security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,089 Commits 1 Branch 57 Tags
d14e287cdf91e2a8b995de5bfbc3fa8540c1922b
Commit Graph

15089 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Thomas Patzke fcb7597ea8 Merge pull request #3133 from chiyang1010/deep-copy 
using deepcopy to clone previous rule
 2022-06-17 19:12:44 +02:00
Florian Roth 186f10fb21 Merge pull request #3136 from greg-workspace/master 
Rule: Follina and DogWalk exploit msdt.exe loading sdiageng.dll
 2022-06-17 18:52:31 +02:00
Florian Roth fda9c753e2 Update image_load_msdt_sdiageng.yml 2022-06-17 18:46:14 +02:00
Florian Roth e4493d945f Merge pull request #3139 from redsand/fp_direct_syscall_amazonssmagentsetup 
False positive: ignore amazon ssm agent setup
 2022-06-17 18:45:49 +02:00
Tim Shelton e56dab0016 False positive: ignore amazon ssm agent setup 2022-06-17 16:33:47 +00:00
Yochana-H d659088d4b Merge branch 'Yochana-H' of https://github.com/Yochana-H/sigma into Yochana-H 2022-06-17 15:44:51 +01:00
Yochana-H 6dc3c1d4dd Create azure_blocked_account_attempt.yml 2022-06-17 15:44:40 +01:00
Nasreddine Bencherchali f84c1436a3 Add missing "contains" modifier 2022-06-17 14:06:14 +01:00
Nasreddine Bencherchali 7ada37a364 Update file_event_win_winword_cve_2021_40444.yml 2022-06-17 12:17:28 +01:00
Nasreddine Bencherchali 9e0ef7251b Update file_event_win_winword_cve_2021_40444.yml 2022-06-17 11:59:17 +01:00
Nasreddine Bencherchali cde97e7168 Update file_event_win_winword_cve_2021_40444.yml 2022-06-17 11:55:13 +01:00
Nasreddine Bencherchali d5146fe0d4 Update file_event_win_winword_cve_2021_40444.yml 2022-06-17 11:53:17 +01:00
Florian Roth 725cadc902 Update image_load_msdt_sdiageng.yml 2022-06-17 08:49:17 +02:00
eiger 764dbc4e3c Fix: Sigma title error 2022-06-17 14:40:01 +08:00
eiger e4ab54d60f Rule: Follina and DogWalk exploit msdt.exe loading sdiageng.dll 2022-06-17 09:41:08 +08:00
eiger 7444869de3 Rule: Follina and DogWalk exploit msdt.exe loading sdiageng.dll 2022-06-17 09:29:20 +08:00
eiger 21edcafa36 Rule: Follina or DogWalk exploit sdiageng.dll 2022-06-17 09:21:57 +08:00
Nasreddine Bencherchali 32c772d0df Update proc_creation_win_lolbin_openconsole.yml 2022-06-16 23:41:57 +01:00
Nasreddine Bencherchali 2ab106ddee Small Update and New Rule 2022-06-16 23:37:50 +01:00
frack113 4b17d2df48 Merge pull request #3134 from leegengyu/patch-1 
Update Description in proc_creation_win_sysinternals_eula_accepted.yml
 2022-06-16 17:14:31 +02:00
G Y 1eb02a0025 Update proc_creation_win_sysinternals_eula_accepted.yml 
Description changed (original description was taken from registry_add_sysinternals_eula_accepted.yml).
 2022-06-16 14:49:17 +08:00
ChiYang Tsai 32b4a836b8 using deepcopy to clone previous rule 2022-06-16 12:19:14 +08:00
frack113 b95470333e Merge pull request #3131 from securepeacock/patch-26 
Create registry_set_enabling_turn_off_check.yml
 2022-06-15 19:19:25 +02:00
securepeacock aa01c73f72 Update registry_set_enabling_turnoffcheck.yml 2022-06-15 11:49:38 -04:00
securepeacock bd6f9936a5 Rename registry_set_enabling_turn_off_check.yml to registry_set_enabling_turnoffcheck.yml 2022-06-15 11:07:55 -04:00
securepeacock 35c6084ef7 Update registry_set_enabling_turn_off_check.yml 2022-06-15 10:55:15 -04:00
securepeacock 1f279f633a Update registry_set_enabling_turn_off_check.yml 2022-06-15 10:54:23 -04:00
securepeacock cfabbc4bdf Update registry_set_enabling_turn_off_check.yml 2022-06-15 10:51:15 -04:00
securepeacock c0f01c84b3 Create registry_set_enabling_turn_off_check.yml 2022-06-15 10:49:19 -04:00
Florian Roth 9d974d1a1f Merge pull request #3130 from nasbench/master 
Add/Update Linux Rules
 2022-06-15 13:23:16 +02:00
Nasreddine Bencherchali a2d19f3db2 Add FP filter + FP remark 2022-06-15 11:48:15 +01:00
Nasreddine Bencherchali 9f0989e49c Quick typo fix 2022-06-15 11:38:34 +01:00
Nasreddine Bencherchali 894f6af09f Removed double quotes 2022-06-15 11:30:01 +01:00
Nasreddine Bencherchali ee23e653f9 Added "GET" method selection 2022-06-15 11:29:31 +01:00
Nasreddine Bencherchali e42318b0fb Update web_ssti_in_access_logs.yml 2022-06-14 22:10:09 +01:00
Nasreddine Bencherchali 143d70a959 Renamed CVE rule 5 2022-06-14 22:06:07 +01:00
Nasreddine Bencherchali b54df8d9ce Rename+Update 2022-06-14 21:58:34 +01:00
Nasreddine Bencherchali 029ddd3e98 Merge branch 'master' of https://github.com/nasbench/sigma 2022-06-14 21:58:08 +01:00
Florian Roth 9a048a90b7 Merge pull request #3129 from nasbench/master 
New/Update Rules
 2022-06-14 21:18:01 +02:00
frack113 227eefc985 Merge pull request #3128 from f-block/patch-2 
ProviderName seems to be wrong
 2022-06-14 20:58:11 +02:00
Frank Block e10a9f0257 Re-added powershell related "ProviderName" mapping 2022-06-14 20:48:36 +02:00
Nasreddine Bencherchali 6fd2339d0c Merge branch 'master' of https://github.com/nasbench/sigma 2022-06-14 19:33:49 +01:00
Nasreddine Bencherchali bc94d575b7 Update proc_creation_win_susp_explorer_break_proctree.yml 2022-06-14 19:31:25 +01:00
Nasreddine Bencherchali 5bf7b49671 Renamed More Rules 2022-06-14 19:28:27 +01:00
Nasreddine Bencherchali f527b8eb4c Rename Web CVE Rules 
Renamed WEB CVE rules to the format "web_cve_20XX_XXXX_rest_of_name"
 2022-06-14 19:22:26 +01:00
Nasreddine Bencherchali 00db705ae6 Rename Web Rule 2022-06-14 19:13:15 +01:00
Nasreddine Bencherchali 3b7a405492 Update proc_creation_win_lolbin_forfiles.yml 2022-06-14 18:18:14 +01:00
frack113 d15c427f93 Merge pull request #3127 from f-block/patch-1 
Fixes typo for TargetServerName mapping
 2022-06-14 19:02:13 +02:00
Nasreddine Bencherchali 7f75aceaf7 Update proc_creation_win_lolbin_pcalua.yml 2022-06-14 17:41:09 +01:00
Nasreddine Bencherchali f9bbe7e423 Update proc_creation_win_susp_explorer_break_proctree.yml 2022-06-14 17:40:01 +01:00