security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,089 Commits 1 Branch 57 Tags
d14e287cdf91e2a8b995de5bfbc3fa8540c1922b
Commit Graph

15089 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Florian Roth a5d0e63716 fix: FPs with Zoom 2022-05-05 07:54:16 +02:00
Bhabesh 7f2ad6df89 Fix for error 2022-05-05 11:24:20 +05:45
frack113 9dc261baa4 Merge pull request #2984 from redsand/hawk_win_mix_fix 
BACKEND: Hawk windows mix of app/system/security fix with Provider_Name
 2022-05-05 06:20:38 +02:00
Tim Shelton bd51eb4c72 adding additional filter for string 2022-05-04 15:27:23 +00:00
Tim Shelton ad003de3fb Fixing mismatch of sigs when using system/app/security and additional matching against provider name 2022-05-04 14:58:02 +00:00
Bhabesh 46827e2655 Added rule for Nimbuspwn exploitation 2022-05-04 20:30:40 +05:45
jstnk9 d632b9438a Update registry_set_scr_file_executed_by_rundll32.yml 2022-05-04 16:13:36 +02:00
jstnk9 9f608172ab Create registry_set_scr_file_executed_by_rundll32.yml 2022-05-04 15:29:14 +02:00
Florian Roth 3faac9729d fix: FP with Zoom 2022-05-04 11:33:12 +02:00
Florian Roth 752338408c Merge branch 'master' into rule-devel 2022-05-04 11:30:39 +02:00
Florian Roth 17a1a035c5 doc: change titles to avoid duplicates 2022-05-04 11:30:30 +02:00
Florian Roth 0d02ee3d22 docs: sigmac backend warning 2022-05-03 12:49:41 +02:00
Thomas Patzke 866e983f94 Merge pull request #2980 from tungdr4/master 
Add StreamAlert backend
 2022-05-03 12:45:25 +02:00
tungnd27 9d7a7f7896 Add StreamAlert backend 2022-05-03 17:32:19 +07:00
Sven Scharmentke 616dce35e2 Implemented RuleId property & use Generic fields as they are matched. 2022-05-03 01:08:12 +02:00
Sven Scharmentke 0d2189cfa2 Merge branch 'SigmaHQ:master' into feature/ame-6.3 2022-05-03 00:02:13 +02:00
Thomas Patzke f6ec8de586 Modifier support for conditional expressions 2022-05-02 23:22:16 +02:00
Florian Roth a8ab241220 Merge branch 'master' into rule-devel 2022-05-02 20:54:40 +02:00
Florian Roth 34f8b13a55 rule: service binaries in suspicious folders 2022-05-02 20:54:04 +02:00
frack113 2ec87f0459 Fix errors 2022-05-02 20:05:30 +02:00
Florian Roth 956a95e424 Merge pull request #2975 from frack113/redcannary_20220501 
Windows Redcannary test
 2022-05-02 19:35:10 +02:00
Florian Roth 9482eb92ec Update registry_set_creation_service_temp_folder.yml 2022-05-02 19:30:43 +02:00
Florian Roth 8b0ed3d064 Update proc_creation_win_susp_gpresult.yml 2022-05-02 19:25:42 +02:00
frack113 74cdc43549 Lolbin rules 2022-05-02 19:19:12 +02:00
frack113 315a79fcf0 Update proc_creation_win_susp_gpresult.yml 2022-05-02 18:13:03 +02:00
Florian Roth 5a619f5bab Merge pull request #2977 from phantinuss/master 
fix: FPs in prod environment
 2022-05-02 16:51:38 +02:00
phantinuss 97de80a9e1 fix: FPs in prod environment 2022-05-02 16:44:15 +02:00
Florian Roth e76322ff5a Merge pull request #2976 from SigmaHQ/aurora-false-positive-fixing 
Aurora false positive fixing
 2022-05-02 16:38:01 +02:00
Florian Roth b19c3e154c fix: FPs with new NTLMv1 rule 2022-05-02 16:32:18 +02:00
Florian Roth 892025474d fix: FPs noticed with Aurora 2022-05-02 16:25:33 +02:00
Thomas Patzke 512dad2185 Removed debugging code 2022-05-02 00:43:42 +02:00
Thomas Patzke 9ee0d29d68 Windash modifier 2022-05-02 00:38:21 +02:00
Thomas Patzke 58dea50656 Fix: Subexpression with OR instead of OR 2022-05-01 23:17:33 +02:00
Thomas Patzke 184b6bb244 Wrapping base64offset modified expansion group into ConditionOR 2022-05-01 23:07:25 +02:00
frack113 e5a30a7b89 Add proc_creation_win_susp_gpresult 2022-05-01 19:18:39 +02:00
frack113 bd3df87ba7 Redcannary test 2022-05-01 11:34:54 +02:00
Florian Roth 548b223e3b Merge pull request #2973 from SigmaHQ/rule-devel 
fix: missing author
 2022-04-29 16:53:09 +02:00
Florian Roth b58deaaf51 fix: missing author 2022-04-29 16:43:18 +02:00
Florian Roth 97252e987b Merge pull request #2972 from redsand/hawk_termsvcs_update 
adding support for terminal services-localsessionmanager
 2022-04-29 16:41:53 +02:00
Tim Shelton 102a45a215 adding support for terminal services-localsessionmanager 2022-04-29 14:29:05 +00:00
Florian Roth 142865bf9d Merge pull request #2971 from phantinuss/master 
fix: FPs found in prod environment
 2022-04-29 16:10:38 +02:00
phantinuss 06725ecfcb fix: FPs found at prod environment 2022-04-29 15:07:58 +02:00
Florian Roth 96628bf7c0 Merge pull request #2960 from elhoim/mobsync_network2 
New rule for suspicious network connections from Microsoft Sync Center
 2022-04-29 13:25:56 +02:00
Florian Roth f695443c4c Merge pull request #2969 from SigmaHQ/new-source-terminalservices 
New source terminalservices
 2022-04-29 13:25:12 +02:00
Florian Roth bff463d7bf Merge branch 'rule-devel' into new-source-terminalservices 2022-04-29 13:13:06 +02:00
Florian Roth 7094565977 fix: description 2022-04-29 13:10:36 +02:00
Florian Roth 668fe8aa32 Merge pull request #2968 from SigmaHQ/rule-devel 
rule: RDP to 80/tcp or 443/tcp
 2022-04-29 12:29:13 +02:00
Florian Roth 43f3a31d19 feat: new service definition - terminal services 2022-04-29 12:26:26 +02:00
Florian Roth 2df291fe0a rule: ngrok to remote desktop service 2022-04-29 12:25:38 +02:00
Florian Roth a157d5d949 rule: RDP to 80/tcp or 443/tcp 2022-04-29 12:03:07 +02:00