security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,422 Commits 1 Branch 57 Tags
cd71edc09ca915f389e50df5b1bbb5ecd4b7f89d
Commit Graph

12032 Commits

Author SHA1 Message Date
cyb3rjy0t cd71edc09c feat: add/update rules related to odbcconf (#4228) 2023-05-23 14:08:56 +02:00
phantinuss 08861cb9dd fix: FPs in testing environment 2023-05-23 12:24:01 +02:00
phantinuss d7f3bf9736 fix: FP in prod env 2023-05-22 10:36:19 +02:00
Nasreddine Bencherchali 9d8b6def0a fix: typo in fp 2023-05-20 22:48:22 +02:00
Nasreddine Bencherchali e593068ab7 fix: fp with goopdate 2023-05-20 22:38:06 +02:00
phantinuss 12cd1f989e feat: map antivirus categoriy to Windows Defender logs 2023-05-19 14:27:56 +02:00
Nasreddine Bencherchali c24caad829 Merge pull request #4252 from nasbench/small-sieve-rules 
feat: add new rules related to small sieve
 2023-05-19 11:14:34 +02:00
frack113 e42c66557e Merge pull request #4234 from YamatoSecurity/new-rule-certificate-exported 
new rule: Certificate Exported
 2023-05-19 09:33:12 +02:00
frack113 49e737eed0 Merge pull request #4244 from YamatoSecurity/new-rule-pw-policy-enumerated 
New Windows rule: Password Policy Enumerated
 2023-05-19 09:31:18 +02:00
frack113 2c6a567f7b Merge pull request #4249 from X-Junior/wwlib-dll-sideload-rule 
Create image_load_side_load_wwlib.yml
 2023-05-19 09:28:35 +02:00
frack113 ab24689dca Merge pull request #4250 from SigmaHQ/rule-devel 
fix: issue with wildcard in rule, refactor: new LSASS dump outputs, more
 2023-05-19 09:23:12 +02:00
frack113 b249536e3d Merge pull request #4236 from YamatoSecurity/update-Suspicious-Export-PfxCertificate 
update "Suspicious Export-PfxCertificate" rule
 2023-05-19 09:19:10 +02:00
frack113 cb4b8051d7 Merge pull request #4246 from Axel-NTT/patch-1 
Update proxy_ua_bitsadmin_susp_tld.yml to use proxy field
 2023-05-19 09:18:38 +02:00
Nasreddine Bencherchali 7b662b7c3d feat: add new rules related to small sieve 2023-05-19 02:34:01 +02:00
Nasreddine Bencherchali de9f3a3521 feat: update logsource and rule 
- Add 2 new event log
  - Microsoft-Windows-CAPI2/Operational
  - Microsoft-Windows-CertificateServicesClient-Lifecycle-System/Operational
- Update required tests and rules
 2023-05-19 00:05:05 +02:00
Nasreddine Bencherchali a6e5a93e32 feat: update metadata and add process creation version 2023-05-18 23:45:48 +02:00
Nasreddine Bencherchali bc0cdf541c chore: update metadata 2023-05-18 23:29:02 +02:00
Nasreddine Bencherchali 066f57abb8 chore: update rules from r-dns to cs-host 2023-05-18 23:03:23 +02:00
Nasreddine Bencherchali d468c2fb33 feat: add more extensions and fix metadata 2023-05-18 22:55:18 +02:00
Nasreddine Bencherchali 9ebec1c6e3 fix: apply suggestions from code review 2023-05-18 22:54:53 +02:00
Nasreddine Bencherchali 0ca45bf32c chore: update metadata and filter 2023-05-18 22:33:35 +02:00
Florian Roth b923039015 fix: duplicate 2023-05-18 16:08:48 +02:00
Florian Roth 11069e87c6 docs: add url 2023-05-18 14:58:44 +02:00
Florian Roth 8bad6f0ebc .zip domain stream hash - file type download 2023-05-18 14:54:43 +02:00
Florian Roth 4b695a3cc9 refactor: adding .zip domain to suspicious list 2023-05-18 14:39:35 +02:00
Florian Roth c2e322a253 more LSASS dump outputs 2023-05-18 12:30:42 +02:00
Florian Roth 73c8c9d0a7 fix: rule using old wildcard char 2023-05-18 12:30:29 +02:00
Mohamed Ashraf (X__Junior) 1ea6e7390a Create image_load_side_load_wwlib.yml 2023-05-18 10:12:15 +03:00
Nasreddine Bencherchali 62caac4708 feat: multiple updates and new rules (#4242) 2023-05-17 17:21:59 +02:00
BlueTeamOps 7b90c00a45 feat: add new rules related to cloudflared usage (#4243) 2023-05-17 17:21:23 +02:00
Axel-NTT c1ba6e1505 Update proxy_ua_bitsadmin_susp_tld.yml to use proxy field 2023-05-17 13:46:28 +02:00
Yamato Security 2b29882868 rename filename 2023-05-17 15:50:16 +09:00
Yamato Security 4b38213911 new rule password policy enumerated 2023-05-17 15:01:45 +09:00
phantinuss 06ec405ce7 fix: specify image and loaded image 2023-05-16 15:37:13 +02:00
phantinuss 9da42e4b52 fix: FP with CheckPoint SmartConsole 2023-05-16 09:38:53 +02:00
Mohamed Ashraf 37bba95e4a feat: new rule related to roboform dll sideloading (#4230) 2023-05-15 16:36:53 +02:00
Nasreddine Bencherchali 0cb01970e7 feat: new rules, updates and goofy guineapig stuff (#4229) 2023-05-15 15:53:39 +02:00
Yamato Security 4f36d69eb2 update Suspicious Export-PfxCertificate rule 2023-05-15 12:00:55 +09:00
Nasreddine Bencherchali e51b548938 fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-05-12 10:33:05 +02:00
Nasreddine Bencherchali 2aa5b1be43 fix: move rule to correct folder 2023-05-11 21:38:39 +02:00
Nasreddine Bencherchali 77ba152b7f feat: more snake malware related rules 2023-05-11 19:54:11 +02:00
phantinuss c834b6dfcb Merge pull request #4225 from austinsonger/Okta_fastpass_phishing_detection 
Create okta_fastpass_phishing_detection.yml
 2023-05-10 09:31:02 +02:00
phantinuss 54dc2dcdb8 Merge pull request #4217 from m4nbat/NotionC2-detection-gk 
Create net_connection_win_notion.yml
 2023-05-10 08:30:15 +02:00
Austin Songer b72e7fc6eb Update rules/cloud/okta/okta_fastpass_phishing_detection.yml 
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-05-10 01:18:00 -05:00
Nasreddine Bencherchali 231c2eccab fix: filter names and title 2023-05-09 20:54:55 +02:00
Nasreddine Bencherchali e0a2d52671 Merge pull request #4218 from nasbench/fin7-rules 
feat: updates and new rules related to fin7
 2023-05-09 16:14:26 +02:00
Nasreddine Bencherchali bbf1e54510 fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-05-09 16:04:24 +02:00
phantinuss b8c08bc8a8 Merge pull request #4222 from X-Junior/solidpdfcreator-dll-sideload-rule 
feat: new rule related to possible solidpdfcreator.dll sideloading
 2023-05-09 11:35:21 +02:00
phantinuss bdea78c18a Merge pull request #4227 from frack113/review_web_logsource 
Review Web logsource
 2023-05-09 11:33:29 +02:00
Gavin Knapp 2a2a4d9cd0 Merge branch 'SigmaHQ:master' into NotionC2-detection-gk 2023-05-09 09:20:59 +01:00