security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
16,535 Commits 1 Branch 57 Tags
c19e9cb2a4bd23c1bfbc85c398e6c7cbfd4eb016
Commit Graph

27 Commits

Author SHA1 Message Date
david-syk 3eaaa050b7 Merge PR #5452 from @david-syk - Update the MITRE ATT&CK tags for multiple rules 
chore: update the MITRE ATT&CK tags for multiple rules
 2025-06-04 14:39:25 +02:00
github-actions[bot] 08c52c367c Merge PR #5027 from @nasbench - Promote older rules status from experimental to test 
chore: promote older rules status from experimental to test

Co-authored-by: nasbench <nasbench@users.noreply.github.com>
 2024-10-01 14:56:09 +02:00
Nasreddine Bencherchali 598d29f811 Merge PR #4950 from @nasbench - Comply With v2 Spec Changes 
chore: change tags, date, modified fields to comply with v2 of the Sigma spec.
chore: update the related type from `obsoletes` to `obsolete`.
chore: update local json schema to the latest version.
 2024-08-12 12:02:50 +02:00
Fukusuke Takahashi dbba992bc3 Merge PR #4960 from @fukusuket - Update unreachable/broken references 
chore: Unix Shell Configuration Modification - Update unreachable/broken references
chore: JNDIExploit Pattern - Update unreachable/broken references
chore: Load Of RstrtMgr.DLL By A Suspicious Process - Update unreachable/broken references
chore: Load Of RstrtMgr.DLL By An Uncommon Process - Update unreachable/broken references
chore: Potential appverifUI.DLL Sideloading - Update unreachable/broken references
chore: Potential Dead Drop Resolvers - Update unreachable/broken references
chore: HackTool - SecurityXploded Execution - Update unreachable/broken references
chore: Suspicious Processes Spawned by Java.EXE - Update unreachable/broken references
chore: Shell Process Spawned by Java.EXE - Update unreachable/broken references
chore: New Firewall Rule Added Via Netsh.EXE - Update unreachable/broken references
chore: PUA - AdvancedRun Execution - Update unreachable/broken references
chore: PUA - AdvancedRun Suspicious Execution - Update unreachable/broken references
chore: PUA - NSudo Execution - Update unreachable/broken references
chore: Windows Processes Suspicious Parent Directory - Update unreachable/broken references
chore: Suspect Svchost Activity - Update unreachable/broken references
chore: Whoami.EXE Execution From Privileged Process - Update unreachable/broken references
chore: Turla PNG Dropper Service - Update unreachable/broken references
chore: Exploiting SetupComplete.cmd CVE-2019-1378 - Update unreachable/broken references
chore: Log4j RCE CVE-2021-44228 Generic - Update unreachable/broken references
chore: Log4j RCE CVE-2021-44228 in Fields - Update unreachable/broken references
chore: .Class Extension URI Ending Request - Update unreachable/broken references
chore: DLL Call by Ordinal Via Rundll32.EXE - Update unreachable/broken references
 2024-08-10 12:52:28 +02:00
github-actions[bot] ae960f0881 Merge PR #4611 from @nasbench - Promote Older Rules Status From experimental To test 
chore: promote older rules status from experimental to test

Co-authored-by: nasbench <nasbench@users.noreply.github.com>
 2023-12-01 12:50:36 +01:00
Thurein Oo f5553c037a Merge PR #4552 from @ThureinOo - Add Detection of CVE-2023-46747 Remote Code Execution 
new: CVE-2023-46747 Exploitation Activity - Proxy
new: CVE-2023-46747 Exploitation Activity - Webserver
new: F5 BIG-IP iControl Rest API Command Execution - Proxy
new: F5 BIG-IP iControl Rest API Command Execution - Webserver

---------

Co-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>
 2023-11-14 09:41:49 +01:00
github-actions[bot] a6e7cce606 Merge PR #4533 from @nasbench - Promote experimental rules 
chore: promote older rules status from `experimental` to `test`

---------

Co-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>
 2023-11-02 10:48:45 +01:00
Nasreddine Bencherchali 95793d73bd Merge PR #4482 From @nasbench - Add New Automation Workflows 
chore: update workflows and add quality of life updates and automation to the repository

---------

Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-10-18 11:53:44 +02:00
frack113 020fc8061f Merge PR #4479 From @frack113 - Upgrade Rules Status 
chore: Upgrade status level from `experimental` to `test` for rules that have not changed in 300 days

---------

Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>
Co-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>
 2023-10-17 14:35:26 +02:00
Thurein Oo 1e7a5b0cb3 Merge PR #4417 from @ThureinOo - Update SQL injections 
update: Added some bypass methods used by SQLI Injectors.

---------

Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2023-09-06 11:19:10 +02:00
Thurein Oo d43c500240 Merge PR #4416 from @ThureinOo - Increase SQL Injection Coverage 
update: Detects sql injection exploitation attempts - Increase coverage

---------

Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-09-01 13:58:34 +02:00
Thurein Oo 421bbed383 Merge PR #4409 from @ThureinOo - Increase Coverage Of Path Traversal Exploitation Rule 
update: Detects path traversal exploitation attempts - Increase coverage

---------

Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-09-01 10:54:32 +02:00
Tessa Georgen 60b8e9b70f Merge PR #4392 from @tjgeorgen - Update MITRE Tags 
- update: update MITRE tags for multiple rules

---------

Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2023-08-28 16:53:27 +02:00
phantinuss 6c4408ddff chore: fix typo of lowercase Windows in description 2023-06-21 09:52:43 +02:00
frack113 c1a9712558 Review Web logsource 2023-05-08 11:04:16 +02:00
Nasreddine Bencherchali 637d610884 chore: move rules to new folders (#4205) 2023-05-02 23:17:57 +02:00
Nasreddine Bencherchali 797a8d0784 Update web_cve_2021_26858_iis_rce.yml 2023-04-26 10:42:38 +02:00
BlueT - Matthew Lien - 練喆明 8471faea15 fix web_cve_2021_26858_iis_rce.yml (all of -> "|all") 
https://github.com/SigmaHQ/sigma/pull/3952
https://github.com/SigmaHQ/sigma-specification/discussions/53
 2023-04-26 07:05:09 +08:00
Nasreddine Bencherchali 3d9372bef3 feat: new rules, updates and fp fixes (#4136) 2023-04-03 12:06:14 +02:00
Nasreddine Bencherchali 4da9252bba fix: add missing space 2023-02-23 19:33:00 +01:00
Bhabesh d3cfc7a7fa Fixed field name 2023-02-24 00:12:16 +05:45
Bhabesh dee1558a8d Added rule (fixed) for CVE-2023-23752 in Joomla 2023-02-23 23:40:08 +05:45
IsaAlMannaei d9d9227910 feat: new rule related to CVE-2022-21587 (#4037) 2023-02-14 14:30:12 +01:00
Nasreddine Bencherchali 1f34cecadf fix: multiple typos 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-02-06 12:28:45 +01:00
Nasreddine Bencherchali fc818bbbdc feat: multiple updates and fixes 2023-02-03 02:22:28 +01:00
Nasreddine Bencherchali 7c38a5c496 chore: add nextron authors tag 2023-02-01 11:14:59 +01:00
frack113 8b321ba0b2 Order root rules folder 2023-01-31 14:05:08 +01:00