security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,422 Commits 1 Branch 57 Tags
cd71edc09ca915f389e50df5b1bbb5ecd4b7f89d
Commit Graph

15422 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
cyb3rjy0t cd71edc09c feat: add/update rules related to odbcconf (#4228) 2023-05-23 14:08:56 +02:00
Nasreddine Bencherchali ce15b7dc8c Merge pull request #4259 from phantinuss/master 
fix: FPs found in testing environment
 2023-05-23 12:32:49 +02:00
Nasreddine Bencherchali 94101cb44e Merge pull request #4258 from SigmaHQ/dependabot/pip/requests-2.31.0 
chore(deps): bump requests from 2.26.0 to 2.31.0
 2023-05-23 12:29:54 +02:00
phantinuss 08861cb9dd fix: FPs in testing environment 2023-05-23 12:24:01 +02:00
dependabot[bot] 709b67cdd8 chore(deps): bump requests from 2.26.0 to 2.31.0 
Bumps [requests](https://github.com/psf/requests) from 2.26.0 to 2.31.0.
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](https://github.com/psf/requests/compare/v2.26.0...v2.31.0)

---
updated-dependencies:
- dependency-name: requests
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-05-23 02:05:25 +00:00
phantinuss 5d8eb92ae2 Merge pull request #4257 from phantinuss/master 
chore: update submodule tests/cti
 2023-05-22 16:10:59 +02:00
phantinuss 24aae4d4d3 chore: update submodule tests/cti 2023-05-22 16:03:18 +02:00
Nasreddine Bencherchali ef7957075f Merge pull request #4256 from phantinuss/master 
fix: FP in prod env
 2023-05-22 11:59:10 +02:00
phantinuss d7f3bf9736 fix: FP in prod env 2023-05-22 10:36:19 +02:00
Nasreddine Bencherchali 737f18e19a Merge pull request #4255 from nasbench/fix-fp-aurora 
fix: fp with goopdate sideloading rule
 2023-05-20 22:58:08 +02:00
Nasreddine Bencherchali 9d8b6def0a fix: typo in fp 2023-05-20 22:48:22 +02:00
Nasreddine Bencherchali e593068ab7 fix: fp with goopdate 2023-05-20 22:38:06 +02:00
Nasreddine Bencherchali cc6dab493c Merge pull request #4254 from phantinuss/master 
feat: map antivirus category to Windows Defender logs
 2023-05-19 15:03:44 +02:00
Nasreddine Bencherchali 7f00ce042a chore: order event ids 2023-05-19 14:44:53 +02:00
phantinuss 12cd1f989e feat: map antivirus categoriy to Windows Defender logs 2023-05-19 14:27:56 +02:00
Josh 2015e40a05 feat: new findstr rule for passwords recon (#4251) 2023-05-19 12:15:33 +02:00
Nasreddine Bencherchali c24caad829 Merge pull request #4252 from nasbench/small-sieve-rules 
feat: add new rules related to small sieve
 2023-05-19 11:14:34 +02:00
frack113 e42c66557e Merge pull request #4234 from YamatoSecurity/new-rule-certificate-exported 
new rule: Certificate Exported
 2023-05-19 09:33:12 +02:00
frack113 49e737eed0 Merge pull request #4244 from YamatoSecurity/new-rule-pw-policy-enumerated 
New Windows rule: Password Policy Enumerated
 2023-05-19 09:31:18 +02:00
frack113 2c6a567f7b Merge pull request #4249 from X-Junior/wwlib-dll-sideload-rule 
Create image_load_side_load_wwlib.yml
 2023-05-19 09:28:35 +02:00
frack113 ab24689dca Merge pull request #4250 from SigmaHQ/rule-devel 
fix: issue with wildcard in rule, refactor: new LSASS dump outputs, more
 2023-05-19 09:23:12 +02:00
