security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,089 Commits 1 Branch 57 Tags
d14e287cdf91e2a8b995de5bfbc3fa8540c1922b
Commit Graph

1538 Commits

Author SHA1 Message Date
phantinuss afcbc08c85 fix: FP found in testing 2023-03-23 10:52:08 +01:00
xFFninja a0732b0d17 fix: update incorrect event field Accesses (#4133) 
This PR fixes the use of an incorrect field name in the rule rules/windows/builtin/security/win_security_exploit_cve_2023_23397_outlook_remote_file_query.yml
 2023-03-22 12:21:30 +01:00
Nasreddine Bencherchali bf148ad0ac fix: fp found in testing 2023-03-21 16:32:46 +01:00
Nasreddine Bencherchali 556ff56850 Merge pull request #4115 from YamatoSecurity/update-CIDR-rules 
fix: FPs on CIDR rules
 2023-03-20 21:42:23 +01:00
Nasreddine Bencherchali 4bcf5b75a7 fix: remove backslash and add example 2023-03-17 23:32:10 +01:00
Nasreddine Bencherchali 4a171ae82d fix: add definition section 
Added a definition section to indicate that SACLs are required
 2023-03-17 23:26:38 +01:00
Nasreddine Bencherchali cf49c5d509 fix: update rule for SIGMAHQ standard 2023-03-17 23:14:40 +01:00
leer-ts d456305533 Create win_security_outlook_remote_file.yml 2023-03-17 17:52:12 -04:00
Yamato Security bc8ee0831a revert comments 2023-03-18 04:54:43 +09:00
Yamato Security f05993bbbe update comment 2023-03-18 04:47:42 +09:00
Yamato Security fa472be0fd Update rules/windows/builtin/security/win_security_successful_external_remote_smb_login.yml 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-03-18 04:31:25 +09:00
Yamato Security ae8199b9fa Update rules/windows/builtin/security/win_security_successful_external_remote_rdp_login.yml 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-03-18 04:31:01 +09:00
Yamato Security 4fc5bd98aa update author line 2023-03-17 08:47:01 +09:00
Yamato Security 2600f9781d remove list of 1 2023-03-17 05:05:22 +09:00
Yamato Security dcc38973cd update CIDR rules 2023-03-17 04:26:20 +09:00
Nasreddine Bencherchali 3ca27207be fix: tune more fp 2023-03-15 12:00:20 +01:00
Nasreddine Bencherchali d36f7e9819 fix: fp found in testing 2023-03-14 23:58:04 +01:00
Florian Roth 96347ade8b Merge pull request #4099 from nasbench/nasbench-rule-devel 
feat: update and fixes
 2023-03-13 11:18:19 +01:00
Nasreddine Bencherchali 5198cb3824 chore: change state to unsupported 2023-03-13 10:35:44 +01:00
Yamato Security 7c79441245 moved multi-line condition to single line 2023-03-13 13:54:43 +09:00
Nasreddine Bencherchali f23780de6f feat: update and fixes 2023-03-09 22:10:42 +01:00
Nasreddine Bencherchali 7303137b14 fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-03-07 17:07:12 +01:00
Nasreddine Bencherchali e3503d5d60 feat: more updates 2023-03-06 00:39:26 +01:00
Nasreddine Bencherchali 1950fd389a fix: rollback previous state of the rule 2023-02-28 21:10:08 +01:00
Nasreddine Bencherchali 7f18403f51 Merge pull request #4077 from frack113/firewall 
feat: add win_firewall_as_add_rule_susp_folder
 2023-02-27 21:26:39 +01:00
frack113 506e124135 Update win_firewall_as_add_rule_susp_folder.yml 2023-02-27 17:36:44 +01:00
frack113 ca5cde25aa Update win_firewall_as_add_rule_susp_folder.yml 2023-02-27 17:25:27 +01:00
phantinuss 6e1853cd1a chore: remove unnecessary provider_name filter for security log 2023-02-27 13:04:39 +01:00
Nasreddine Bencherchali c533f8fcf2 fix: typos and title 2023-02-27 11:37:52 +01:00
frack113 d29474079d Add win_firewall_as_add_rule_susp_folder 2023-02-26 15:50:17 +01:00
Nasreddine Bencherchali 587fbbce58 chore: update pipe-notation rules to unsupported 2023-02-24 19:54:14 +01:00
phantinuss cca426c5a3 fix: FP with empty user and ip address 2023-02-23 11:38:47 +01:00
Qasim Qlf 908b25bccb fix: One value of imagePath was wrong 
it was "clip" that is already covered by "clipboard]::".

Real value is "&&" .

Reference: 
Sigma Rule Id: 4edf51e1-cb83-4e1a-bc39-800e396068e3
Link: https://github.com/SigmaHQ/sigma/blob/master/rules/windows/builtin/security/win_security_invoke_obfuscation_clip_services_security.yml
 2023-02-20 20:49:52 +05:00
Qasim Qlf 2ec65de9a2 fix: taskName property 2023-02-20 16:08:53 +05:00
Nasreddine Bencherchali 518ff956ef fix: typos and improve wording 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-02-08 10:29:48 +01:00
Nasreddine Bencherchali 75df97b4bc fix: apply suggestions from code review 2023-02-07 18:44:26 +01:00
Nasreddine Bencherchali 0dd23365ad fix: fp found in test dataset 2023-02-07 14:49:42 +01:00
Nasreddine Bencherchali a19a75b0b0 fix: resolves #4015 2023-02-07 14:33:56 +01:00
Nasreddine Bencherchali a7a4bce9b8 feat: update and enhancements 2023-02-07 13:55:14 +01:00
Wagga 273fdb9985 fix: typos in multiple rules (#4011) 2023-02-06 13:53:23 +01:00
Nasreddine Bencherchali 68f0833cbc feat: more fixes and updates 2023-02-05 21:46:22 +01:00
Nasreddine Bencherchali 24c6f5f21e Merge branch 'SigmaHQ:master' into nasbench-rule-devel 2023-02-04 11:43:38 +01:00
Florian Roth 791d3a8e9a Merge pull request #4006 from SigmaHQ/rule-devel 
refactor: AV signature rules updated
 2023-02-03 17:13:56 +01:00
Florian Roth 619dada1c8 fix: short identifier that could cause FPs 2023-02-03 15:29:53 +01:00
Florian Roth 2b8b5f62f4 refactor: AV signature rules updated 2023-02-03 15:22:19 +01:00
Nasreddine Bencherchali fc818bbbdc feat: multiple updates and fixes 2023-02-03 02:22:28 +01:00
Nasreddine Bencherchali 307ecf5694 fix: typos in titles and descriptions of rules 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-02-02 19:40:01 +01:00
Nasreddine Bencherchali 5d769b7b19 Merge branch 'SigmaHQ:master' into nasbench-rule-devel 2023-02-01 17:10:00 +01:00
Nasreddine Bencherchali ac85d5ebff Merge pull request #3997 from nasbench/update-nextron-authors 
chore: add nextron authors tag
 2023-02-01 17:07:25 +01:00
phantinuss 08b801aaff fix: FPs with IPv6 adresses 2023-02-01 11:21:12 +01:00