security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,249 Commits 1 Branch 57 Tags
ca41e7a93f6258a69d8e3fa8cee9546f73eaebff
Commit Graph

11912 Commits

Author SHA1 Message Date
Nasreddine Bencherchali 6e515496f7 fix: add modified 2023-04-22 21:25:11 +02:00
0xv1n d80fd4f9b7 typo in wevtutil image name 
small typo fix.
 2023-04-22 15:19:46 -04:00
Nasreddine Bencherchali 0c23616a12 fix: move to deprecated 2023-04-21 15:05:56 +02:00
Nasreddine Bencherchali 53c69e9cc2 chore: move more rules 2023-04-21 15:01:49 +02:00
Nasreddine Bencherchali b26f9a9793 chore: move more rules 2023-04-21 15:01:48 +02:00
Nasreddine Bencherchali a066ee9a4d chore: move solarwinds rules 2023-04-21 15:00:38 +02:00
Nasreddine Bencherchali 022e79fe97 chore: add readme files 2023-04-21 15:00:37 +02:00
Nasreddine Bencherchali 23a9f98eae chore: move more rules 2023-04-21 15:00:36 +02:00
Nasreddine Bencherchali 7d3ef2a1d3 chore: move more rules 2023-04-21 15:00:36 +02:00
Nasreddine Bencherchali b851734126 chore: move 3cx related rules 2023-04-21 15:00:35 +02:00
Nasreddine Bencherchali f42d6dcbed Merge pull request #4187 from nasbench/queuejumper-rules 
feat: new rules related to queuejumper
 2023-04-21 14:54:12 +02:00
Nasreddine Bencherchali faf78e1301 Merge pull request #4188 from nasbench/fw-rules-eid-updates 
feat: update firewall rules event ids
 2023-04-21 14:50:48 +02:00
Nasreddine Bencherchali 2d960a079a fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-04-21 14:45:16 +02:00
phantinuss 35b027ee1c Merge pull request #4184 from swachchhanda000/master 
Added new rule that identifies the creation of a scheduled job by usi…
 2023-04-21 13:31:22 +02:00
phantinuss d82d387071 Merge pull request #4189 from tuanhxh1/tuan.le.ncs 
Update Script Block Text When Run Phant0m Script
 2023-04-21 11:42:55 +02:00
Nasreddine Bencherchali add0ac0d9f fix: update structure and metadata 2023-04-21 11:38:13 +02:00
Nasreddine Bencherchali 95edf4c9d6 Merge pull request #4177 from pH-T/master 
feat: new hktl related rules and pwsh cmdlet updates
 2023-04-21 11:24:57 +02:00
Nasreddine Bencherchali ba63f4a222 fix: reduce level and update title 2023-04-21 11:21:13 +02:00
Nasreddine Bencherchali aa22c02039 chore: order list 2023-04-21 11:14:55 +02:00
Nasreddine Bencherchali cb5d421c4a feat: update pr related hktl rules 2023-04-21 11:06:03 +02:00
tuan 26583da2ea Update Script Block Text When Run Phant0m Script 2023-04-21 15:41:27 +07:00
Nasreddine Bencherchali 2dcc27daae feat: update fw rules eids 2023-04-21 01:50:19 +02:00
Nasreddine Bencherchali e329794762 fix: wrong eid 2023-04-21 01:21:40 +02:00
Nasreddine Bencherchali c2da93b6c1 feat: new rules related to queuejumer 2023-04-21 01:09:51 +02:00
Tess 6cb4dd9e5a remove duplicate references from rule 2023-04-20 10:47:06 -04:00
swachchhanda 39e39187f2 mend 
Corrected the syntax
 2023-04-20 19:05:19 +05:45
swachchhanda 9504a5a7a7 mend 
removed system_integrity
 2023-04-20 17:31:26 +05:45
swachchhanda b3f97c676d Added new rule that identifies the creation of a scheduled job by using an XML file without the extension of '.xml'. 2023-04-20 17:12:04 +05:45
phantinuss a8a8710dd6 Merge pull request #4148 from swachchhanda000/master 
Added support for another way of  execution of netsh
 2023-04-20 12:30:43 +02:00
phantinuss e640d9efe8 fix: minor 2023-04-20 12:11:22 +02:00
swachchhanda000 6e6b570b45 Merge branch 'SigmaHQ:master' into master 2023-04-20 15:22:22 +05:45
phantinuss 7f056da95b fix: FPs found in different environments 2023-04-20 09:48:47 +02:00
phantinuss 689ef52c66 fix: remove leading whitespace 
there can be double quotes which is a common pattern when using the command flag
 2023-04-20 09:47:29 +02:00
Frank Iacovino 4e47720427 Correct rule description in web_apache_segfault.yml 2023-04-19 11:23:52 -04:00
Florian Roth 220916f59c Merge pull request #4178 from nasbench/nash-rule-dev 
feat: new rules and updates
 2023-04-19 16:39:45 +02:00
Nasreddine Bencherchali 08e3089c64 fix: update hostname field 2023-04-19 16:16:06 +02:00
Nasreddine Bencherchali 497d856245 fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-04-19 15:50:29 +02:00
phantinuss c6c226420d Merge pull request #4172 from angelovioletti/master 
Create proc_creation_win_rundll32_ext_drive.yml
 2023-04-19 14:45:24 +02:00
Nasreddine Bencherchali e95aaa1e5d fix: small updates 2023-04-19 12:38:38 +02:00
Nasreddine Bencherchali 15b36c6577 fix: broken selection 2023-04-18 22:52:40 +02:00
Nasreddine Bencherchali c64b907b8b fix: filter 2023-04-18 22:50:18 +02:00
Nasreddine Bencherchali 83e352c52e fix: some errors 2023-04-18 22:47:11 +02:00
Nasreddine Bencherchali 61c8364c20 feat: add rules related to rogue rdp 2023-04-18 22:13:30 +02:00
Nasreddine Bencherchali 9a2ee48ef8 feat: update multiple rules 2023-04-18 18:08:08 +02:00
Nasreddine Bencherchali 4e7bb74d43 feat: update browsers selections and filters 2023-04-18 18:05:08 +02:00
Tess 107629758d remove duplicate reference urls 2023-04-18 11:03:07 -04:00
Nasreddine Bencherchali 032570a080 feat: more winget updates 2023-04-18 03:35:42 +02:00
Nasreddine Bencherchali aba4213d62 fix: reduce level and gen new uuid 2023-04-17 18:46:15 +02:00
Nasreddine Bencherchali 4a921ce821 feat: add new scm error event rules 2023-04-17 18:24:23 +02:00
Nasreddine Bencherchali f2eba9d125 feat: update winget related rules 2023-04-17 18:24:01 +02:00