security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,106 Commits 1 Branch 57 Tags
cce90a669ae28fa5904154d8ebd18d335724fca3
Commit Graph

6037 Commits

Author SHA1 Message Date
frack113 cce90a669a Merge pull request #2067 from austinsonger/aws_suspicious_saml_activity.yml 
aws_suspicious_saml_activity.yml
 2021-09-23 06:34:18 +02:00
frack113 525a310c86 Merge pull request #2068 from austinsonger/typos 
Typos
 2021-09-23 06:32:49 +02:00
Austin Songer 53f426342c Update win_file_winword_cve_2021_40444.yml 2021-09-22 22:26:05 -05:00
Austin Songer ab613af365 Update sysmon_atlassian_confluence_cve_2021_26084_exploit.yml 2021-09-22 22:24:24 -05:00
Austin Songer 6942b9c5e8 Update aws_suspicious_saml_activity.yml 2021-09-22 20:16:50 -05:00
Austin Songer d1337bbfbf Create aws_suspicious_saml_activity.yml 2021-09-22 20:15:36 -05:00
Austin Songer 097c6c3537 Update okta_user_account_locked_out.yml 2021-09-22 19:54:46 -05:00
Austin Songer 05d454d794 Update okta_unauthorized_access_to_app.yml 2021-09-22 19:54:39 -05:00
Austin Songer 26b99a44c0 Update okta_security_threat_detected.yml 2021-09-22 19:54:32 -05:00
Austin Songer f55b9ef024 Update okta_policy_rule_modified_or_deleted.yml 2021-09-22 19:54:23 -05:00
Austin Songer 100eb06e7a Update okta_policy_modified_or_deleted.yml 2021-09-22 19:54:15 -05:00
Austin Songer 9d910d823a Update okta_network_zone_deactivated_or_deleted.yml 2021-09-22 19:54:09 -05:00
Austin Songer ea73c692d7 Update okta_mfa_reset_or_deactivated.yml 2021-09-22 19:54:02 -05:00
Austin Songer f673eb413e Update okta_application_sign-on_policy_modified_or_deleted.yml 2021-09-22 19:53:56 -05:00
Austin Songer 1effd8b187 Update okta_application_modified_or_deleted.yml 2021-09-22 19:53:49 -05:00
Austin Songer ccd9f8d6dc Update okta_api_token_revoked.yml 2021-09-22 19:53:43 -05:00
Austin Songer 6401f9b4d9 Update okta_api_token_created.yml 2021-09-22 19:53:36 -05:00
Austin Songer ecb18ec149 Update okta_admin_role_assigned_to_user_or_group.yml 2021-09-22 19:53:28 -05:00
Austin Songer 74452347fb Update okta_user_account_locked_out.yml 2021-09-22 19:52:43 -05:00
Austin Songer 275ebf7884 Update okta_unauthorized_access_to_app.yml 2021-09-22 19:52:36 -05:00
Austin Songer 2ab5ba0a0c Update okta_security_threat_detected.yml 2021-09-22 19:52:29 -05:00
Austin Songer 1aec430291 Update okta_policy_rule_modified_or_deleted.yml 2021-09-22 19:52:23 -05:00
Austin Songer cead26637b Update okta_policy_modified_or_deleted.yml 2021-09-22 19:52:17 -05:00
Austin Songer e1eb8c6222 Update okta_network_zone_deactivated_or_deleted.yml 2021-09-22 19:52:10 -05:00
Austin Songer 38e09f061d Update okta_mfa_reset_or_deactivated.yml 2021-09-22 19:52:04 -05:00
Austin Songer 12f76cdf6b Update okta_application_sign-on_policy_modified_or_deleted.yml 2021-09-22 19:51:58 -05:00
Austin Songer 11732970fc Update okta_application_modified_or_deleted.yml 2021-09-22 19:51:51 -05:00
Austin Songer 8dfae4c785 Update okta_api_token_revoked.yml 2021-09-22 19:51:44 -05:00
Austin Songer 1a64dc03a1 Update okta_api_token_created.yml 2021-09-22 19:51:31 -05:00
Austin Songer f186235d8f Update okta_admin_role_assigned_to_user_or_group.yml 2021-09-22 19:51:25 -05:00
frack113 3ac0d93f5b Merge pull request #2062 from Pooch11/win-apt-greenbug-fix 
win-apt-greenbug-fix small change to B64encoded value of '/server='
 2021-09-22 20:05:37 +02:00
unknown 9924cc3946 win-apt-greenbug-fix amend b64 value of /server= as seen in IOC 2021-09-22 10:33:04 -04:00
frack113 7b995f2d99 Merge pull request #2057 from secDre4mer/master 
Add two rules
 2021-09-22 09:15:32 +02:00
frack113 ac639bb9ec Merge pull request #2060 from zakibro/master 
New Rule - Linux - Auditd - Screencapture with Import Tool
 2021-09-22 08:41:50 +02:00
frack113 045e87058b add definition 2021-09-22 08:40:08 +02:00
unknown 3ace73f9fd win-apt-greenbug-fix - change modified date as well 2021-09-21 16:59:32 -04:00
unknown 993bf46550 win-apt-greenbug-fix small change to B64encoded value of '/server=' in detection criteria 2021-09-21 16:56:01 -04:00
Pawel Mazur e20e5033e7 New Rule - Linux - Auditd - Screencapture with Import Tool 2021-09-21 18:55:48 +02:00
Florian Roth d884f774f9 Update powershell_memorydump_getstoragediagnosticinfo.yml 2021-09-21 18:01:46 +02:00
phantinuss 46febf48b0 fix: remove rule, too many FPs and no better matching criteria 2021-09-21 16:52:17 +02:00
Max Altgelt bf9bc03258 chore: properly name and describe rules 2021-09-21 15:59:01 +02:00
Max Altgelt 8c3faa390c feat: Add rule for live memory dumping 2021-09-21 15:09:12 +02:00
Max Altgelt 346ff26809 feat: Add rule for syslog removal 2021-09-21 14:56:12 +02:00
frack113 5951ad1d9a Merge pull request #2056 from frack113/some_global 
Split  global rules
 2021-09-21 12:42:59 +02:00
frack113 d5e1e97ed3 Merge pull request #2055 from frack113/split_invoke 
split global win_invoke_obfuscation_*
 2021-09-21 12:42:41 +02:00
frack113 0884a70e28 fix tests.py error 2021-09-21 10:52:37 +02:00
frack113 4718f914e9 split global sysmon_hack_dumpert.yml 2021-09-21 10:43:42 +02:00
frack113 5fc82e5dc6 split global sysmon_tttracer_mod_load.yml 2021-09-21 10:39:02 +02:00
frack113 4c85858e12 split global sysmon_regsvr32_network_activity.yml 2021-09-21 10:33:47 +02:00
frack113 c0e24e9236 split global win_defender_disabled.yml 2021-09-21 10:24:52 +02:00