security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
13,656 Commits 1 Branch 57 Tags
cb5c19d696f047bede4cfbe1ec59427b49092bbc
Commit Graph

130 Commits

Author SHA1 Message Date
frack113 a674ee246b Update Title (#3739) 2022-11-30 11:44:15 +01:00
Nasreddine Bencherchali 4b9075e557 feat: new rules related to service creation 
New service creation rules related to remote software tools
 2022-11-28 12:09:00 +01:00
frack113 c820216541 Update Title (#3733) 2022-11-28 06:43:17 +01:00
Nasreddine Bencherchali 87b709a3e6 feat: add missing /r to cmd 2022-11-18 13:45:01 +01:00
Nasreddine Bencherchali 6603ca9202 fix: update rules to not use regex 2022-11-18 11:16:13 +01:00
phantinuss 64d10f845a fix: FPs in testing environment 2022-11-14 08:54:47 +01:00
Nasreddine Bencherchali 30869e1b2b fix: fp with defender def updates 2022-11-10 17:15:22 +01:00
Nasreddine Bencherchali cd871bbc04 fix: update rules with more cases 2022-11-10 17:04:52 +01:00
Florian Roth 928f07c366 Merge pull request #3683 from SigmaHQ/rule-devel 
rule: KDC RC4-HMAC downgrade CVE-2022-37966
 2022-11-09 10:19:04 +01:00
Florian Roth 0de60f2b9f revert: changes in krbrelay service rule 2022-11-09 09:33:37 +01:00
Florian Roth f7b91b0f05 rule: kerberos rc4 rule 2022-11-09 09:31:31 +01:00
Florian Roth 869b0962b3 rule: KDC RC4-HMAC downgrade CVE-2022-37966 2022-11-09 09:08:22 +01:00
Nasreddine Bencherchali 96b7303a31 New Rules 2022-10-31 20:59:33 +01:00
Nasreddine Bencherchali fb50c78531 Optimize selection 2022-10-31 20:57:48 +01:00
Nasreddine Bencherchali 2aff1acccd Fix typo in selection 2022-10-27 00:12:58 +02:00
Nasreddine Bencherchali 4be6af3c08 Add/Update PAExec Rules 2022-10-26 23:27:17 +02:00
Nasreddine Bencherchali 6f4250e434 Rename Service Install Rules 2022-10-26 23:17:02 +02:00
Nasreddine Bencherchali 388624e279 Update PsExec Rules 2022-10-26 23:15:01 +02:00
frack113 8b749fb126 Order yaml field 2022-10-25 11:08:51 +02:00
phantinuss f642bff744 fix: fix typos found by new check 2022-10-21 17:29:34 +02:00
frack113 7b9ab691a3 Rename rule 2022-10-14 11:25:25 +02:00
frack113 ecebb2d573 Rename system rules 2022-10-14 09:04:45 +02:00
Florian Roth 69b0b9bf93 Merge pull request #3541 from Gude5/master 
Added some rules based on elastic rules
 2022-10-12 18:01:39 +02:00
phantinuss c5fb5e1c95 fix: remove FPs found in goodlogs 2022-10-12 17:04:31 +02:00
Gude5 2a1233c965 Updated some rules after review 2022-10-11 16:31:56 +02:00
Tim Rauch 204835e388 Updated rule 71c276aa-49cd-43d2-b920-2dcd3e6962d5 2022-10-11 12:00:59 +02:00
Tim Rauch 265d9bfe09 Updated rule 71c276aa-49cd-43d2-b920-2dcd3e6962d5 2022-10-11 11:59:46 +02:00
Tim Rauch 3454738439 Merge branch 'master' 2022-10-11 11:32:20 +02:00
Gude5 2d5939e33b Merge branch 'SigmaHQ:master' into master 2022-10-11 11:29:48 +02:00
Tim Rauch b992a0e340 fix: updated rules after review 2022-10-11 11:29:08 +02:00
Nasreddine Bencherchali be0a3ad863 Add missing definition section for EID 4697 2022-10-10 10:22:46 +02:00
Florian Roth 83f93bc32c Merge branch 'master' into master 2022-10-10 00:27:48 +02:00
frack113 931fb30853 old experimental rule promotion 2022-10-09 16:54:04 +02:00
Florian Roth d8890295fe Merge branch 'master' into master 2022-10-07 16:24:30 +02:00
Florian Roth 5710507a2a Merge pull request #3567 from SigmaHQ/rule-devel 
rule: JuicyPotatoNG brute force indicator
 2022-10-07 11:36:26 +02:00
Florian Roth d36e0dffeb docs: adding comments for the params 2022-10-07 10:56:15 +02:00
Florian Roth d76bdf71df Update win_lpe_indicators_tabtip.yml 2022-10-07 10:48:52 +02:00
Florian Roth 6623778a61 fix: wrong log source 2022-10-07 10:44:35 +02:00
Nasreddine Bencherchali 2c26614ce4 Update Wildcard + Int to Str fields 2022-10-05 23:15:20 +02:00
Tim Rauch b6046803a0 fix: fixed rules after review 2022-10-04 10:06:15 +02:00
Tim Rauch 58e5b9f419 fix: removed ' from references 2022-09-29 10:21:01 +02:00
Tim Rauch 8695880f36 fix: fixed rulename 2022-09-29 09:55:14 +02:00
Tim Rauch be1f1a4505 New Rules: transformed elastic to sigma rules 2022-09-28 16:45:22 +02:00
Nasreddine Bencherchali ea183cae13 Updates+New Rules 2022-08-31 09:39:16 +02:00
Wagga f73e1c9b36 Update win_system_application_sysmon_crash.yml 2022-08-29 07:37:40 +02:00
Wagga 560bd7848e Update win_service_install_pdqdeploy_runner.yml 2022-08-29 07:31:18 +02:00
Florian Roth 33cd3e9fd9 Merge branch 'master' into rule-devel 2022-08-26 22:49:54 +02:00
Florian Roth 7c486fcf83 refactor: removed unfitting tags 2022-08-26 20:53:54 +02:00
Florian Roth dcec3280fc merge: Nasreddine's Sliver rules 2022-08-26 20:51:39 +02:00
Florian Roth d74558c31d fix: uuid 2022-08-26 20:46:23 +02:00