security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,181 Commits 1 Branch 57 Tags
da4a8a0ffdbe1ae7288141bd1cd4de4b0504f6d4
Commit Graph

8181 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
kidrek da4a8a0ffd Fix title field error 2021-09-29 09:49:58 +02:00
kidrek d3fc6b118d Add new rule - sysmon_delete_prefetch - AntiForensic 2021-09-29 09:42:17 +02:00
frack113 a7b237e6f3 Merge pull request #2075 from stevengoossensB/master 
Rename auditbeat.yml
 2021-09-24 09:43:46 +02:00
Steven Goossens 02ba717c97 Merge branch 'SigmaHQ:master' into master 2021-09-24 09:01:26 +02:00
Steven 9cb826b0d1 Rename auditbeat.yml to ecs-auditbeat-modules-enabled.yml 2021-09-24 09:00:26 +02:00
frack113 93493d1c93 Merge pull request #2073 from stevengoossensB/master 
Auditbeat configuration - mainly auditd
 2021-09-23 19:36:55 +02:00
Steven 73f3ed6e34 Merge branch 'master' of https://github.com/stevengoossensB/sigma 2021-09-23 18:57:09 +02:00
Steven bf1a8c2415 Fix yamllint 2021-09-23 18:56:29 +02:00
Steven Goossens 10aff6a3cb Merge branch 'SigmaHQ:master' into master 2021-09-23 18:05:10 +02:00
frack113 6fa0610ced Merge pull request #2071 from frack113/fix_name 
Fix filename
 2021-09-23 15:26:27 +02:00
Steven 35a710eec6 Added configuration for auditbeat, mapping to Elastic ECS 2021-09-23 14:59:51 +02:00
frack113 aa96f21d0f fix filename 2021-09-23 14:52:56 +02:00
frack113 934e391159 fix filename 2021-09-23 14:51:59 +02:00
frack113 44feb3ddf6 fix filename 2021-09-23 14:46:13 +02:00
frack113 89776b8c14 fix filename 2021-09-23 14:44:51 +02:00
frack113 8b5f62bdb7 fix filename 2021-09-23 14:41:16 +02:00
frack113 c029e62c64 fix filename 2021-09-23 14:37:34 +02:00
Florian Roth bb2e6acd40 Merge pull request #1926 from pbssubhash/master 
Adding CVE's Exploitation attempt detection: Year - 2010
 2021-09-23 14:08:15 +02:00
frack113 e9260679d4 Merge pull request #2064 from SigmaHQ/rule-devel 
Changed tags in lnx_clear_syslog.yml
 2021-09-23 13:55:18 +02:00
frack113 c59b0eb543 Merge pull request #2063 from frack113/last_global 
Split Last Global Rules
 2021-09-23 13:54:57 +02:00
Florian Roth 3107ede1c4 Merge branch 'pr/2065' 2021-09-23 09:18:15 +02:00
frack113 688903192d Merge branch 'fix_filename_test' of https://github.com/frack113/sigma into fix_filename_test 2021-09-23 08:01:19 +02:00
frack113 605fa2dd80 update filename 2021-09-23 07:58:50 +02:00
frack113 595e4b9d6d add duplicate name file check 2021-09-23 06:50:18 +02:00
frack113 cce90a669a Merge pull request #2067 from austinsonger/aws_suspicious_saml_activity.yml 
aws_suspicious_saml_activity.yml
 2021-09-23 06:34:18 +02:00
frack113 525a310c86 Merge pull request #2068 from austinsonger/typos 
Typos
 2021-09-23 06:32:49 +02:00
frack113 66b3eeb77f Merge pull request #2066 from austinsonger/okta_author 
Okta author
 2021-09-23 06:32:26 +02:00
Austin Songer 53f426342c Update win_file_winword_cve_2021_40444.yml 2021-09-22 22:26:05 -05:00
Austin Songer ab613af365 Update sysmon_atlassian_confluence_cve_2021_26084_exploit.yml 2021-09-22 22:24:24 -05:00
Austin Songer 6942b9c5e8 Update aws_suspicious_saml_activity.yml 2021-09-22 20:16:50 -05:00
Austin Songer d1337bbfbf Create aws_suspicious_saml_activity.yml 2021-09-22 20:15:36 -05:00
Austin Songer 097c6c3537 Update okta_user_account_locked_out.yml 2021-09-22 19:54:46 -05:00
Austin Songer 05d454d794 Update okta_unauthorized_access_to_app.yml 2021-09-22 19:54:39 -05:00
Austin Songer 26b99a44c0 Update okta_security_threat_detected.yml 2021-09-22 19:54:32 -05:00
Austin Songer f55b9ef024 Update okta_policy_rule_modified_or_deleted.yml 2021-09-22 19:54:23 -05:00
Austin Songer 100eb06e7a Update okta_policy_modified_or_deleted.yml 2021-09-22 19:54:15 -05:00
Austin Songer 9d910d823a Update okta_network_zone_deactivated_or_deleted.yml 2021-09-22 19:54:09 -05:00
Austin Songer ea73c692d7 Update okta_mfa_reset_or_deactivated.yml 2021-09-22 19:54:02 -05:00
Austin Songer f673eb413e Update okta_application_sign-on_policy_modified_or_deleted.yml 2021-09-22 19:53:56 -05:00
Austin Songer 1effd8b187 Update okta_application_modified_or_deleted.yml 2021-09-22 19:53:49 -05:00
Austin Songer ccd9f8d6dc Update okta_api_token_revoked.yml 2021-09-22 19:53:43 -05:00
Austin Songer 6401f9b4d9 Update okta_api_token_created.yml 2021-09-22 19:53:36 -05:00
Austin Songer ecb18ec149 Update okta_admin_role_assigned_to_user_or_group.yml 2021-09-22 19:53:28 -05:00
Austin Songer 74452347fb Update okta_user_account_locked_out.yml 2021-09-22 19:52:43 -05:00
Austin Songer 275ebf7884 Update okta_unauthorized_access_to_app.yml 2021-09-22 19:52:36 -05:00
Austin Songer 2ab5ba0a0c Update okta_security_threat_detected.yml 2021-09-22 19:52:29 -05:00
Austin Songer 1aec430291 Update okta_policy_rule_modified_or_deleted.yml 2021-09-22 19:52:23 -05:00
Austin Songer cead26637b Update okta_policy_modified_or_deleted.yml 2021-09-22 19:52:17 -05:00
Austin Songer e1eb8c6222 Update okta_network_zone_deactivated_or_deleted.yml 2021-09-22 19:52:10 -05:00
Austin Songer 38e09f061d Update okta_mfa_reset_or_deactivated.yml 2021-09-22 19:52:04 -05:00