security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
13,656 Commits 1 Branch 57 Tags
cb5c19d696f047bede4cfbe1ec59427b49092bbc
Commit Graph

44 Commits

Author SHA1 Message Date
frack113 0f3eefdc9c Update title (#3746) 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-02 18:10:43 +01:00
frack113 a674ee246b Update Title (#3739) 2022-11-30 11:44:15 +01:00
Nasreddine Bencherchali 1d7ee1cd19 feat: enhance duplicate test (#3736) 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2022-11-29 13:47:09 +01:00
Florian Roth b56537bffb fix: some rules using ??? placeholders 2022-11-29 10:31:18 +01:00
jstnk9 647f6dc2ef Update title (#3734) 2022-11-29 07:36:45 +01:00
Aurakal c536b262c9 Create file_event_win_remote_cred_dump.yml (#3732) 2022-11-27 19:31:48 +01:00
Nasreddine Bencherchali b6dce4b6a5 feat: general fixes 2022-11-22 01:22:36 +01:00
frack113 cc340f2247 Apply suggestions from code review 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-11-18 15:43:08 +01:00
frack113 58a732e4b6 Update rules/windows/file/file_event/file_event_win_net_cli_artefact.yml 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-11-18 15:42:37 +01:00
frack113 4bd0cd07ea .NET CLR Usage Log 2022-11-18 13:24:58 +01:00
phantinuss 9317454bc8 fix: bcdedit by svchost FP 2022-11-10 16:31:54 +01:00
Florian Roth 9e68c45df0 Merge pull request #3684 from nasbench/nasbench-rule-devel 
Rule Dev
 2022-11-09 20:04:15 +01:00
phantinuss 691649d932 fix: bcedit downloaded to C:\Windows\SoftwareDistribution 2022-11-09 16:44:58 +01:00
Nasreddine Bencherchali 39d66b4e94 Merge branch 'master' into nasbench-rule-devel 2022-11-09 16:14:38 +01:00
Nasreddine Bencherchali 2e224baa94 Update file_event_win_creation_system_file.yml 2022-11-08 12:49:53 +01:00
Nasreddine Bencherchali f9d54c722f Update file_event_win_susp_dropper.yml 2022-11-08 12:42:47 +01:00
Nasreddine Bencherchali 33bd200a89 Fix FP 2022-11-08 12:32:44 +01:00
Nasreddine Bencherchali 024d76d5e5 Fix typo in conditions 2022-11-08 12:10:20 +01:00
Nasreddine Bencherchali 220e9c2c90 Fix FP 2022-11-08 12:05:38 +01:00
phantinuss af2dc36699 new rule for lnk files with lower score 2022-11-07 14:14:04 +01:00
phantinuss 496d1b6a2a fix: add bcedit filter and sort selection 2022-11-07 13:37:11 +01:00
Nasreddine Bencherchali 841b311dd0 Merge branch 'nasbench-rule-devel' of https://github.com/nasbench/sigma into nasbench-rule-devel 2022-11-07 11:57:18 +01:00
Nasreddine Bencherchali 753772a177 Rename+Metadata Update 2022-11-04 11:59:11 +01:00
Nasreddine Bencherchali 5ee9428e59 Fix 2022-11-03 09:39:48 +01:00
frack113 c1c4ef0f9c Merge pull request #3655 from nasbench/nasbench-rule-devel 
Rule Dev
 2022-10-29 09:39:12 +02:00
Mustafa Kaan Demir 27822a0827 DomainPasswordSpray Attacks Rule 2022-10-29 09:36:40 +02:00
Nasreddine Bencherchali 761bf551b1 Add more system processes 2022-10-28 17:25:53 +02:00
Nasreddine Bencherchali bb8d7b3414 Add more suspicious extensions 2022-10-28 17:25:41 +02:00
Nasreddine Bencherchali 84a4b6ccb0 Rename 2022-10-28 13:14:35 +02:00
Gude5 a3e6856764 new rules: Sigma rules based on Elastic rules (#3632) 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-10-28 10:13:44 +02:00
Nasreddine Bencherchali efe0cf5871 Add/Update Exchange/Mailbox Rules 2022-10-26 23:17:54 +02:00
Nasreddine Bencherchali 388624e279 Update PsExec Rules 2022-10-26 23:15:01 +02:00
Nasreddine Bencherchali bb84e503fa Merge branch 'master' into nasbench-rule-devel 2022-10-26 10:39:55 +02:00
frack113 fac6732827 Order yaml field 2022-10-26 06:16:30 +02:00
frack113 d2ca4694b2 Merge pull request #3638 from frack113/issues_3634 
Add logsource definition
 2022-10-25 18:20:15 +02:00
phantinuss 176f3ab1b9 fix: FP in testing environment 2022-10-25 16:21:14 +02:00
frack113 5bd0b33a3b Add logsource definition 2022-10-25 14:16:08 +02:00
Nasreddine Bencherchali ada1121447 Add Office Token Stealing Rules 2022-10-25 01:14:27 +02:00
Nasreddine Bencherchali 34e9f0530b Add Inveigh Rules 2022-10-24 22:57:48 +02:00
Nasreddine Bencherchali 1ee657b1fc Update Hacktool Rules 2022-10-20 11:55:59 +02:00
Nasreddine Bencherchali 01826d2a3b New File Access Rules 
Added new files access rules related to windows dpapi files/keys
 2022-10-18 11:51:24 +02:00
frack113 2247e87945 Order file rule 2022-10-16 09:25:51 +02:00
Florian Roth a6bfd33d81 Merge branch 'master' of https://github.com/SigmaHQ/sigma into aurora-false-positive-fixing 2022-10-15 11:30:58 +02:00
frack113 3cc42cfe61 Move file category rules 2022-10-13 13:25:05 +02:00