security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
1,271 Commits 1 Branch 57 Tags
cc8a89b6792ba7671d45c255e3042fba5df7cadf
Commit Graph

6 Commits

Author SHA1 Message Date
Roberto Rodriguez 8c577a329f Improve Rule & Updated HELK SIGMA Standardization Config 
Rule should be focusing on the 'process_command_line' field and not just on any value of any event generated by powershell.exe.

SIGMA HELK standardization config updated to match latest HELK Common Information Model
 2018-12-08 11:30:21 +03:00
megan201296 3f5c32c6da Add MITRE ATT&CK tagging 2018-08-22 09:35:06 -05:00
Thomas Patzke 84645f4e59 Simplified rule conditions with new condition constructs 2018-03-06 23:14:43 +01:00
SherifEldeeb 48441962cc Change All "str" references to be "list"to mach schema update 2018-01-28 02:24:16 +03:00
SherifEldeeb 112a0939d7 Change "reference" to "references" to match new schema 2018-01-28 02:12:19 +03:00
Florian Roth 8d36e2a1b5 Rule: Suspicious PowerShell Parameter Substring 2017-03-13 17:23:25 +01:00