 Florian Roth
|
9e730d0a62
|
Merge pull request #3383 from phantinuss/master
fix: FP in testing from localhost to localhost from BITs service
|
2022-08-17 08:52:37 +02:00 |
|
|
frack113
|
f814759446
|
Move placeholder rules
|
2022-08-16 22:09:11 +02:00 |
|
|
frack113
|
b02b964956
|
Merge pull request #3386 from redsand/fp_spelling_mistake
Fixes spelling mistake of success (missing a c)
|
2022-08-16 21:37:33 +02:00 |
|
|
Tim Shelton
|
cfd3e17bc7
|
Fixes spelling mistake of success (missing a c)
|
2022-08-16 19:27:06 +00:00 |
|
|
frack113
|
1fde506c8b
|
Merge pull request #3381 from Tomasuh/proxy-dev
proxy_ua_bitsadmin_susp_tld.yml fp filter
|
2022-08-16 20:48:58 +02:00 |
|
|
frack113
|
07004f0252
|
Merge pull request #3380 from redsand/fp_landesk_adsi_cache_usage
Filter out FP for LANDesk app
|
2022-08-16 20:48:05 +02:00 |
|
|
Nasreddine Bencherchali
|
d5133bcdd7
|
Update Sysmon
|
2022-08-16 19:47:44 +01:00 |
|
|
sorchaa
|
1bc4e9f430
|
Create win_susp_vuln_cve_2022_21919_or_cve_2021_34484.yml
|
2022-08-16 17:49:53 +02:00 |
|
|
phantinuss
|
48f8f788e8
|
fix: FP in testing from localhost to localhost from BITs service
|
2022-08-16 17:02:49 +02:00 |
|
|
phantinuss
|
bc2188c72b
|
Merge pull request #3375 from nasbench/nasbench-rule-devel
Rule Dev [New Rules+Updates]
|
2022-08-16 16:46:27 +02:00 |
|
|
Maxence FOSSAT
|
6a37260fed
|
Filter out FP of dnsZone
|
2022-08-16 16:40:05 +02:00 |
|
|
Tomasuh
|
2964506834
|
proxy_ua_bitsadmin_susp_tld.yml fp filter
|
2022-08-16 16:14:08 +02:00 |
|
|
Tim Shelton
|
b6c5967443
|
Filter out FP for LANDesk app
|
2022-08-16 13:45:20 +00:00 |
|
|
Florian Roth
|
588e863bc2
|
Merge pull request #3366 from Tomasuh/master
Escape wildcard character ? repetitively unescaped in proxy rules
|
2022-08-16 14:06:33 +02:00 |
|
|
Ben4FH
|
bebeedb623
|
Update EID 5156 field names
Update to keep field names consistent for all rules using EID 5156
|
2022-08-15 18:28:15 +01:00 |
|
|
frack113
|
80632dc4d0
|
Update proxy_ios_implant.yml
|
2022-08-15 17:33:39 +02:00 |
|
|
frack113
|
91dbc5e721
|
Update proxy_ursnif_malware_download_url.yml
|
2022-08-15 17:33:17 +02:00 |
|
|
frack113
|
9d914ac240
|
Update proxy_cobalt_onedrive.yml
|
2022-08-15 17:33:00 +02:00 |
|
|
frack113
|
2ea7fc0c51
|
Update proxy_turla_comrat.yml
|
2022-08-15 17:32:34 +02:00 |
|
|
frack113
|
f50de1d4e1
|
Update proxy_chafer_malware.yml
|
2022-08-15 17:32:20 +02:00 |
|
|
frack113
|
29901228fd
|
Update proxy_baby_shark.yml
|
2022-08-15 17:32:07 +02:00 |
|
|
Nasreddine Bencherchali
|
a0f8e508b5
|
Update image_load_side_load_from_non_system_location.yml
|
2022-08-15 12:49:46 +01:00 |
|
|
Nasreddine Bencherchali
|
306fc8aba0
|
Fix typo
|
2022-08-15 12:46:59 +01:00 |
|
|
Nasreddine Bencherchali
|
6407089a40
|
Change service to diagnosis scripted
|
2022-08-15 12:45:12 +01:00 |
|
|
frack113
|
eded7e479d
|
Merge pull request #3374 from frack113/netsh
