blue-team-tools

Author	SHA1	Message	Date
$frack113$ frack113	0625ceca36	Merge pull request #3926 from frack113/redcannary_20230115 Add redcannary rules	2023-01-16 12:26:27 +01:00
Nasreddine Bencherchali	679207b6c4	fix: update metadata	2023-01-16 11:15:45 +01:00
Nasreddine Bencherchali	592ec21129	Merge pull request #3928 from jkb-s/patch-2 Fix `filepath` parameter	2023-01-16 11:10:01 +01:00
Nasreddine Bencherchali	09731e8547	fix: update modified date	2023-01-16 10:50:23 +01:00
jkb	391173c153	Correcting filepath parameter According to Microsoft documentation, the parameter is -Filepath not -File-path. See: https://learn.microsoft.com/en-us/powershell/module/pki/import-certificate?view=windowsserver2022-ps	2023-01-16 10:46:02 +01:00
Nasreddine Bencherchali	fd823045a9	fix: fp in msiexec rule	2023-01-16 10:28:15 +01:00
Arnim Rupp	ffa01ef035	add -i to grep parameters to make it case insensitive as sigma	2023-01-16 10:14:51 +01:00
$frack113$ frack113	a52d200c51	Update proc_creation_win_ads_stored_dll_execution_rundll32.yml	2023-01-16 07:47:01 +01:00
$frack113$ frack113	3d0a72d67f	Add exe to avoid FP	2023-01-16 07:41:48 +01:00
cyb3rjy0t	510ef7624f	Update rules/windows/process_creation/proc_creation_win_ads_stored_dll_execution_rundll32.yml Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>	2023-01-15 22:18:25 -05:00
$frack113$ frack113	c3f285d945	Add redcannary rules	2023-01-15 12:01:11 +01:00
$frack113$ frack113	2b0b680775	Merge pull request #3925 from frack113/lsa-server Microsoft-Windows-LSA	2023-01-13 18:24:43 +01:00
Nasreddine Bencherchali	c7f1f52b7b	fix: apply suggestions from code review	2023-01-13 18:19:32 +01:00
Nasreddine Bencherchali	9783297262	Merge pull request #3922 from frack113/redcannary_20230113 New rules based on Redcannary AtomicRedTeam 2023-01-13	2023-01-13 18:18:32 +01:00
Nasreddine Bencherchali	432710c47b	fix: description	2023-01-13 18:01:10 +01:00
Nasreddine Bencherchali	6134e25ba9	Merge pull request #3924 from ruppde/master several improvements in to antivirus rules	2023-01-13 17:59:01 +01:00
$frack113$ frack113	c6942cba65	Add lsa-server	2023-01-13 17:58:40 +01:00
$frack113$ frack113	deeac89f36	Add lsa-server	2023-01-13 17:56:02 +01:00
Arnim Rupp	d0443c35eb	fix2	2023-01-13 17:51:37 +01:00
Arnim Rupp	92b0ce1857	fix falsepositives	2023-01-13 17:44:55 +01:00
Arnim Rupp	f58358b037	Fix rule using list with only 1 element	2023-01-13 17:36:38 +01:00
Nasreddine Bencherchali	c798375a56	Merge branch 'master' into master	2023-01-13 17:23:22 +01:00
Nasreddine Bencherchali	8707345be7	fix: add related metadata	2023-01-13 17:21:21 +01:00
Florian Roth	da52178377	Merge pull request #3923 from SigmaHQ/rule-devel docs: changes to status in AV rules	2023-01-13 17:19:57 +01:00
Arnim Rupp	d0234a7f5d	several improvements in rules/category/antivirus/*	2023-01-13 17:16:59 +01:00
Nasreddine Bencherchali	055f33a386	fix: add missing modified date	2023-01-13 17:13:17 +01:00
$frack113$ frack113	2be462d2cf	Add UserName for taskscheduler	2023-01-13 13:13:53 +01:00
$frack113$ frack113	5d0b0f6663	Add more TaskName	2023-01-13 13:06:02 +01:00
$frack113$ frack113	80be90c331	Merge branch 'redcannary_20230113' of github.com:frack113/sigma into redcannary_20230113	2023-01-13 13:03:52 +01:00
$frack113$ frack113	a0cc836d0a	Add filter	2023-01-13 13:03:30 +01:00
Florian Roth	d088dc447d	docs: changes to status in AV rules	2023-01-13 12:39:49 +01:00
$frack113$ frack113	23620bc8aa	Update proc_creation_win_lsa_disablerestrictedadmin.yml	2023-01-13 12:31:28 +01:00
$frack113$ frack113	1b11e29fef	Move rules	2023-01-13 12:15:08 +01:00
$frack113$ frack113	e0434a3f2c	Add redcannary rules	2023-01-13 12:11:38 +01:00
$frack113$ frack113	4c76e10383	Merge pull request #3921 from veramine/patch-3 filter some legitimate activity	2023-01-13 10:18:13 +01:00
$frack113$ frack113	e886902374	Update proc_creation_lnx_system_network_connections_discovery.yml	2023-01-13 10:12:10 +01:00
Veramine	d91a1d0903	filter some legitimate activity Filter landscape-sysinfo tool calling who	2023-01-13 00:47:40 -08:00
Nasreddine Bencherchali	49a2873c7a	Merge pull request #3919 from ruppde/master Add more ransomware strings	2023-01-13 00:37:54 +01:00
Nasreddine Bencherchali	7df1bd1a40	fix: remove duplicate entry	2023-01-13 00:26:38 +01:00
Nasreddine Bencherchali	135849eaf5	Merge pull request #3918 from SigmaHQ/rule-devel add new IOC for PrivEsc tools list	2023-01-13 00:09:05 +01:00
Arnim Rupp	9868c00cc6	Add more ransomware strings	2023-01-13 00:08:55 +01:00
Nasreddine Bencherchali	8dbf518385	Merge pull request #3917 from ruppde/master Small fix for MS defender, uses e.g. Trojan:PHP/...	2023-01-12 23:57:57 +01:00
Florian Roth	29a61b8c70	Merge branch 'master' into rule-devel	2023-01-12 23:57:41 +01:00
Florian Roth	df1870df1e	add IOC for LocalPotato	2023-01-12 23:57:33 +01:00
Arnim Rupp	15e7271488	small fix for MS defender, uses e.g. Trojan:PHP/...	2023-01-12 23:46:52 +01:00
$frack113$ frack113	0c61fffa82	Merge pull request #3915 from frack113/appxdeployment Add appxdeployment-server rule by eventid	2023-01-12 18:53:32 +01:00
$frack113$ frack113	4708bc61c6	Update win_appxdeployment_server_applocker_block.yml	2023-01-12 18:47:14 +01:00
$frack113$ frack113	90345684ff	Merge pull request #3916 from frack113/Software_Restriction_Policies Add win_software_restriction_policies_block	2023-01-12 18:43:17 +01:00
$frack113$ frack113	b85d87ddf3	Apply suggestions from code review Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>	2023-01-12 18:39:46 +01:00
Nasreddine Bencherchali	e824131450	fix: add new ref	2023-01-12 18:37:35 +01:00

... 13 14 15 16 17 ...

15089 Commits