security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,089 Commits 1 Branch 57 Tags
d14e287cdf91e2a8b995de5bfbc3fa8540c1922b
Commit Graph

15089 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Florian Roth 3754075ae6 fix: FP with git.exe 2022-06-30 18:25:31 +02:00
Tim Shelton 38335b6303 False positive filtering out of behavior by services.exe which is expected 2022-06-30 16:22:42 +00:00
Florian Roth 33afe1f6a2 Merge pull request #3183 from pH-T/master 
fix: FP fix
 2022-06-30 18:18:01 +02:00
Florian Roth cb33e5cc8a Merge pull request #3185 from frack113/fix_issue_2579 
fix issue 2579
 2022-06-30 18:17:51 +02:00
Florian Roth d09544c358 refactor: remove now unnecessary filters 2022-06-30 17:36:49 +02:00
Florian Roth f44c0e6fb3 Merge pull request #3184 from phantinuss/master 
fix: FPs found in testing environment
 2022-06-30 17:21:37 +02:00
phantinuss 58dc1da663 fix: FPs found in testing environment 2022-06-30 16:40:05 +02:00
Paul Hager 9044998428 fix: FP fix 2022-06-30 15:18:39 +02:00
akshay.chaturvedi 8ff679a42d update test and readme 2022-06-30 18:41:56 +05:30
Yochana-H 558a80ac4b Create azure_legacy_authentication_protocols.yml 2022-06-30 11:41:45 +01:00
akshay.chaturvedi b80448a0e7 added new backend for DNIF queries 2022-06-30 13:03:54 +05:30
frack113 38761cbdb0 fix issue 2022-06-30 08:48:31 +02:00
Florian Roth efd48e2bc2 Merge pull request #3180 from frack113/issue_2088 
More generic registry_event_cve_2021_31979_cve_2021_33771_exploits
 2022-06-29 20:18:34 +02:00
Florian Roth e516fd74cb Merge pull request #3172 from mepples21/miepping-dev5 
Create azure_ad_bitlocker_key_retrieval.yml
 2022-06-29 19:40:36 +02:00
Florian Roth 218e7f1491 Update azure_ad_device_registration_policy_changes.yml 2022-06-29 19:39:34 +02:00
Florian Roth c90b8fa7f3 Update azure_ad_users_added_to_device_admin_roles.yml 2022-06-29 19:38:37 +02:00
Florian Roth 4fee43361c Merge pull request #3171 from mepples21/miepping-dev4 
Create azure_ad_sign_ins_from_unknown_devices.yml
 2022-06-29 19:37:13 +02:00
Florian Roth 7c1c510f71 Merge pull request #3179 from securepeacock/patch-27 
Update lnx_auditd_hidden_files_directories.yml
 2022-06-29 19:36:29 +02:00
frack113 c64ece9f68 More generic 2022-06-29 19:33:50 +02:00
securepeacock ecdd32c462 Update lnx_auditd_hidden_files_directories.yml 
Fixing typo.
 2022-06-29 13:24:24 -04:00
Florian Roth 96e424bd4e Merge pull request #3178 from phantinuss/master 
fix: technically filter THOR checking for BlueKeep vuln
 2022-06-29 17:42:21 +02:00
Florian Roth e07b2f115b Merge pull request #3173 from nasbench/master 
Update + New Rules
 2022-06-29 17:22:02 +02:00
phantinuss b4bce46c65 fix: technically filter THOR checking for BlueKeep vuln 2022-06-29 17:07:04 +02:00
Florian Roth 6709a2dbaf Merge pull request #3177 from redsand/level_reduce_suspicious_failed_logins 
Reducing the level of Account Tampering - Suspicious Failed Logon Reasons
 2022-06-29 16:50:44 +02:00
Florian Roth 71edfa3550 Merge pull request #3176 from redsand/fp_reorder_system_ignore_all 
False positive whre system needs to be filtered first against any wri…
 2022-06-29 16:50:25 +02:00
Nasreddine Bencherchali 80346a82b6 Changes From Meeting 2022-06-29 15:25:50 +01:00
Tim Shelton 78ff2fb70f Reducing the level of this item. This behavior happens too often in a normal enviornment, with day to day activity and no definitive threat. I believe a different rule, detecting a larger volume of this behavior would warrant a high level rating. 2022-06-29 13:32:19 +00:00
Tim Shelton ef4d3efa3a False positive whre system needs to be filtered first against any writes, as its related to drivers especially backups 2022-06-29 13:25:24 +00:00
Nasreddine Bencherchali c99a48437d Update proc_creation_win_susp_regsvr32_no_dll.yml 2022-06-29 12:52:04 +01:00
Florian Roth a4929221aa Merge pull request #3175 from SigmaHQ/aurora-false-positive-fixing 
Aurora false positive fixing
 2022-06-29 13:47:47 +02:00
Florian Roth 3607cf878c fix: FP with explorer.exe 2022-06-29 13:22:35 +02:00
Nasreddine Bencherchali 08981a4a41 Add more options to "where" command 2022-06-29 12:22:00 +01:00
Florian Roth fd7b8d1c4f fix: FPs 2022-06-29 13:20:57 +02:00
Nasreddine Bencherchali 13488e0ad6 Update proc_creation_win_attrib_system_susp_paths.yml 2022-06-29 12:19:33 +01:00
Nasreddine Bencherchali 9d511b75f8 Update proc_creation_win_susp_regsvr32_no_dll.yml 2022-06-29 12:17:59 +01:00
frack113 ef47e7c8f2 Update azure_ad_bitlocker_key_retrieval.yml 2022-06-29 06:34:11 +02:00
frack113 0315f31cb0 Update azure_ad_sign_ins_from_unknown_devices.yml 2022-06-29 06:33:24 +02:00
frack113 afc3625791 Merge pull request #3161 from alexmcdonald1124/msra-injection 
Msra.exe process injection rule
 2022-06-29 06:30:00 +02:00
Michael Epping c9e42d3dd2 Create azure_ad_users_added_to_device_admin_roles.yml 2022-06-28 15:01:10 -07:00
Nasreddine Bencherchali a39f140255 Update proc_creation_win_change_default_file_assoc_susp.yml 2022-06-28 22:48:46 +01:00
Nasreddine Bencherchali 3818c77b03 Fix Error 2022-06-28 22:40:42 +01:00
Nasreddine Bencherchali 467b120259 Update proc_creation_win_susp_dllhost_no_cli.yml 2022-06-28 22:32:54 +01:00
Michael Epping 7aadcff92c Create azure_ad_bitlocker_key_retrieval.yml 2022-06-28 14:23:36 -07:00
Nasreddine Bencherchali 3756925dcd Update ETW Rule 2022-06-28 22:22:23 +01:00
Nasreddine Bencherchali f57b35e992 New Rules 2022-06-28 22:22:12 +01:00
Nasreddine Bencherchali 875233ca43 Update rules syntax 2022-06-28 22:21:46 +01:00
Nasreddine Bencherchali 5e42c4086a Add new PowerShell Function and Scripts 2022-06-28 22:18:44 +01:00
Nasreddine Bencherchali fb46b97f46 Rename + Delete Duplicate Rule 2022-06-28 22:18:02 +01:00
Michael Epping e446a23818 Create azure_ad_sign_ins_from_unknown_devices.yml 2022-06-28 14:12:30 -07:00
Michael Epping 7c446f0d37 Create azure_ad_device_registration_policy_changes.yml 
Rule from Azure AD SecOps guide
 2022-06-28 13:11:45 -07:00