security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,633 Commits 1 Branch 57 Tags
c07a9adb9bd2f6025973ba62d4f7d52f024cfec2
Commit Graph

8633 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Florian Roth c07a9adb9b fix: moved rule written for DNS/Sysmon to the correct folder 2021-11-09 17:30:15 +01:00
Florian Roth 39283c0ac2 CobaltStrike DNS rules 2021-11-09 17:29:43 +01:00
Florian Roth 37b9abd827 fix: date field 2021-11-09 16:52:19 +01:00
Florian Roth 77e9decc64 Merge branch 'master' into rule-devel 2021-11-09 16:45:49 +01:00
Florian Roth c61ca81d9c refactor: raw disk access rule FPs 2021-11-09 16:15:31 +01:00
frack113 96d68f5736 Merge pull request #2239 from dvas0004/patch-5 
Update elk-winlogbeat.yml
 2021-11-09 14:02:02 +01:00
David Vassallo e1ecd379fa Update elk-winlogbeat.yml 
Adding "RelativeTargetName" since it's used by `win_lm_namedpipe.yml`
 2021-11-09 13:38:31 +02:00
frack113 73e2b5fae6 Merge pull request #2233 from frack113/zipexec 
Add win_pc_susp_zipexec
 2021-11-08 22:46:17 +01:00
frack113 3e670a876f Merge pull request #2232 from frack113/fix_sysmon_rule 
fix logsources
 2021-11-08 21:28:44 +01:00
frack113 d3c3cd9930 Merge pull request #2230 from frack113/process_creation_clean 
Process creation directory clean
 2021-11-08 21:27:25 +01:00
frack113 24b1d781ad Merge pull request #2229 from frack113/fiw_windows 
fix product windows case
 2021-11-08 21:27:01 +01:00
frack113 94c8d01df1 Merge branch 'SigmaHQ:master' into zipexec 2021-11-08 19:02:46 +01:00
frack113 f58aa4401e Merge branch 'SigmaHQ:master' into process_creation_clean 2021-11-08 19:02:32 +01:00
frack113 5a5b64c7a2 Merge branch 'SigmaHQ:master' into fix_sysmon_rule 2021-11-08 19:02:25 +01:00
frack113 d13ccc8cba Merge branch 'SigmaHQ:master' into fiw_windows 2021-11-08 19:02:00 +01:00
frack113 b424e699c0 Merge pull request #2236 from frack113/pipenv_2021_5_29 
Use correct pipenv version
 2021-11-08 19:00:59 +01:00
frack113 8ed456258f Use correct pipenv version 2021-11-08 18:22:23 +01:00
Florian Roth 3f57251768 Merge branch 'master' into rule-devel 2021-11-08 11:46:35 +01:00
Florian Roth d43f845157 Update proxy_cobalt_malformed_uas.yml 2021-11-08 11:21:49 +01:00
Florian Roth 20f4099cec rule: Kirbi file creation 2021-11-08 11:21:40 +01:00
frack113 4672762010 add win_pc_susp_zipexec 2021-11-07 21:57:40 +01:00
frack113 e51dab10c2 fix logsources 2021-11-07 09:55:02 +01:00
frack113 aa8694fdef add missing category 2021-11-06 10:17:12 +01:00
frack113 68d30293b5 Cleanup process_creation 2021-11-06 10:16:16 +01:00
frack113 a3f3ec84c9 fix product windows case 2021-11-05 13:16:24 +01:00
frack113 7f087797d6 Merge pull request #2175 from frack113/elastic_is_bad_in_regex 
manage start end regex for Elastic
 2021-11-05 12:27:18 +01:00
frack113 80d2aee944 Merge pull request #2227 from redsand/remove_duplicate_powershell_check 
Removing duplicate rule of Powershell memory check
 2021-11-05 11:15:38 +01:00
frack113 3416db7301 Merge pull request #2225 from frack113/cmdl32 
add win_pc_susp_cmdl32_lolbas
 2021-11-04 20:58:50 +01:00
frack113 a811acde00 Merge pull request #2224 from frack113/schtasks_appdata 
add win_pc_susp_schtasks_user_temp
 2021-11-04 20:58:31 +01:00
Tim Shelton dda204bd51 updating yaml 2021-11-04 18:56:07 +00:00
Tim Shelton e266491f0a adding obsoletes tags 2021-11-04 18:36:55 +00:00
frack113 e058e56c22 fix unknown 2021-11-04 18:07:16 +01:00
Tim Shelton 1ae596b634 removing rule 867613fb-fa60-4497-a017-a82df74a172c . this is a duplicate of 092bc4b9-3d1d-43b4-a6b4-8c8acd83522f and does not contain an allow list of known processes. 2021-11-04 17:07:00 +00:00
frack113 5506b1c566 add OriginalFileName 2021-11-04 13:42:04 +01:00
frack113 b43d1bf809 Merge pull request #2223 from zakibro/master 
Linux - Auditd - Loading of Kernel Module via Insmod rule
 2021-11-03 21:10:45 +01:00
frack113 edb1458791 add win_pc_susp_cmdl32_lolbas 2021-11-03 20:45:21 +01:00
frack113 be6186fa1c Forget the Local 2021-11-03 17:01:34 +01:00
frack113 5a4db26ec7 add win_pc_susp_schtasks_user_temp 2021-11-03 15:14:34 +01:00
zakibro 30f13d41f5 Update lnx_auditd_load_module_insmod.yml 
fixing missing date
 2021-11-02 17:16:59 +01:00
Pawel Mazur dd7817917c Linux - Auditd - Loading of Kernel Module via Insmod rule 2021-11-02 17:04:39 +01:00
frack113 eb9428ff6a Merge pull request #2221 from skirankumar/master 
Added another application
 2021-11-02 16:28:33 +01:00
frack113 e599ddc26a Merge pull request #2220 from frack113/unsecure_level 
add win_pc_set_policies_to_unsecure_level
 2021-11-02 16:28:21 +01:00
frack113 d7612739e7 Merge pull request #2219 from jordischoots/fix-error-introduced-in-commit-58d9e41 
Fix errors introduced at commit 58d9e41
 2021-11-02 06:34:46 +01:00
S.kiran kumar 802cdb0189 Added another application 2021-11-01 21:41:57 +05:30
Jordi Schoots 23ed626287 Change location value=str(value) 2021-11-01 16:05:34 +01:00
frack113 2a2bfab06e add win_pc_set_policies_to_unsecure_level 2021-11-01 15:35:46 +01:00
Jordi Schoots 9d0123e782 Fix errors introduced at commit 58d9e41 2021-11-01 12:40:41 +01:00
frack113 fb750721b2 Merge pull request #2212 from frack113/new_status 
New status from discussions
 2021-10-31 20:38:28 +01:00
frack113 eb242fba28 Merge pull request #2214 from elhoim/patch-1 
Adding multiple named pipes
 2021-10-31 07:44:31 +01:00
frack113 9f7d4a832e Update sysmon_mal_namedpipes.yml 2021-10-31 07:03:27 +01:00