security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,089 Commits 1 Branch 57 Tags
d14e287cdf91e2a8b995de5bfbc3fa8540c1922b
Commit Graph

9355 Commits

Author SHA1 Message Date
Nasreddine Bencherchali d14e287cdf Merge pull request #4134 from nasbench/nasbench-rule-devel 
fix: fp found in testing
 2023-03-23 12:19:39 +01:00
Nasreddine Bencherchali 07956e26e9 fix: remove version number 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-03-23 12:11:29 +01:00
phantinuss afcbc08c85 fix: FP found in testing 2023-03-23 10:52:08 +01:00
Nasreddine Bencherchali 0ccef7822e fix: fp found in testing 2023-03-22 20:31:33 +01:00
Mohamed Ashraf 4c3296ce7a feat: new rule related to possible iviewers.dll sideloading (#4131) 2023-03-22 17:54:02 +01:00
xFFninja a0732b0d17 fix: update incorrect event field Accesses (#4133) 
This PR fixes the use of an incorrect field name in the rule rules/windows/builtin/security/win_security_exploit_cve_2023_23397_outlook_remote_file_query.yml
 2023-03-22 12:21:30 +01:00
Nasreddine Bencherchali bf148ad0ac fix: fp found in testing 2023-03-21 16:32:46 +01:00
Nasreddine Bencherchali 556ff56850 Merge pull request #4115 from YamatoSecurity/update-CIDR-rules 
fix: FPs on CIDR rules
 2023-03-20 21:42:23 +01:00
Nasreddine Bencherchali b52abdef5c Merge pull request #4120 from leer-ts/master 
feat: add new rule related to `CVE-2023-23397` exploitation
 2023-03-17 23:39:49 +01:00
Nasreddine Bencherchali 4bcf5b75a7 fix: remove backslash and add example 2023-03-17 23:32:10 +01:00
Nasreddine Bencherchali 4a171ae82d fix: add definition section 
Added a definition section to indicate that SACLs are required
 2023-03-17 23:26:38 +01:00
Nasreddine Bencherchali cf49c5d509 fix: update rule for SIGMAHQ standard 2023-03-17 23:14:40 +01:00
Qasim Qlf 685c3d7970 fix: detection name word 'activity' (#4119) 2023-03-17 23:11:15 +01:00
leer-ts d456305533 Create win_security_outlook_remote_file.yml 2023-03-17 17:52:12 -04:00
Yamato Security bc8ee0831a revert comments 2023-03-18 04:54:43 +09:00
Yamato Security f05993bbbe update comment 2023-03-18 04:47:42 +09:00
Yamato Security fa472be0fd Update rules/windows/builtin/security/win_security_successful_external_remote_smb_login.yml 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-03-18 04:31:25 +09:00
Yamato Security ae8199b9fa Update rules/windows/builtin/security/win_security_successful_external_remote_rdp_login.yml 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-03-18 04:31:01 +09:00
Hieu Tran 0e934bd4b4 feat: new rules related to ZScaler blog - OneNote: A Growing Threat for Malware Distribution (#4111) 2023-03-17 13:00:57 +01:00
frack113 9ce7f083ef feat: new rule Potential Binary Or Script Dropper Via PowerShell.EXE (#4116) 2023-03-17 12:56:02 +01:00
Yamato Security 4fc5bd98aa update author line 2023-03-17 08:47:01 +09:00
Florian Roth 0ebbd09ab4 fix: removed unnecessary escapes 2023-03-16 22:54:41 +01:00
Florian Roth e4864b43d2 fix: regular expression 2023-03-16 22:46:08 +01:00
Yamato Security 2600f9781d remove list of 1 2023-03-17 05:05:22 +09:00
Yamato Security dcc38973cd update CIDR rules 2023-03-17 04:26:20 +09:00
Nasreddine Bencherchali 4287d790ae Update proc_creation_win_rundll32_webdav_client_susp_execution.yml 2023-03-16 19:34:23 +01:00
Nasreddine Bencherchali 53e86c8871 Update proc_creation_win_rundll32_webdav_client_execution.yml 2023-03-16 19:23:05 +01:00
Nasreddine Bencherchali 5ca7978ebe fix: escape slashes 2023-03-16 19:20:53 +01:00
Nasreddine Bencherchali 49a43832c4 fix: enhance selection 2023-03-16 19:19:25 +01:00
Nasreddine Bencherchali db62085f77 fix: ip regex 2023-03-16 19:18:36 +01:00
Nasreddine Bencherchali 5b14835a35 feat: add new rules related to CVE-2023-23397 2023-03-16 19:17:48 +01:00
Nasreddine Bencherchali 77cd0bf6c0 fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-03-15 19:27:57 +01:00
Nasreddine Bencherchali 3ca27207be fix: tune more fp 2023-03-15 12:00:20 +01:00
Nasreddine Bencherchali 83bcab5fd6 chore: increase level of some sideloading rules 2023-03-15 01:10:52 +01:00
Nasreddine Bencherchali 64295b1ed7 fix: remove unnecessary filter 2023-03-15 00:11:35 +01:00
Nasreddine Bencherchali 1d45236bf6 fix: broken condition 2023-03-15 00:06:29 +01:00
Nasreddine Bencherchali d36f7e9819 fix: fp found in testing 2023-03-14 23:58:04 +01:00
Nasreddine Bencherchali 933e99eef8 fix: cicd errors 2023-03-14 23:21:18 +01:00
Nasreddine Bencherchali 90574160ec feat: new rules and update 2023-03-14 20:07:44 +01:00
Nasreddine Bencherchali 37544fd175 Merge branch 'SigmaHQ:master' into nasbench-rule-devel 2023-03-14 10:51:23 +01:00
Mohamed Ashraf 7d3b540de3 Update rules/windows/image_load/image_load_side_load_wazuh.yml 
update description

Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-03-14 09:59:53 +02:00
Nasreddine Bencherchali adf0ac1718 feat: attrib rules updates 2023-03-14 01:50:30 +01:00
Nasreddine Bencherchali dba3839e23 feat: new rules related to dotnet-dump 2023-03-14 01:43:14 +01:00
Nasreddine Bencherchali 77a825beea fix: improve metadata 2023-03-13 23:37:37 +01:00
Nasreddine Bencherchali 072dc5e982 fix: fp 2023-03-13 14:14:58 +01:00
Mohamed Ashraf (X__Junior) 1a4ad4c67c new rules related to possible dll sideloading 2023-03-13 14:47:52 +02:00
Florian Roth 96347ade8b Merge pull request #4099 from nasbench/nasbench-rule-devel 
feat: update and fixes
 2023-03-13 11:18:19 +01:00
Nasreddine Bencherchali a599e7b4af fix: add missing modified 2023-03-13 10:49:29 +01:00
Nasreddine Bencherchali d7083f6175 fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-03-13 10:48:08 +01:00
Nasreddine Bencherchali 5198cb3824 chore: change state to unsupported 2023-03-13 10:35:44 +01:00