blue-team-tools

Author	SHA1	Message	Date
Gude5	a8501da311	Update rules/windows/process_creation/proc_creation_win_firewall_disabled_via_powershell.yml Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>	2022-10-10 17:03:54 +02:00
Gude5	e70bced56e	Update rules/windows/process_creation/proc_creation_win_credential_acquisition_registry_hive_dumping.yml Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>	2022-10-10 17:03:34 +02:00
Gude5	31717609cd	Update rules/windows/process_creation/proc_creation_win_credential_acquisition_registry_hive_dumping.yml Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>	2022-10-10 17:02:54 +02:00
Gude5	7623562e6f	Update rules/windows/file_delete/file_delete_win_webserver_access_logs_deleted.yml Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>	2022-10-10 17:02:30 +02:00
Gude5	28dbb890ad	Update rules/windows/file_delete/file_delete_win_unusual_deletion_by_dns_exe.yml Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>	2022-10-10 17:02:10 +02:00
Gude5	d33f70668a	Update rules/windows/file_change/file_change_win_unusual_modification_by_dns_exe.yml Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>	2022-10-10 17:01:59 +02:00
Gude5	7a347cf8eb	Update rules/windows/builtin/security/win_security_service_installation_by_unusal_client.yml Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>	2022-10-10 17:01:45 +02:00
Gude5	a984351d25	Update rules/windows/builtin/security/win_security_service_installation_by_unusal_client.yml Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>	2022-10-10 17:01:35 +02:00
Florian Roth	5da911eb84	Merge branch 'master' into rule-devel	2022-10-10 14:35:37 +02:00
Nasreddine Bencherchali	7e2f624b0f	Update drivers list	2022-10-10 13:03:56 +02:00
Nasreddine Bencherchali	0d253472eb	Update driver_load_vuln_drivers_names.yml	2022-10-10 12:28:41 +02:00
Florian Roth	5cbd355d95	ZINC / Lazarus UAs	2022-10-10 12:23:09 +02:00
Nasreddine Bencherchali	8b40e6fe21	Add missing backslash and remove duplicate	2022-10-10 11:35:50 +02:00
Florian Roth	6879484928	Update proc_creation_win_susp_lolbin_non_c_drive.yml	2022-10-10 10:27:15 +02:00
Nasreddine Bencherchali	be0a3ad863	Add missing definition section for EID 4697	2022-10-10 10:22:46 +02:00
Florian Roth	3f25f62d94	Update proc_creation_win_susp_lolbin_non_c_drive.yml	2022-10-10 10:20:47 +02:00
Florian Roth	83f93bc32c	Merge branch 'master' into master	2022-10-10 00:27:48 +02:00
Florian Roth	cb73e9725a	Merge pull request #3570 from SigmaHQ/rule-devel IOX and NPS tunneling tools	2022-10-10 00:26:48 +02:00
$frack113$ frack113	34d16c29dd	Merge pull request #3571 from frack113/promotion Experimental rule promotion	2022-10-09 20:38:00 +02:00
$frack113$ frack113	cf7a348028	Fix related	2022-10-09 17:28:05 +02:00
$frack113$ frack113	931fb30853	old experimental rule promotion	2022-10-09 16:54:04 +02:00
Florian Roth	e009ba937e	rule: NPS tunneling tool	2022-10-08 09:49:51 +02:00
Florian Roth	deb5540816	rules: refactored FRP, new IOX	2022-10-08 09:32:36 +02:00
AaronHerman	7a0e117b48	updating with vbs/vbe and falsepositives recommendations	2022-10-07 20:36:22 -05:00
AaronHerman	3d225b3862	updating with vbs/vbe and falsepositives recommendations	2022-10-07 20:35:57 -05:00
Florian Roth	e2a172e257	Merge pull request #3569 from SigmaHQ/aurora-false-positive-fixing Aurora false positive fixing	2022-10-07 22:52:24 +02:00
Florian Roth	ee47f14dbe	fix: more changes	2022-10-07 22:36:21 +02:00
Florian Roth	c76b488941	fix: FPs during os upgrade	2022-10-07 22:31:13 +02:00
Florian Roth	e9746e443e	fix: FPs during upgrade	2022-10-07 22:22:59 +02:00
Florian Roth	f2f481deba	Merge branch 'aurora-false-positive-fixing' of https://github.com/SigmaHQ/sigma into aurora-false-positive-fixing	2022-10-07 22:13:49 +02:00
Florian Roth	4a298c56ce	fix: FPs during Windows upgrade	2022-10-07 22:13:47 +02:00
Florian Roth	66534b13ba	Merge pull request #3568 from nasbench/fix-false-positives Fix FP In Testing	2022-10-07 17:05:22 +02:00
Nasreddine Bencherchali	adae180bc2	Update image_load_uipromptforcreds_dlls.yml	2022-10-07 16:49:02 +02:00
Florian Roth	d8890295fe	Merge branch 'master' into master	2022-10-07 16:24:30 +02:00
Nasreddine Bencherchali	8dbd03ff32	Fix FP In Testing	2022-10-07 13:26:33 +02:00
Florian Roth	5710507a2a	Merge pull request #3567 from SigmaHQ/rule-devel rule: JuicyPotatoNG brute force indicator	2022-10-07 11:36:26 +02:00
Florian Roth	d36e0dffeb	docs: adding comments for the params	2022-10-07 10:56:15 +02:00
Florian Roth	d76bdf71df	Update win_lpe_indicators_tabtip.yml	2022-10-07 10:48:52 +02:00
Florian Roth	6623778a61	fix: wrong log source	2022-10-07 10:44:35 +02:00
Florian Roth	c073388472	rule: lpe - tabtip indicator	2022-10-07 10:41:04 +02:00
Florian Roth	b634e1a3f9	Merge pull request #3562 from nasbench/pysigma-fix PySigma Issues Fix	2022-10-07 09:21:15 +02:00
Florian Roth	b75ef97876	Update web_exchange_proxyshell.yml	2022-10-07 08:48:01 +02:00
$frack113$ frack113	7539d29e8b	Merge pull request #3559 from nasbench/nasbench-rule-devel Rule Dev	2022-10-07 06:07:43 +02:00
nasreddine.bencherchali@nextron-systems.com	8f9c79b3a5	Update registry_set_powershell_in_run_keys.yml	2022-10-06 16:57:24 +02:00
Florian Roth	d5e2991a4c	Merge pull request #3551 from frack113/redcannary_20221002 Redcannary rules	2022-10-06 13:02:46 +02:00
nasreddine.bencherchali@nextron-systems.com	91cf9ce926	Fix modifier	2022-10-06 10:04:01 +02:00
Florian Roth	87b306834c	Update web_cve_2022_36804_atlassian_bitbucket_command_injection.yml	2022-10-06 09:29:06 +02:00
Florian Roth	303fbd2e35	Update driver_load_vuln_drivers_names.yml	2022-10-06 09:28:43 +02:00
Florian Roth	8a0cf2e7e6	Update proc_creation_win_hh_chm_http.yml	2022-10-06 09:28:17 +02:00
Florian Roth	235b104495	Update registry_set_register_custom_protocol_handler.yml	2022-10-06 09:27:59 +02:00

... 38 39 40 41 42 ...

15089 Commits