security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
13,656 Commits 1 Branch 57 Tags
cb5c19d696f047bede4cfbe1ec59427b49092bbc
Commit Graph

169 Commits

Author SHA1 Message Date
Nasreddine Bencherchali 25c41ea73c fix: update error message 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2022-11-30 10:21:24 +01:00
Nasreddine Bencherchali c2e85f4080 feat: update the test to test for lowercase 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2022-11-30 10:06:10 +01:00
Nasreddine Bencherchali 18d974c751 feat: new test for references case 2022-11-29 23:29:38 +01:00
Nasreddine Bencherchali 1d7ee1cd19 feat: enhance duplicate test (#3736) 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2022-11-29 13:47:09 +01:00
phantinuss 6ecdd77f6d chore: update submodule cti 2022-11-22 16:21:25 +01:00
Nasreddine Bencherchali 7804decd2d feat: add more clarification to the test (#3710) 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2022-11-18 11:15:50 +01:00
Nasreddine Bencherchali efe5babae5 fix: beautify regex 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2022-11-11 10:07:57 +01:00
Nasreddine Bencherchali f8e74858ae fix: add other letters 2022-11-11 09:49:53 +01:00
Nasreddine Bencherchali 8632b8ab17 fix: enhance mitre tag regex 2022-11-10 19:39:20 +01:00
phantinuss b44bced5ca enhance sigma rules tests 2022-10-21 17:29:34 +02:00
phantinuss b426785ba8 chore: new test for unknown value modifier 2022-10-11 16:25:03 +02:00
phantinuss 7d6e72a5b5 chore: fix redirect to stderr 2022-10-11 16:25:03 +02:00
phantinuss 40e0dfcb29 chore: add new known FPs 2022-09-21 13:45:28 +02:00
phantinuss e5e5cdd3b3 workflow: update evtx-baseline to v0.7 and add a new test for the data 2022-09-21 13:45:28 +02:00
phantinuss 914aa4ee31 chore: add more checks 2022-09-16 16:40:38 +02:00
Thomas Patzke 19dea55e2c Merge branch 'windash' 2022-09-08 09:34:19 +02:00
Tobias Michalski 0b93aea4d0 chore: Offline Tests 2022-08-12 14:19:08 +02:00
phantinuss 32169dbc33 chore: harmonization of generic 'nt system' user checks 
also a simple (non-commprehensive) test case to find
usages of localized user names
 2022-05-27 15:16:31 +02:00
Paul Hager 9b80dd990a added 'similar' related type 2022-05-24 09:51:48 +02:00
phantinuss 6f92a11c02 chore: test rules: check for all modifier with single item 2022-05-11 11:06:09 +02:00
phantinuss 112b715dd6 chore: test rules: reactivate single value list check 2022-05-10 17:13:04 +02:00
phantinuss 0b72aff084 chore: test rules: check title has no . in the end 2022-05-10 11:25:09 +02:00
phantinuss b4fdb13e8a chore: test rules: check for unused selections 2022-05-10 11:07:40 +02:00
phantinuss 654e9e9b9c fix: typo 2022-05-09 16:13:53 +02:00
phantinuss f6e893dde5 chore: test rules: check that title is given in the first line 2022-05-09 16:13:50 +02:00
phantinuss 3b556c728a fix: DeprecationWarning: invalid escape sequence '\.' 2022-05-09 16:08:00 +02:00
phantinuss ef3bc33288 fix: remove unneeded file read 2022-05-09 16:08:00 +02:00
phantinuss b991a5be52 chore: test rules: warn on errors or invalid FP reasons 
also adapted the existing rules to pass the tests
 2022-05-09 16:07:55 +02:00
phantinuss dbd68bf3f0 chore: test rules: capitalization on FP list entries 
Entires to the false positive list should begin with
a capital letter. e.g. Unkown instead of unkown.

Fixed the existing rules accordingly
 2022-05-09 16:07:44 +02:00
phantinuss 02fb704d9f chore: remove trailing whitespace 2022-05-09 10:23:38 +02:00
Thomas Patzke 9ee0d29d68 Windash modifier 2022-05-02 00:38:21 +02:00
Thomas Patzke 184b6bb244 Wrapping base64offset modified expansion group into ConditionOR 2022-05-01 23:07:25 +02:00
phantinuss b18184a58f workflow: add baseline chack for Windows 2022 domain controller 2022-04-21 10:48:59 +02:00
phantinuss ca0ed7aea6 chore: update local evtx check times after evtx-sigma-checker performance improvements 2022-04-21 10:48:59 +02:00
phantinuss 275bcaa923 local evtx baseline check using concurrency 2022-04-21 10:48:58 +02:00
phantinuss 21b28e4119 local evtx baseline check using concurrency 2022-04-07 14:15:44 +02:00
phantinuss 25de8a926c workflow: new baseline check against Windows 2022 2022-04-07 14:15:44 +02:00
phantinuss d323753abd workflow: new baseline check against Windows 7 32-bit 2022-04-06 17:06:54 +02:00
phantinuss b0c1c3e726 workflow: new baseline check against Windows 11 2022-04-06 16:09:51 +02:00
phantinuss e7edae7a9a tests: add 1st commandline argument for rules directory selection 2022-03-04 14:07:29 +01:00
phantinuss c69ae6e291 new test: bash script for local baseline check 
only supports Linux and MacOS
 2022-02-23 16:09:14 +01:00
Florian Roth 49502f3796 fix: wrong number of placeholders 2022-01-19 15:24:24 +01:00
Florian Roth 2a118e900a refactor: added requirement, debug output for MITRE ATTCK eval 2022-01-19 15:21:50 +01:00
phantinuss b6d4e39538 feat: check for the existence of a description field 
it is not mandatory in the sigma standard but
mandatory for this repository
 2022-01-12 12:55:49 +01:00
phantinuss 07a0a37273 feat: discourage the usage of 'all of them' and migrate existing rules to use the preferred method 'all of selection*' 2021-12-02 14:47:39 +01:00
frack113 c49b0d49fa Add deprecated status 2021-10-28 20:08:27 +02:00
frack113 c0a3f7afdd Remove my print debug 2021-10-26 12:25:26 +02:00
frack113 ba4bb061c7 Fix test_duplicate_detections for logsource 2021-10-26 12:22:18 +02:00
frack113 162d869e2b Add cve tags 2021-10-25 18:14:03 +02:00
phantinuss 55f942b526 fix: change error message 2021-10-14 08:53:50 +02:00