security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
13,656 Commits 1 Branch 57 Tags
cb5c19d696f047bede4cfbe1ec59427b49092bbc
Commit Graph

242 Commits

Author SHA1 Message Date
frack113 a674ee246b Update Title (#3739) 2022-11-30 11:44:15 +01:00
frack113 c820216541 Update Title (#3733) 2022-11-28 06:43:17 +01:00
frack113 cd4121d966 Update Title (#3731) 
Co-authored-by: Florian Roth <venom14@gmail.com>
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-11-27 19:19:27 +01:00
jstnk9 3572e9d9ea titles modified (#3730) 2022-11-26 08:49:30 +01:00
jstnk9 a573a8e1bc Title modified in several rules (#3728) 2022-11-25 15:34:38 +01:00
Nasreddine Bencherchali b6dce4b6a5 feat: general fixes 2022-11-22 01:22:36 +01:00
frack113 cc340f2247 Apply suggestions from code review 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-11-18 15:43:08 +01:00
frack113 4bd0cd07ea .NET CLR Usage Log 2022-11-18 13:24:58 +01:00
Nasreddine Bencherchali 20b0a6bad8 Rule Dev 2022-11-18 11:15:28 +01:00
Florian Roth b4e2530df5 updated modified date 2022-11-09 18:32:47 +01:00
Nasreddine Bencherchali 5a70e402b3 Update rules 2022-11-09 16:13:17 +01:00
phantinuss 97d5255c2e fix: new FPs found in testing environment 2022-11-01 16:19:14 +01:00
Nasreddine Bencherchali bb84e503fa Merge branch 'master' into nasbench-rule-devel 2022-10-26 10:39:55 +02:00
frack113 940f89d43d Order yaml field 2022-10-26 06:16:55 +02:00
Nasreddine Bencherchali 29661b98af Apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2022-10-25 15:17:50 +02:00
Nasreddine Bencherchali cc1e7231c6 Create registry_set_disable_macroruntimescanscope.yml 2022-10-25 00:42:16 +02:00
frack113 0865182271 Merge pull request #3619 from phantinuss/master 
Fix Testing/Rules
 2022-10-21 18:30:48 +02:00
Florian Roth e9d7c3fdfc Merge pull request #3611 from nasbench/fix-false-positives 
Fix FP In Testing
 2022-10-21 18:11:27 +02:00
frack113 af6c1ab3dd Update registry_set_taskcache_entry.yml 2022-10-21 18:05:06 +02:00
phantinuss f642bff744 fix: fix typos found by new check 2022-10-21 17:29:34 +02:00
phantinuss 5bf0c43984 fix: FPs in testing in connection to Aurora 2022-10-21 17:29:34 +02:00
Florian Roth 0d9879506a Update registry_delete_removal_com_hijacking_registry_key.yml 2022-10-21 08:55:34 +02:00
Florian Roth 41ae5444c5 Update registry_set_asep_reg_keys_modification_currentversion.yml 2022-10-21 08:55:10 +02:00
frack113 c3f41918db Update registry_set_asep_reg_keys_modification_currentversion.yml 2022-10-21 07:00:25 +02:00
phantinuss f4420ca3c3 fix: FPs found in testing environment 2022-10-20 17:25:23 +02:00
Nasreddine Bencherchali 43f6b7fd54 Update registry_set_asep_reg_keys_modification_currentversion.yml 2022-10-20 15:58:27 +02:00
Nasreddine Bencherchali a13a5efd47 More FP tuning 2022-10-20 11:51:06 +02:00
phantinuss 09b94e2081 fix: FP on test system 2022-10-20 11:08:41 +02:00
phantinuss a5b08d5b9c fix: FPs on test machine 2022-10-18 16:39:04 +02:00
Florian Roth 9e7e252397 Merge pull request #3594 from SigmaHQ/aurora-false-positive-fixing 
fix: DropBox FP
 2022-10-14 18:02:05 +02:00
Florian Roth 8205af46f7 fix: DropBox FP 2022-10-14 15:43:32 +02:00
Nasreddine Bencherchali f5a0299e35 Fix FP from testing on Win7 2022-10-11 14:04:28 +02:00
frack113 cf7a348028 Fix related 2022-10-09 17:28:05 +02:00
frack113 931fb30853 old experimental rule promotion 2022-10-09 16:54:04 +02:00
Florian Roth b634e1a3f9 Merge pull request #3562 from nasbench/pysigma-fix 
PySigma Issues Fix
 2022-10-07 09:21:15 +02:00
frack113 7539d29e8b Merge pull request #3559 from nasbench/nasbench-rule-devel 
Rule Dev
 2022-10-07 06:07:43 +02:00
nasreddine.bencherchali@nextron-systems.com 8f9c79b3a5 Update registry_set_powershell_in_run_keys.yml 2022-10-06 16:57:24 +02:00
nasreddine.bencherchali@nextron-systems.com 91cf9ce926 Fix modifier 2022-10-06 10:04:01 +02:00
Florian Roth 235b104495 Update registry_set_register_custom_protocol_handler.yml 2022-10-06 09:27:59 +02:00
Florian Roth 84641cc955 Update registry_set_susp_user_shell_folders.yml 2022-10-06 09:25:13 +02:00
Nasreddine Bencherchali 2c26614ce4 Update Wildcard + Int to Str fields 2022-10-05 23:15:20 +02:00
frack113 5bd9dd76aa Redcannary rules 2022-10-02 11:34:33 +02:00
Nasreddine Bencherchali 99a0c129ea Create registry_set_register_custom_protocol_handler.yml 2022-09-29 22:06:18 +02:00
Florian Roth 14fdf75ab5 fix: FPs noticed with THOR 2022-09-29 13:51:09 +02:00
Florian Roth 5b5c261c98 Merge branch 'master' into aurora-false-positive-fixing 2022-09-29 13:41:25 +02:00
Florian Roth c31fe50f4d fix: FPs noticed in THOR testing 2022-09-29 13:41:20 +02:00
Nasreddine Bencherchali cdd9aff032 Fix FP 2022-09-29 11:20:08 +02:00
frack113 a9dd6f7ff0 Add registry_set_change_winevt_channelaccess (#3505) 2022-09-28 09:53:46 +02:00
phantinuss cc5cda0a22 fix: needs to be contains now 2022-09-21 14:10:50 +02:00
phantinuss b7f20b884c fix: FPs from new evtx-baseline 2022-09-21 13:51:19 +02:00