blue-team-tools

Author	SHA1	Message	Date
Nasreddine Bencherchali	4808025de3	fix: remove cli option	2023-02-06 13:58:03 +01:00
Nasreddine Bencherchali	ce608f4103	fix: update description Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2023-02-06 13:56:09 +01:00
Wagga	273fdb9985	fix: typos in multiple rules (#4011 )	2023-02-06 13:53:23 +01:00
Florian Roth	07ae3983df	Merge pull request #4013 from SigmaHQ/aurora-false-positive-fixing Aurora false positive fixing	2023-02-06 13:43:45 +01:00
Florian Roth	ae59595e69	Merge branch 'aurora-false-positive-fixing' of https://github.com/SigmaHQ/sigma into aurora-false-positive-fixing	2023-02-06 13:26:39 +01:00
Florian Roth	205f6a4de7	fix: FP with Get-ADObject	2023-02-06 13:26:37 +01:00
Florian Roth	22e0f96f66	Merge pull request #4012 from SigmaHQ/aurora-false-positive-fixing Aurora false positive fixing	2023-02-06 13:02:43 +01:00
Nasreddine Bencherchali	11d6db92ff	fix: change modifier to `startswith`	2023-02-06 12:56:32 +01:00
phantinuss	aa34bbfe35	Merge pull request #4007 from nasbench/nasbench-rule-devel feat: updates and enhancements	2023-02-06 12:54:50 +01:00
Florian Roth	a5311c3981	Merge branch 'aurora-false-positive-fixing' of https://github.com/SigmaHQ/sigma into aurora-false-positive-fixing	2023-02-06 12:48:47 +01:00
Florian Roth	80b588d7fc	fix: FP with wermgr in WinSXS	2023-02-06 12:48:45 +01:00
Nasreddine Bencherchali	3ee01d500c	fix: remove unnecessary filter	2023-02-06 12:36:41 +01:00
Nasreddine Bencherchali	1f34cecadf	fix: multiple typos Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2023-02-06 12:28:45 +01:00
phantinuss	ce7cdded61	fix: update regex	2023-02-06 12:04:54 +01:00
phantinuss	ee90cb036b	chore: fix typo	2023-02-06 09:37:23 +01:00
Nasreddine Bencherchali	11c7695d75	fix: add missing modified dates	2023-02-05 22:24:26 +01:00
Nasreddine Bencherchali	a23d0c39e0	fix: remove unnecessary `or`	2023-02-05 21:55:22 +01:00
Nasreddine Bencherchali	68f0833cbc	feat: more fixes and updates	2023-02-05 21:46:22 +01:00
Nasreddine Bencherchali	ad97bc4685	Merge branch 'SigmaHQ:master' into nasbench-rule-devel	2023-02-05 13:42:11 +01:00
Nasreddine Bencherchali	fa21f5ae5d	Merge pull request #4009 from SigmaHQ/aurora-false-positive-fixing fix: FPs with cloudapp	2023-02-05 13:41:46 +01:00
Florian Roth	88c028f925	fix: FPs with cloudapp	2023-02-05 11:14:05 +01:00
$frack113$ frack113	a5f828b759	Update proc_creation_win_reg_defender_exclusion.yml	2023-02-04 22:56:38 +01:00
$frack113$ frack113	7d162957f0	Update proc_creation_win_hktl_handlekatz.yml	2023-02-04 22:50:54 +01:00
$frack113$ frack113	06bfeefe24	Update proc_creation_win_reg_dump_sam.yml	2023-02-04 22:48:10 +01:00
Nasreddine Bencherchali	0795ed6469	feat: additional updates and fixes	2023-02-04 21:06:47 +01:00
Nasreddine Bencherchali	f580463834	Merge branch 'SigmaHQ:master' into nasbench-rule-devel	2023-02-04 14:51:39 +01:00
Nasreddine Bencherchali	febefa7e00	Merge pull request #4008 from SigmaHQ/rule-devel refactor: add ONENOTE.EXE susp Office shell spawn	2023-02-04 14:45:04 +01:00
Florian Roth	40e2d52a41	refactor: add ONENOTE.EXE susp Office shell spawn	2023-02-04 14:33:25 +01:00
$frack113$ frack113	38d304b9b3	Merge pull request #4003 from 0xzeta/patch-1 proc_creation_win_susp_rundll32_script_run.yml	2023-02-04 13:00:33 +01:00
Nasreddine Bencherchali	9e169c05a2	fix: add missing modified and small fixes to selections	2023-02-04 11:44:33 +01:00
Nasreddine Bencherchali	24c6f5f21e	Merge branch 'SigmaHQ:master' into nasbench-rule-devel	2023-02-04 11:43:38 +01:00
Nasreddine Bencherchali	6b49c9328b	Merge pull request #4004 from qasimqlf/master fix: small updates to selections and conditions	2023-02-04 11:43:19 +01:00
Thomas Patzke	ef9d4f702d	Merge pull request #3878 from DCSO/rule_test_add_re_escape_tests Test: Check 're' rules against unwanted/unneeded escapes	2023-02-04 08:59:16 +01:00
Qasim Qlf	b40c19cda1	Update rules/windows/process_creation/proc_creation_win_python_pty_spawn.yml Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2023-02-04 11:08:46 +05:00
Nasreddine Bencherchali	9e3bbf5e71	fix: remove typo dash	2023-02-03 20:20:31 +01:00
Nasreddine Bencherchali	d89e36247a	fix: remove space from nltest rule	2023-02-03 20:18:16 +01:00
Nasreddine Bencherchali	fc316d8638	feat: even more updates	2023-02-03 20:17:09 +01:00
Nasreddine Bencherchali	b017bc5f88	fix: resolves #4005	2023-02-03 19:15:26 +01:00
Nasreddine Bencherchali	767fd84bd4	feat: more updates	2023-02-03 19:03:51 +01:00
Nasreddine Bencherchali	28a60a1eab	fix: update reference link Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2023-02-03 18:47:43 +01:00
Florian Roth	791d3a8e9a	Merge pull request #4006 from SigmaHQ/rule-devel refactor: AV signature rules updated	2023-02-03 17:13:56 +01:00
Florian Roth	3f75cd0844	Update proc_creation_win_right_to_left_override.yml	2023-02-03 15:43:30 +01:00
Zeta	4cbc8f2ca1	Update Rundll32 execute VBscript command using Ordinal number	2023-02-03 21:43:05 +07:00
Florian Roth	bf8c8604ce	exchange the unicode char with the hex representation	2023-02-03 15:41:46 +01:00
Zeta	ca5064cf00	update permalink	2023-02-03 21:30:14 +07:00
Florian Roth	619dada1c8	fix: short identifier that could cause FPs	2023-02-03 15:29:53 +01:00
Florian Roth	2b8b5f62f4	refactor: AV signature rules updated	2023-02-03 15:22:19 +01:00
Qasim Qlf	2519122a13	Update rules/windows/process_creation/proc_creation_win_regedit_import_keys_ads.yml Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2023-02-03 19:12:36 +05:00
Qasim Qlf	469e2a1368	Update rules/windows/process_creation/proc_creation_win_tool_nircmd.yml Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2023-02-03 19:02:10 +05:00
Qasim Qlf	119c74941f	Update rules/windows/process_creation/proc_creation_win_termserv_proc_spawn.yml Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2023-02-03 19:01:23 +05:00

... 6 7 8 9 10 ...

15089 Commits