security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,089 Commits 1 Branch 57 Tags
d14e287cdf91e2a8b995de5bfbc3fa8540c1922b
Commit Graph

15089 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Thomas Patzke 7159613c6c Merge pull request #3932 from frack113/uuid_name 
Revert name to uuid
 2023-01-20 07:32:35 +01:00
frack113 b04efe8d6f Update proc_creation_win_susp_cmd_exectution_via_wmi.yml 2023-01-20 06:45:38 +01:00
Micah Babinski 5431929739 Added external remote service logon from public IP rule. 2023-01-19 15:04:25 -08:00
IntelScott 8a0cc0880d Update and rename proc_creation_win_sqlite_firefox_cookies.yml to proc_creation_win_sqlite_firefox_gecko_profile_data.yml 
Updated logic to expand database file coverage

Updated description to clarify this logic applies to other Gecko-based browsers too, as targeted recently by some stealers
 2023-01-19 17:55:12 -05:00
IntelScott 0630d0d01f Update and rename proc_creation_win_sqlite_chrome_cookies.yml to proc_creation_win_sqlite_chromium_profile_data.yml 
Updated to expand browser and database file coverage
 2023-01-19 17:52:30 -05:00
Nasreddine Bencherchali 1a9efa1002 feat: wmiprvse rule updates and merger 2023-01-19 23:10:06 +01:00
Nasreddine Bencherchali 0909b65bff feat: update sharing websites 2023-01-19 22:07:31 +01:00
Nasreddine Bencherchali a7c7816b96 fix: driverquery condition and selection 2023-01-19 21:52:37 +01:00
Nasreddine Bencherchali fa1ede8c68 feat: new rules for driverquery 2023-01-19 21:50:10 +01:00
Nasreddine Bencherchali 7538086e58 fix: broken condition 2023-01-19 21:49:55 +01:00
Nasreddine Bencherchali 1e57208fa2 fix: update broken selection 2023-01-19 21:33:29 +01:00
nikitah4x 7676e6bb71 Merge pull request #1 from nikitah4x/nikitah4x-okta-admin-role-assignment 
Create okta_admin_role_assignment_created.yml
 2023-01-19 21:23:23 +02:00
nikitah4x 13a26aaffa Create okta_admin_role_assignment_created.yml 2023-01-19 21:22:58 +02:00
Nasreddine Bencherchali d9f37de1cf fix: fp found in testing 2023-01-19 18:47:11 +01:00
Nasreddine Bencherchali 3d26ba1fce Merge pull request #3935 from SigmaHQ/rule-devel 
rule: Manage Engine suspicious sub process
 2023-01-19 17:43:36 +01:00
Nasreddine Bencherchali 6557b3b239 fix: change link to permalink 2023-01-19 17:36:18 +01:00
Florian Roth 907b4cc750 docs: changed wording 2023-01-19 17:23:37 +01:00
Florian Roth 6d10d35b4f rule: Manage Engine suspicious sub process 2023-01-19 17:17:50 +01:00
Nasreddine Bencherchali 6c434edf54 Merge pull request #3934 from phantinuss/master 
fix: FP found in testing environment
 2023-01-19 17:13:02 +01:00
phantinuss df6d6107fc fix: FP found in testing environment 2023-01-19 16:49:12 +01:00
Nasreddine Bencherchali e213252c4c feat: logic update to multiple rules 2023-01-19 16:37:10 +01:00
Nasreddine Bencherchali 9c40354075 Merge pull request #3933 from nasbench/nasbench-rule-devel 
feat: enhancements and fp fixes
 2023-01-19 13:44:38 +01:00
Nasreddine Bencherchali fe7d543314 fix: rename rules to show importance 2023-01-19 13:39:13 +01:00
frack113 e2ba72686e Merge pull request #3930 from cyb3rjy0t/patch-4 
CVE-2022-82889
 2023-01-19 13:33:16 +01:00
Nasreddine Bencherchali 26fef9bfd1 fix: add logic to the correct rule 2023-01-19 00:59:13 +01:00
Nasreddine Bencherchali dd9987527a fix: final fp 2023-01-19 00:49:32 +01:00
Nasreddine Bencherchali 0d242195c7 fix: fp found in test set 2023-01-19 00:38:55 +01:00
Nasreddine Bencherchali 3a473b8313 fix: small metadata fixes 2023-01-18 23:30:40 +01:00
Nasreddine Bencherchali 143a413f4f fix: merge overlapping detections 2023-01-18 20:18:36 +01:00
Nasreddine Bencherchali 0cb78e498a fix: more fp found in testing 2023-01-18 20:16:34 +01:00
frack113 699da13dc0 Revert name to uuid 2023-01-18 19:34:13 +01:00
Nasreddine Bencherchali 02e4a5112d fix: fp found in testing 2023-01-18 18:41:07 +01:00
Nasreddine Bencherchali 00310c487e Merge pull request #3931 from nasbench/nasbench-rule-devel 
feat: update and enhancements
 2023-01-18 11:45:43 +01:00
Nasreddine Bencherchali ff9844b8d7 fix: fp and broken field name 2023-01-18 10:47:40 +01:00
Nasreddine Bencherchali f3171177d8 fix: apply suggestions from code review 
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-01-18 10:24:04 +01:00
Nasreddine Bencherchali 4682f3fb7a fix: broken title 2023-01-17 19:14:32 +01:00
Nasreddine Bencherchali fbeb32e24f fix: broken winlogbeat bitlocker config 2023-01-17 19:13:33 +01:00
Nasreddine Bencherchali 8f46f2f061 fix: fp in firewall rule 2023-01-17 19:07:30 +01:00
Nasreddine Bencherchali 1c0bf6e262 feat: update windows firewall rules 2023-01-17 19:01:37 +01:00
Nasreddine Bencherchali 1c340493c6 fix: broken logsource 2023-01-17 01:13:50 +01:00
Nasreddine Bencherchali 459ba25cce Merge branch 'nasbench-rule-devel' of https://github.com/nasbench/sigma into nasbench-rule-devel 2023-01-17 01:01:38 +01:00
Nasreddine Bencherchali b6e4c45ef0 Merge branch 'SigmaHQ:master' into nasbench-rule-devel 2023-01-17 01:01:23 +01:00
Nasreddine Bencherchali 85fb255bc9 feat: new rules and updates 2023-01-17 01:00:44 +01:00
Nasreddine Bencherchali e5fe4d5f46 feat: update config files 
- Update indentation of config files to 4
- Add new event logs
 2023-01-17 01:00:24 +01:00
Thomas Patzke f5da775995 Merge pull request #3927 from ruppde/master 
add -i to grep parameters to make it case insensitive as sigma
 2023-01-16 22:38:43 +01:00
cyb3rjy0t a27457715b CVE-2022-82889 2023-01-16 14:34:41 -05:00
Florian Roth cd165ac313 Merge pull request #3929 from phantinuss/master 
fix: FP found in testing
 2023-01-16 17:20:25 +01:00
Nasreddine Bencherchali 3d77511102 fix: improve fp description slightly 2023-01-16 16:30:08 +01:00
phantinuss 99c5c46397 fix: FP found in testing 2023-01-16 15:38:52 +01:00
Arnim Rupp 505961609b Merge branch 'SigmaHQ:master' into master 2023-01-16 14:29:07 +01:00