roth 0bc0502b24 fix: FPs noticed with Aurora 2021-12-04 10:57:13 +01:00
frack113 5e0326f461 Merge pull request #2376 from frack113/fix_FP 
Fix some FP
 2021-12-04 08:57:58 +01:00
frack113 18d35e6477 Use 1 of filter 2021-12-04 08:12:23 +01:00
Florian Roth 29cbdf80c2 Merge branch 'aurora-false-positive-fixing' of https://github.com/SigmaHQ/sigma into aurora-false-positive-fixing 2021-12-03 19:03:14 +01:00
Florian Roth bcc5010e7e fix: more FPs noticed with Aurora 2021-12-03 19:02:24 +01:00
frack113 47653faa71 update modified 2021-12-03 18:25:55 +01:00
frack113 2707122de8 fix FP mscorsvw.exe 2021-12-03 18:24:33 +01:00
frack113 4dbf10017d Add FP on new windows 10 VM 2021-12-03 17:31:59 +01:00
Florian Roth 9597cc8063 fix: filter condition in SystemDrawing Load rule 2021-12-02 12:55:42 +01:00
Florian Roth 4d7fd953a5 revert change to filters in dbghelp/dbgcore rule 2021-11-29 15:47:50 +01:00
Florian Roth 820cc0ccf8 Merge branch 'master' into rule-devel 2021-11-29 11:00:25 +01:00
Florian Roth ef7810fa8b fix: fixing issues with wildcard symbol 
https://github.com/SigmaHQ/sigma/issues/2339
 2021-11-29 10:57:01 +01:00
Florian Roth 330fcf485c Merge branch 'master' into promote_status 2021-11-27 17:15:56 +01:00
Florian Roth b1ee26c6aa fix: more FPs noticed with Aurora 2021-11-27 14:54:03 +01:00
Florian Roth aca1a5d959 fix: microsoft edge filter 2021-11-27 13:10:53 +01:00
Florian Roth 2844e58369 fix: FPs noticed with Aurora 2021-11-27 11:52:48 +01:00
frack113 01dc930c17 Change status for old rules 2021-11-27 11:33:14 +01:00
Florian Roth 97207bdf81 Merge branch 'master' into aurora-false-positive-fixing 2021-11-27 09:22:15 +01:00
Florian Roth 0ad9f9a859 fix: FPs noticed with Aurora 2021-11-27 09:13:53 +01:00
Florian Roth a832b8ffb9 refactor: changed filter to be more explicit 2021-11-27 08:53:05 +01:00
Florian Roth 1702c057c6 Merge branch 'master' into rule-devel 2021-11-26 20:02:40 +01:00
Florian Roth 03cddbba29 fix: FPs 2021-11-26 20:00:55 +01:00
Florian Roth d91b925873 fix: FPs 2021-11-26 14:42:21 +01:00
Florian Roth a6c9a8772c Merge branch 'master' into aurora-false-positive-fixing 2021-11-26 00:09:09 +01:00
Florian Roth 11fc576103 fix: FPs with rules 2021-11-25 19:04:27 +01:00
phantinuss 979a00c2f4 fix: FPs found with Aurora 2021-11-25 15:36:08 +01:00
Florian Roth f60e8e5d17 fix: more false positive filters 2021-11-24 16:58:53 +01:00
Florian Roth fd6e3bb572 fix: dbghelp/dbgcore DLL load FP 2021-11-24 13:47:30 +01:00
Florian Roth 88cc418b98 Merge branch 'rule-devel' into aurora-false-positive-fixing 2021-11-24 13:42:00 +01:00
Florian Roth 37b445d3bb fix: FPs that only show up in Aurora 
Sysmon configs are often too restricted
 2021-11-24 00:27:43 +01:00
Florian Roth f1c31bda02 fix: FPs noticed in Suspicious System.Drawing Load 2021-11-23 12:33:11 +01:00
Florian Roth 614046c241 fix: missing filter in condition 2021-11-23 09:37:20 +01:00
Florian Roth e778372d1f Merge pull request #2295 from SigmaHQ/aurora-false-positive-fixing 
Aurora false positive fixing
 2021-11-22 15:19:05 +01:00
Florian Roth d5eff9ef6d fix: FP with In-memory PowerShell rule and Visual Studio 2021-11-22 13:45:31 +01:00
Florian Roth 145d05e756 Merge pull request #2294 from SigmaHQ/aurora-false-positive-fixing 
fix: FPs with Aurora
 2021-11-22 13:30:07 +01:00
Florian Roth db03d08b11 Merge pull request #2293 from SigmaHQ/rule-devel 
fix: 0x1000 access on LSASS, rule: new LSASS access, rule: CVE-2021-41379
 2021-11-22 13:29:31 +01:00
Florian Roth a5b7a92d91 fix: FPs with Aurora 2021-11-22 12:20:21 +01:00
Florian Roth 0da02fbc46 fix: image_load in sysmon doesn't contain a command line 2021-11-20 19:58:21 +01:00
Florian Roth ed4e771700 Merge pull request #2287 from frack113/tags 
Add missing Mitre Techniques Tags for windows rules
 2021-11-20 15:38:25 +01:00
Florian Roth dfbaadf932 fix: FPs - extended filter 2021-11-20 13:01:24 +01:00
frack113 f47d0da3f7 add missing MITRE Techniques 2021-11-20 12:26:01 +01:00
Florian Roth 5b8b622658 fix: too many false positives with WMI Modules Loaded 2021-11-20 11:54:19 +01:00
Florian Roth 1fffb57df0 fix: FPs with different rules 2021-11-20 11:33:43 +01:00
Florian Roth 4acbb15713 Merge branch 'master' into rule-devel 2021-11-19 15:52:21 +01:00
Florian Roth 86f7c2b9f9 fix: FPs with WMI module rule 2021-11-19 12:15:01 +01:00
Florian Roth 23220e7d78 Merge branch 'rule-devel' of https://github.com/SigmaHQ/sigma into rule-devel 2021-11-17 19:00:06 +01:00
Florian Roth c71d9dba89 fix: false positive with WMI rule 2021-11-17 18:59:22 +01:00