security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,458 Commits 1 Branch 57 Tags
becf3baeb4f6313bf267f7e8d6e9808fc0fc059c
Commit Graph

2768 Commits

Author SHA1 Message Date
frack113 becf3baeb4 Merge pull request #2813 from phantinuss/master 
Changes to falsepositives metadata
 2022-03-17 14:31:27 +01:00
Florian Roth 1ab03bd9f8 Merge pull request #2815 from SigmaHQ/rule-devel 
rule: remote thread creation, rule: get-addbaccount
 2022-03-16 18:47:03 +01:00
Florian Roth 39811e1405 refactor: uppercase values, DropLoader imphash 2022-03-16 17:56:55 +01:00
phantinuss 043747822f fix: more falsepositives harmonization 2022-03-16 14:57:06 +01:00
phantinuss 6ae28b7a1c fix: legitimate --> Legitimate 2022-03-16 14:35:19 +01:00
phantinuss 84d0c472ba fix: remove penetration test as valid false positive reason 2022-03-16 14:33:18 +01:00
phantinuss 8d3f8acb60 fix: none --> Unknown 2022-03-16 14:19:21 +01:00
phantinuss 9b82e099a3 fix: unlikely --> Unlikely 2022-03-16 14:16:10 +01:00
phantinuss 4585133325 fix: remove penetration testing as a valid false positive 2022-03-16 13:51:26 +01:00
phantinuss b23eee6ebf fix: unknown --> Unknown 2022-03-16 13:43:54 +01:00
Florian Roth 8acf6431f5 Merge pull request #2809 from SigmaHQ/rule-devel 
CrackMapExec patterns, minor addition to ncat rule, rar rule adjusted
 2022-03-16 11:25:10 +01:00
Florian Roth 0e1945beaa refactor: rar usage w password & compression level 2022-03-16 09:57:45 +01:00
Thomas Patzke 125359cfbc Merge pull request #2810 from SigmaHQ/fix 
Fixes
 2022-03-16 07:29:24 +01:00
Thomas Patzke f022b087e0 Fixed date format in rule 2022-03-15 23:31:14 +01:00
Florian Roth a10561e084 ncat pattern 2022-03-15 18:05:13 +01:00
Florian Roth 306bb438e3 CrackMapExec patterns 2022-03-15 18:05:04 +01:00
Paul Hager 87600161bf new rule from thedfirreport.com 2022-03-15 16:39:12 +01:00
Paul Hager 3b09f1c9da new rule from thedfirreport.com 2022-03-15 16:38:27 +01:00
Paul Hager 20125d87c2 new rule from thedfirreport.com 2022-03-15 16:36:57 +01:00
frack113 c5263039ae Merge pull request #2798 from frack113/moonbounce 
Add proc_creation_win_wmic_remote_command
 2022-03-13 22:22:10 +01:00
Florian Roth 70954c8153 Update proc_creation_win_wmic_remote_command.yml 2022-03-13 13:22:10 +01:00
frack113 06f51aecf5 Add proc_creation_win_wmic_remote_command 2022-03-13 12:21:00 +01:00
frack113 283246cdd0 Fix selection_tools 2022-03-12 11:15:10 +01:00
frack113 0bab1f19a9 Add proc_creation_win_network_scan_loop 2022-03-12 10:53:12 +01:00
Florian Roth 52f2b7f966 Merge pull request #2795 from SigmaHQ/rule-devel 
refactor: lsass dump files names, new: NTDS.dit exfiltration activity
 2022-03-11 20:56:06 +01:00
Florian Roth 1141f00480 fix: more lists with only one parameter 2022-03-11 20:11:06 +01:00
Florian Roth 1691f09099 fix: list with one item 2022-03-11 20:00:33 +01:00
Florian Roth c843293e47 rules: NTDS.DIT exfiltration 2022-03-11 18:14:09 +01:00
Florian Roth b96d30acc7 docs: adjustments 2022-03-11 18:13:54 +01:00
Florian Roth d033831e98 refactor: increased level of ntdsutil usage 2022-03-11 17:04:58 +01:00
Florian Roth eb2f620089 fix: FP with Suspicius Schtasks rule 2022-03-11 17:04:33 +01:00
phantinuss 587691cdc1 fix: FPs found in production environment 2022-03-09 16:22:33 +01:00
Florian Roth 187ce70e4e refactor: schtasks creation, based on parent proc 2022-03-09 08:49:23 +01:00
Florian Roth c2e6adda9d docs: changed UltraVNC flags rule < Gamaredon 2022-03-09 08:17:14 +01:00
frack113 d27a6b63a6 Merge pull request #2787 from frack113/refactor_regex 
Refactor regex
 2022-03-09 06:42:02 +01:00
frack113 c6d37d4a78 fix yaml 2022-03-08 19:14:46 +01:00
frack113 5938569d3e Refactor regex 2022-03-08 19:07:37 +01:00
Florian Roth cd2b9a36f0 Merge pull request #2762 from redsand/fp_windows_shell_spawn_suspicious_program 
Adding false positive filters for tenable nessus and amazon workspace
 2022-03-08 18:37:35 +01:00
Florian Roth 50615f807c fix: indentation 2022-03-08 17:47:20 +01:00
Florian Roth 2ef5930e66 Merge pull request #2786 from SigmaHQ/rule-devel 
fix: unused filter
 2022-03-08 09:48:45 +01:00
Florian Roth 5e360806fc filter adjustments 2022-03-08 09:48:32 +01:00
Florian Roth d872b5a329 Merge pull request #2785 from d4rk-d4nph3/master 
Added HermeticWiper IoC for Suspicious Call by Ordinal
 2022-03-08 09:46:33 +01:00
Florian Roth ffd4470079 Merge pull request #2784 from frack113/refactor_regex 
Refactor regex
 2022-03-08 09:46:19 +01:00
Florian Roth 91a7b5a304 Merge branch 'master' into pr/2785 2022-03-08 08:43:59 +01:00
Florian Roth f6d5c1645b fix: unused filter 
https://github.com/SigmaHQ/sigma/commit/df48b60cb47e9ca868ae4e7703f227500b6ad5da#commitcomment-68196360
 2022-03-08 08:41:53 +01:00
Bhabesh f8593638a8 Fixing name to HermeticWizard 2022-03-08 10:44:43 +05:45
Bhabesh 63dd632af9 Added HermeticWiper IoC for Suspicious Call by Ordinal 2022-03-08 10:42:37 +05:45
frack113 143f5fe4e2 Fix yml 2022-03-07 19:37:33 +01:00
frack113 f9c0e21323 Refactor regex 2022-03-07 19:08:30 +01:00
Florian Roth 9824a9c0d5 Merge branch 'master' into rule-devel 2022-03-07 18:30:21 +01:00