security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,089 Commits 1 Branch 57 Tags
d14e287cdf91e2a8b995de5bfbc3fa8540c1922b
Commit Graph

15089 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Florian Roth d15f3d738b Merge pull request #3207 from SigmaHQ/rule-devel 
fix: missing Windows Defender source, rule: Proxy UA Base64
 2022-07-08 11:14:00 +02:00
Florian Roth 9b47c868bc fix: list and add base64 encoded Mozilla keyword 2022-07-08 10:50:52 +02:00
Florian Roth 578c838277 Merge pull request #3203 from nasbench/master 
Reference Update [Batch 1]
 2022-07-08 10:47:50 +02:00
Florian Roth 6fc782958a rule: Proxy UA Base64 value 2022-07-08 10:40:35 +02:00
Nasreddine Bencherchali 8b9307de30 Update selections 2022-07-07 20:55:19 +01:00
Nasreddine Bencherchali 68c27b56d4 Update proc_creation_win_exploit_cve_2020_1048.yml 2022-07-07 20:16:30 +01:00
Nasreddine Bencherchali aec95b6d65 Update selections and indentation 2022-07-07 20:13:45 +01:00
Nasreddine Bencherchali 49e389db5c Add More paths 2022-07-07 19:13:22 +01:00
Nasreddine Bencherchali b26c28972d Add missing definition fields and references 2022-07-07 19:13:01 +01:00
Florian Roth a3c5e9fa97 Merge pull request #3205 from SigmaHQ/aurora-false-positive-fixing 
Aurora false positive fixing
 2022-07-07 19:19:42 +02:00
Florian Roth 21d2bbdba4 fix: filter expressions missing in condition 2022-07-07 18:42:05 +02:00
Florian Roth c7eb123bc3 Merge branch 'master' into aurora-false-positive-fixing 2022-07-07 18:21:16 +02:00
Florian Roth b58c797c61 fix: FPs with Visual Studio 2022-07-07 18:20:10 +02:00
Florian Roth a70b4e5e9d fix: FPs 2022-07-07 17:47:43 +02:00
Florian Roth 33b00a9ffc Merge pull request #3204 from phantinuss/master 
fix: FP with IIS installation
 2022-07-07 17:04:31 +02:00
Nasreddine Bencherchali 7e25625976 Update 2 2022-07-07 15:46:49 +01:00
Nasreddine Bencherchali 851d55a41f Update 2022-07-07 15:37:28 +01:00
Nasreddine Bencherchali 5b352ee34c Update proxy_cobalt_amazon.yml 2022-07-07 15:29:46 +01:00
Nasreddine Bencherchali 8fc9209250 Update proc_creation_macos_system_network_discovery.yml 2022-07-07 15:28:45 +01:00
Nasreddine Bencherchali d03f6df250 Reference Update [Batch 1] 2022-07-07 15:24:15 +01:00
phantinuss 15513ce15c fix: FP with IIS installation 2022-07-07 14:29:20 +02:00
Florian Roth beec664249 Merge pull request #3189 from redsand/fp_encoded_powershell_minor_indicator_due_to_devops 
reducing level due to low indicator, per devops processes
 2022-07-06 18:34:27 +02:00
Florian Roth d4781fa63c refactor: split up rule into one low & one medium 2022-07-06 18:24:59 +02:00
Florian Roth 611ad5f22f Merge pull request #3201 from phantinuss/master 
FPs found in Testing
 2022-07-06 18:18:13 +02:00
Florian Roth d0e51c8cf0 Merge pull request #3202 from redsand/fp_svchost_write_spoolsv_download_update 
False positive when detecting svchost unpack and deploy updates suchs…
 2022-07-06 18:17:15 +02:00
Tim Shelton 745e4ef491 False positive when detecting svchost unpack and deploy updates suchs spoolsv.exe 2022-07-06 14:38:25 +00:00
phantinuss a919490811 fix: FP found in testing 2022-07-06 15:38:32 +02:00
phantinuss ce1710a031 fix: FPs found in testing 2022-07-06 15:38:31 +02:00
Florian Roth 955b3dc66b fix: missing Defender eventlog in splunk config 2022-07-06 12:41:34 +02:00
Florian Roth a5b00c6911 Merge pull request #3198 from nasbench/tripleCross-detection 
Triple Cross Rules
 2022-07-06 09:29:51 +02:00
Nasreddine Bencherchali 6cd83a232d Update file_create_lnx_persistence_sudoers_files.yml 2022-07-05 19:43:58 +01:00
Nasreddine Bencherchali d89b20d06e Switch links to permalinks 2022-07-05 19:43:07 +01:00
Nasreddine Bencherchali 83387d2ca9 Update and Fix 2022-07-05 19:28:28 +01:00
Nasreddine Bencherchali 9024f223e7 Update file_create_lnx_triple_cross_rootkit_persistence.yml 2022-07-05 16:06:49 +01:00
Nasreddine Bencherchali 498cc55a86 Triple Cross Rules 2022-07-05 15:58:22 +01:00
Florian Roth 6f23d569b8 Merge pull request #3197 from SigmaHQ/rule-devel 
refactor: mshta service rule, new ampersand rule
 2022-07-05 16:25:00 +02:00
frack113 88a6ec96e7 Update proc_creation_win_powershell_cmdline_specific_comb_methods.yml 2022-07-05 16:04:00 +02:00
Florian Roth e366cc15b5 rule: new services with two ampersands 2022-07-05 16:02:06 +02:00
frack113 b3595c2605 Update proc_creation_win_powershell_cmdline_specific_comb_methods.yml 2022-07-05 16:01:57 +02:00
Florian Roth 280d416e16 Merge branch 'rule-devel' of https://github.com/SigmaHQ/sigma into rule-devel 2022-07-05 16:01:49 +02:00
Florian Roth b40a3e2aba refactor: reduced mshta service rule 2022-07-05 16:01:46 +02:00
frack113 44e45362d4 Update proc_creation_win_powershell_cmdline_specific_comb_methods.yml 2022-07-05 15:59:45 +02:00
frack113 46ef9e0c55 refractor condition 2022-07-05 13:51:00 +02:00
Florian Roth 373033020b Merge pull request #3195 from frack113/winevt 
Add registry_set_disable_winevt_logging
 2022-07-05 10:44:13 +02:00
Florian Roth 0525f00f57 Merge pull request #3194 from nasbench/master 
Add "IDiagnosticProfileUAC" UAC Bypass technique
 2022-07-05 08:40:08 +02:00
frack113 14270be945 Update registry_set_disable_winevt_logging.yml 2022-07-05 06:33:26 +02:00
Nasreddine Bencherchali 22a17fbf64 Merge branch 'SigmaHQ:master' into master 2022-07-04 18:47:53 +01:00
Florian Roth 514c4657bf Merge pull request #3196 from SigmaHQ/rule-devel 
Rule refactoring (curl, regsvr32), new rules
 2022-07-04 19:30:20 +02:00
Florian Roth dc16208fe3 Merge branch 'master' into rule-devel 2022-07-04 19:07:35 +02:00
frack113 6efbdfa9e7 Channel disable during installation 2022-07-04 17:17:32 +02:00