frack113 b249536e3d Merge pull request #4236 from YamatoSecurity/update-Suspicious-Export-PfxCertificate 
update "Suspicious Export-PfxCertificate" rule
 2023-05-19 09:19:10 +02:00
frack113 cb4b8051d7 Merge pull request #4246 from Axel-NTT/patch-1 
Update proxy_ua_bitsadmin_susp_tld.yml to use proxy field
 2023-05-19 09:18:38 +02:00
Nasreddine Bencherchali ec2c559365 fix: typo in field name 2023-05-19 02:42:17 +02:00
Nasreddine Bencherchali 7b662b7c3d feat: add new rules related to small sieve 2023-05-19 02:34:01 +02:00
Nasreddine Bencherchali de9f3a3521 feat: update logsource and rule 
- Add 2 new event log
  - Microsoft-Windows-CAPI2/Operational
  - Microsoft-Windows-CertificateServicesClient-Lifecycle-System/Operational
- Update required tests and rules
 2023-05-19 00:05:05 +02:00
Nasreddine Bencherchali a6e5a93e32 feat: update metadata and add process creation version 2023-05-18 23:45:48 +02:00
Nasreddine Bencherchali bc0cdf541c chore: update metadata 2023-05-18 23:29:02 +02:00
Nasreddine Bencherchali 066f57abb8 chore: update rules from r-dns to cs-host 2023-05-18 23:03:23 +02:00
Nasreddine Bencherchali d468c2fb33 feat: add more extensions and fix metadata 2023-05-18 22:55:18 +02:00
Nasreddine Bencherchali 9ebec1c6e3 fix: apply suggestions from code review 2023-05-18 22:54:53 +02:00
Josh 1cd3005159 fix: add new edge case to test_logsource.py (#4247) 
Improve the condition of the log source test to check for "NULL" values
 2023-05-18 22:36:01 +02:00
Nasreddine Bencherchali 0ca45bf32c chore: update metadata and filter 2023-05-18 22:33:35 +02:00
Adam 4038141e13 fix: typo in ET Snake malware rule filter (#4248) 2023-05-18 22:21:54 +02:00
Florian Roth b923039015 fix: duplicate 2023-05-18 16:08:48 +02:00
Florian Roth 11069e87c6 docs: add url 2023-05-18 14:58:44 +02:00
Florian Roth 8bad6f0ebc .zip domain stream hash - file type download 2023-05-18 14:54:43 +02:00
Florian Roth 4b695a3cc9 refactor: adding .zip domain to suspicious list 2023-05-18 14:39:35 +02:00
Florian Roth c2e322a253 more LSASS dump outputs 2023-05-18 12:30:42 +02:00
Florian Roth 73c8c9d0a7 fix: rule using old wildcard char 2023-05-18 12:30:29 +02:00
Mohamed Ashraf (X__Junior) 1ea6e7390a Create image_load_side_load_wwlib.yml 2023-05-18 10:12:15 +03:00
Nasreddine Bencherchali 62caac4708 feat: multiple updates and new rules (#4242) 2023-05-17 17:21:59 +02:00
BlueTeamOps 7b90c00a45 feat: add new rules related to cloudflared usage (#4243) 2023-05-17 17:21:23 +02:00
Axel-NTT c1ba6e1505 Update proxy_ua_bitsadmin_susp_tld.yml to use proxy field 2023-05-17 13:46:28 +02:00
Yamato Security 2b29882868 rename filename 2023-05-17 15:50:16 +09:00
Yamato Security 4b38213911 new rule password policy enumerated 2023-05-17 15:01:45 +09:00
Nasreddine Bencherchali 7f3eff58e1 Merge pull request #4240 from phantinuss/master 
fix: FP with CheckPoint SmartConsole
 2023-05-16 15:44:43 +02:00
phantinuss 06ec405ce7 fix: specify image and loaded image 2023-05-16 15:37:13 +02:00
phantinuss 9da42e4b52 fix: FP with CheckPoint SmartConsole 2023-05-16 09:38:53 +02:00
Mohamed Ashraf 37bba95e4a feat: new rule related to roboform dll sideloading (#4230) 2023-05-15 16:36:53 +02:00