Netsh Delete
|
2022-08-15 11:53:27 +02:00 |
|
|
Florian Roth
|
3bce90d9e8
|
Merge pull request #3373 from frack113/backslash
Update backslash
|
2022-08-15 11:39:44 +02:00 |
|
|
Florian Roth
|
643f77aaff
|
Update proc_creation_win_netsh_fw_delete.yml
|
2022-08-15 11:38:50 +02:00 |
|
|
Nasreddine Bencherchali
|
44d8f5bc9a
|
Update win_esent_ntdsutil_abuse.yml
|
2022-08-15 00:51:19 +01:00 |
|
|
Nasreddine Bencherchali
|
1bb24879fe
|
Update image_load_side_load_from_non_system_location.yml
|
2022-08-15 00:42:46 +01:00 |
|
|
Nasreddine Bencherchali
|
2879329818
|
Update image_load_side_load_from_non_system_location.yml
|
2022-08-15 00:34:58 +01:00 |
|
|
Nasreddine Bencherchali
|
11b4b46258
|
Update win_shell_core_susp_packages_installed.yml
|
2022-08-15 00:32:18 +01:00 |
|
|
Nasreddine Bencherchali
|
e092872e87
|
Update proc_creation_win_susp_mshtml_runhtmlapplication.yml
|
2022-08-15 00:26:15 +01:00 |
|
|
Nasreddine Bencherchali
|
8869bc6cff
|
New rules
|
2022-08-15 00:22:16 +01:00 |
|
|
Nasreddine Bencherchali
|
6798d69d00
|
Update
|
2022-08-15 00:22:08 +01:00 |
|
|
frack113
|
bd3502148f
|
Filter dropbax
|
2022-08-14 20:22:25 +02:00 |
|
|
frack113
|
db137c4855
|
Add proc_creation_win_netsh_fw_delete
|
2022-08-14 19:16:58 +02:00 |
|
|
frack113
|
6749532ae5
|
Update ref
|
2022-08-13 13:31:52 +02:00 |
|
|
frack113
|
0f760a6822
|
Fix ? char
|
2022-08-13 13:02:33 +02:00 |
|
|
frack113
|
c8ab532955
|
Search ? char
|
2022-08-13 12:11:32 +02:00 |
|
|
frack113
|
fecd7e2fbd
|
Update backslash
|
2022-08-13 11:56:57 +02:00 |
|
|
frack113
|
823cf26633
|
Merge pull request #3356 from Zandmann/patch-3
Create BPF_Door_port_redirect.yml
|
2022-08-13 10:34:38 +02:00 |
|
|
frack113
|
8952aaf4e3
|
Merge pull request #3355 from Zandmann/patch-2
Create BPFDoor_abnormal_process_id_or_lock_file_accessed.yml
|
2022-08-13 10:34:23 +02:00 |
|
|
frack113
|
3426dfb6e9
|
Update backslash
|
2022-08-13 09:59:31 +02:00 |
|
|
frack113
|
bd7f0fdf5d
|
Merge pull request #3369 from frack113/temas
Cyble blog
|
2022-08-13 08:00:47 +02:00 |
|
|
frack113
|
7bebb9929b
|
Merge pull request #3370 from redsand/fp_missing_contains_all
False positive fix, needs to match ALL of selectioN_delete, not 1 of …
|
2022-08-13 07:47:34 +02:00 |
|
|
frack113
|
15f94c4685
|
Merge pull request #3368 from nasbench/nasbench-rule-devel
New Rules + Update (Rule Dev)
|
2022-08-13 07:47:13 +02:00 |
|
|
frack113
|
7a1b32b0a4
|
Merge pull request #3365 from frack113/timestomping
Timestomping file_change rule
|
2022-08-13 07:38:06 +02:00 |
|
|
Zandmann
|
1339317b16
|
Update lnx_auditd_bpfdoor_port_redirect.yml
|
2022-08-12 21:41:35 +02:00 |
|
|
Zandmann
|
5bc4b2de27
|
Update lnx_auditd_bpfdoor_file_accessed.yml
|
2022-08-12 21:39:11 +02:00 |
|
|
Nasreddine Bencherchali
|
ce43b1da5c
|
Create web_cve_2022_31659_vmware_rce.yml
|
2022-08-12 18:50:08 +01:00 |
|