security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,089 Commits 1 Branch 57 Tags
d14e287cdf91e2a8b995de5bfbc3fa8540c1922b
Commit Graph

15089 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Thomas Patzke a8501cb446 Split parser - Copy exceptions 2018-07-24 00:08:23 +02:00
Thomas Patzke 983ee6eeb9 Splitting parser - copying collections 2018-07-24 00:06:02 +02:00
Thomas Patzke 54f5870658 Removed debugging code 2018-07-24 00:04:24 +02:00
Thomas Patzke b76fa884ec Changed copyright notices accordingly 2018-07-24 00:01:16 +02:00
Lurkkeli 1898157df5 ATT&CK tagging 
Added tag for technique t1015
 2018-07-23 23:57:15 +02:00
yt0ng 16160dfc80 added additional binaries and attack tactics/techniques 2018-07-23 15:47:56 +02:00
Florian Roth 1134051fba Update web_cve_2018_2894_weblogic_exploit.yml 
Ah, we could do it this way *.js*
 2018-07-23 06:19:25 -06:00
Florian Roth 03a64cca74 Update web_cve_2018_2894_weblogic_exploit.yml 
We try to avoid false positives
 2018-07-23 06:18:38 -06:00
MATTHEW CARR dfb77e936d Update web_cve_2018_2894_weblogic_exploit.yml 
To detect all possible extensions .jspx, .jsw, .jsv, and .jspf
 2018-07-23 07:41:47 +02:00
Florian Roth 0f1b440b91 Rule: widened the CVE-2018-2894 WebLogic rule 
https://twitter.com/lo_security/status/1021148314308358144
 2018-07-22 20:36:10 -06:00
Florian Roth ffb0cf5ed5 Rule: CVE-2018-2894 Oracle WebLogic exploit and webshell drop 2018-07-22 15:09:45 -06:00
Florian Roth 5f48fa64ff Merge pull request #120 from suleymanozarslan/master 
Further ATT&CK tagging
 2018-07-22 12:11:31 -06:00
Suleyman Ozarslan e6cbc17c12 ATT&CK tagging of Scheduled Task Creation 2018-07-22 15:56:47 +03:00
Suleyman Ozarslan 8d9b12be07 ATT&CK tagging of Default PowerSploit Schtasks Persistence 2018-07-22 15:53:56 +03:00
Süleyman Özarslan 28705b3790 Merge pull request #2 from Neo23x0/master 
merge
 2018-07-22 15:47:36 +03:00
Thomas Patzke fbde251ebc Added missing exception import in ES backend 2018-07-22 09:26:25 +02:00
Thomas Patzke 91e6b8ca6b Merging refactoring changes into master 2018-07-22 09:23:07 +02:00
Thomas Patzke cf175d7b7e Removal from sigma.backends.qradar 2018-07-22 09:14:50 +02:00
Thomas Patzke 097660c678 Splitting backends - Copy qradar.py 2018-07-22 09:12:29 +02:00
Thomas Patzke c8e21b3f24 Fixing after split 
* Fixing imports
* Discovery in new sub modules
 2018-07-21 01:09:02 +02:00
Thomas Patzke b85aec6157 Merging backend split branches 2018-07-21 00:59:50 +02:00
Thomas Patzke 3e2184ac61 Removal from sigma.backends.elasticsearch 2018-07-21 00:37:36 +02:00
Thomas Patzke 408a961e59 Merge pull request #119 from suleymanozarslan/master 
Further ATT&CK tagging
 2018-07-20 09:06:20 +02:00
Suleyman Ozarslan 080892b5ab ATT&CK tagging of MSHTA Spawning Windows Shell 2018-07-20 09:53:55 +03:00
Suleyman Ozarslan 76f277d5fe ATT&CK tagging of Malicious Named Pipe rule 2018-07-20 09:41:54 +03:00
Suleyman Ozarslan 7e74527344 ATT&CK software tag is added to Bitsadmin Download rule 2018-07-20 09:35:35 +03:00
Süleyman Özarslan 9f607a7c43 Merge pull request #1 from Neo23x0/master 
mere forks
 2018-07-20 09:33:37 +03:00
Florian Roth 1e61adfad1 rule: Changed Registry persistence Explorer RUN key rule 2018-07-19 16:27:19 -06:00
Florian Roth 83d6f12ce3 rule: Registry persistence in Explorer RUN key pointing to suspicious folder 2018-07-19 16:27:19 -06:00
Thomas Patzke f98158f5ad Further ATT&CK tagging 2018-07-19 23:36:13 +02:00
Florian Roth fc08077086 Merge pull request #116 from suleymanozarslan/master 
ATT&CK tagging of Suspicious Certutil Command rule
 2018-07-19 08:25:50 -06:00
Suleyman Ozarslan 05b91847cd ATT&CK tagging of Suspicious Certutil Command rule 2018-07-19 16:42:39 +03:00
Florian Roth cea2dcbd89 docs: Info Graphic version 0.1 LQ / HQ 2018-07-17 19:25:37 -06:00
Florian Roth 9767f22756 docs: Info Graphic version 0.1 - fix 2018-07-17 19:14:40 -06:00
Florian Roth f27252bfaa docs: Info Graphic version 0.1 2018-07-17 19:12:56 -06:00
Thomas Patzke bdea097b80 ATT&CK tagging 2018-07-17 23:58:11 +02:00
Thomas Patzke 926dc7d56b Updated backends in README 2018-07-17 23:34:53 +02:00
Thomas Patzke a9257c32c6 Sigma tools release 0.6 0.6 2018-07-17 23:12:23 +02:00
Thomas Patzke 63f9093896 Merge of SOC Prime QRadar backend 2018-07-17 22:57:54 +02:00
Thomas Patzke 52e4910ab6 Added QRadar backend to CI testing 2018-07-17 22:56:31 +02:00
Thomas Patzke 5bd898ed1d Merge branch 'master' of https://github.com/socprime/sigma 2018-07-17 22:45:21 +02:00
Florian Roth 9e92b97661 Merge pull request #111 from nikseetharaman/cmstp_execution 
Add sysmon_cmstp_execution
 2018-07-17 14:39:56 -06:00
nikotin 88a1e2a365 Merge remote-tracking branch 'origin/master' 2018-07-17 15:25:27 +03:00
nikotin b5f27d75be Added Qradar backend 2018-07-17 15:25:06 +03:00
Florian Roth 3f0040b983 Removed duplicate status field 2018-07-16 15:55:31 -06:00
Florian Roth 429474b6d6 Merge pull request #113 from megan201296/patch-9 
fixed typo
 2018-07-16 15:38:52 -06:00
Florian Roth e184f3f5b9 Merge pull request #112 from megan201296/patch-8 
fixed typo
 2018-07-16 15:38:19 -06:00
megan201296 02ea2cf923 fixed typo 2018-07-16 16:20:33 -05:00
megan201296 60310e94c6 fixed typo 2018-07-16 16:13:24 -05:00
socprime eee5a1b1df Merge pull request #2 from Neo23x0/master 
Pull updates
 2018-07-16 18:49:16 +03:00