security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
14,048 Commits 1 Branch 57 Tags
d38195ea31a002cee4c32ea5c19bb082779d0482
Commit Graph

10950 Commits

Author SHA1 Message Date
Nasreddine Bencherchali d38195ea31 fix: remove folder start 2022-12-29 11:32:37 +01:00
Nasreddine Bencherchali 425c29cf1c feat: add new linux rules 2022-12-29 11:17:42 +01:00
Nasreddine Bencherchali 38a8696e51 Merge branch 'SigmaHQ:master' into nasbench-rule-devel 2022-12-27 17:01:07 +01:00
Nasreddine Bencherchali 85aa0220d0 Merge pull request #3819 from blueteam0ps/master 
lnx_auditd_debugfs_usage.yml
 2022-12-27 16:57:22 +01:00
Florian Roth 3e712480c4 Merge pull request #3824 from SigmaHQ/rule-devel 
Htran/NATbypass, Greedy RAR
 2022-12-27 16:34:33 +01:00
Nasreddine Bencherchali 88e56229cf fix: indentation and selection names for clarity 2022-12-27 16:26:20 +01:00
Nasreddine Bencherchali 0d2ddb4a9b fix: small selection fix for clarity 2022-12-27 16:23:09 +01:00
Nasreddine Bencherchali 256d6a839e fix: update condition 
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2022-12-27 16:13:56 +01:00
Florian Roth 32a17342b4 Update rules/windows/process_creation/proc_creation_win_rar_susp_greedy.yml 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-27 15:46:37 +01:00
Nasreddine Bencherchali 281dc11fc5 fix: remove correlation 2022-12-27 15:31:51 +01:00
frack113 8a6f66b120 Rules for Issue 575 (#3820) 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-27 15:17:45 +01:00
Nasreddine Bencherchali 47572e08c8 fix: remove additional space 2022-12-27 14:27:55 +01:00
Nasreddine Bencherchali de704d285a feat: new rule related to CVE-2022-46169 2022-12-27 14:22:53 +01:00
frack113 7060db3d47 Promotion rules (#3821) 
* Promotion rules

* fix missing null

* fix: modified date

Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-27 12:29:10 +01:00
sai prashanth pulisetti 8b05818559 Create proc_creation_win_SharpImpersonation_tool.yml (#3823) 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2022-12-27 12:02:22 +01:00
Florian Roth 0cd5eb375d Merge branch 'master' into rule-devel 2022-12-27 11:58:53 +01:00
Florian Roth 65f92dcd47 rule: HTran / NATBypass usage 2022-12-27 11:58:44 +01:00
tuan 2d759cad94 Add rule delete group or user (#3822) 
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-27 11:21:14 +01:00
BlueTeamOps 1d8256fa69 Update lnx_auditd_debugfs_usage.yml 2022-12-25 09:47:19 +11:00
BlueTeamOps 81d8d1a5a7 replaced timeframe with timespan 2022-12-25 08:10:03 +11:00
BlueTeamOps 976d994cee Updated to include additional tools 
Expanded the list of Linux tools that may be used to obtain volume meta info and also included the auditd.
Removed specific switches for tools as those tools and debugfs exec within that time period will be rare.
 2022-12-25 07:57:18 +11:00
frack113 8ea3999754 Merge pull request #3302 from memory-shards/master 
Create proc_creation_win_lolbin_agentexecutor.yml
 2022-12-24 15:45:35 +01:00
Nasreddine Bencherchali 794d93c298 fix: broken selection 2022-12-24 14:11:32 +01:00
Nasreddine Bencherchali e7d6bf7cab fix: enhance logic of AgentExecutor rules 2022-12-24 14:10:21 +01:00
BlueTeamOps de84fbcd62 lnx_auditd_debugfs_usage.yml 2022-12-24 23:41:20 +11:00
Nasreddine Bencherchali e6baac1bf2 fix: exclude teamviewer fp & reduce severity 2022-12-23 20:50:38 +01:00
Nasreddine Bencherchali 21f5bf8536 feat: new rules related to rat software based on #2841 2022-12-23 20:42:51 +01:00
frack113 271460062e Merge pull request #3815 from nasbench/aadinternals-rules 
feat: new aadinternals related rules
 2022-12-23 20:20:07 +01:00
frack113 5fdad241ea Update proc_creation_win_lolbin_agentexecutor.yml 2022-12-23 20:11:55 +01:00
Nasreddine Bencherchali b19abdaeda fix: date position 2022-12-23 20:02:54 +01:00
Nasreddine Bencherchali 5a8808e0ac fix: wrong category 2022-12-23 19:27:34 +01:00
Nasreddine Bencherchali 1f38e15bb4 fix: fp section 2022-12-23 19:24:08 +01:00
Nasreddine Bencherchali 92e4081de3 fix: duplicate title 2022-12-23 19:20:43 +01:00
Nasreddine Bencherchali 28664d5bb3 feat: new aadinternals related rules 2022-12-23 19:16:17 +01:00
Nasreddine Bencherchali 0aa6f26a6f feat: updates and enhancements 2022-12-23 18:37:59 +01:00
frack113 756f98f0ec Merge pull request #3813 from frack113/issue_575 
Some rules for  Issue 575
 2022-12-23 13:38:21 +01:00
frack113 df015e555c Add more ref 2022-12-23 13:22:50 +01:00
Nasreddine Bencherchali a1b2e0ee81 Merge pull request #3781 from blueteam0ps/aws_det 
Multiple AWS detection rules
 2022-12-23 12:41:15 +01:00
frack113 546e53fb35 Apply suggestions from code review 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-23 12:34:56 +01:00
frack113 32b7ef47df Add count condition 2022-12-23 12:32:05 +01:00
frack113 bee5b2f252 Issue 575 page 43 2022-12-23 11:10:17 +01:00
Nasreddine Bencherchali a3f897606f fix: enhance metadata information 2022-12-23 11:01:57 +01:00
frack113 b200b5dedb Fix title 2022-12-23 10:58:11 +01:00
frack113 9617cdd4ea Issue 575 page 42 2022-12-23 10:50:34 +01:00
Nasreddine Bencherchali 03cc78e916 feat: filename test enhancements (#3812) 2022-12-23 09:25:16 +01:00
Nasreddine Bencherchali 57e51cca2a fix: typo in near operator 2022-12-22 16:08:21 +01:00
Nasreddine Bencherchali 3fc4390767 Merge pull request #3809 from qasimqlf/patch-18 
fix: updated targetUserName and ipAddress
 2022-12-22 15:16:52 +01:00
Florian Roth 9aa823fe3b Merge pull request #3810 from nasbench/nasbench-rule-devel 
feat: rule dev and updates
 2022-12-22 15:04:08 +01:00
Nasreddine Bencherchali 17aae0161d fix: add other missing encoded @ symbol 2022-12-22 14:55:20 +01:00
Nasreddine Bencherchali d6b6984567 fix: add encoded @ symbol 
Co-authored-by: Florian Roth <venom14@gmail.com>
 2022-12-22 14:53:34 +01:00