blue-team-tools

Author	SHA1	Message	Date
$frack113$ frack113	da8fcabe0c	Fix TargetFilename case	2021-11-10 19:49:25 +01:00
$frack113$ frack113	b6f6beda3c	FileMagicBytes do not exist in file_event	2021-11-10 19:44:08 +01:00
$frack113$ frack113	95b9cd3d35	fix detection	2021-11-10 19:40:10 +01:00
$frack113$ frack113	3ea1eda717	ParentImage do not exist in network_connection	2021-11-10 19:38:05 +01:00
$frack113$ frack113	b7b1ebf772	Fix LogonId - SubjectLogonId	2021-11-10 19:12:51 +01:00
$frack113$ frack113	a4951a29bb	Fix detection	2021-11-10 18:57:54 +01:00
$frack113$ frack113	ee4082b50d	Merge pull request #2242 from frack113/fix_ProcessCommandLine Fix process command line	2021-11-10 08:09:06 +01:00
$frack113$ frack113	a089a83794	Merge pull request #2238 from frack113/fix_logsource Fix logsource	2021-11-10 08:08:40 +01:00
$frack113$ frack113	ca17949d85	Merge pull request #2237 from frack113/m365 standardization m365	2021-11-10 08:08:10 +01:00
$frack113$ frack113	c14322dfc3	Merge pull request #2241 from frack113/linux Order Linux directory	2021-11-09 17:48:57 +01:00
$frack113$ frack113	3c3bf75aa8	fix detection from test	2021-11-09 17:04:27 +01:00
Florian Roth	37b9abd827	fix: date field	2021-11-09 16:52:19 +01:00
Florian Roth	77e9decc64	Merge branch 'master' into rule-devel	2021-11-09 16:45:49 +01:00
$frack113$ frack113	24f3e9db5b	fix detection from ref	2021-11-09 16:44:11 +01:00
Florian Roth	c61ca81d9c	refactor: raw disk access rule FPs	2021-11-09 16:15:31 +01:00
$frack113$ frack113	c5fa73c328	fix ProcessCommandLine to ParentCommandLine	2021-11-09 16:13:29 +01:00
$frack113$ frack113	18fea95b86	move to macos	2021-11-09 13:33:58 +01:00
$frack113$ frack113	e8a36ace96	move to other	2021-11-09 13:32:22 +01:00
$frack113$ frack113	c8f488eabf	move to builtin	2021-11-09 13:27:20 +01:00
$frack113$ frack113	6c19303aa4	normalize logsource	2021-11-09 10:48:13 +01:00
$frack113$ frack113	8f39ef9ed1	normalize logsource	2021-11-09 10:41:09 +01:00
$frack113$ frack113	3430943746	standardization	2021-11-09 07:27:25 +01:00
$frack113$ frack113	73e2b5fae6	Merge pull request #2233 from frack113/zipexec Add win_pc_susp_zipexec	2021-11-08 22:46:17 +01:00
$frack113$ frack113	3e670a876f	Merge pull request #2232 from frack113/fix_sysmon_rule fix logsources	2021-11-08 21:28:44 +01:00
$frack113$ frack113	d3c3cd9930	Merge pull request #2230 from frack113/process_creation_clean Process creation directory clean	2021-11-08 21:27:25 +01:00
Florian Roth	3f57251768	Merge branch 'master' into rule-devel	2021-11-08 11:46:35 +01:00
Florian Roth	d43f845157	Update proxy_cobalt_malformed_uas.yml	2021-11-08 11:21:49 +01:00
Florian Roth	20f4099cec	rule: Kirbi file creation	2021-11-08 11:21:40 +01:00
$frack113$ frack113	4672762010	add win_pc_susp_zipexec	2021-11-07 21:57:40 +01:00
$frack113$ frack113	e51dab10c2	fix logsources	2021-11-07 09:55:02 +01:00
$frack113$ frack113	aa8694fdef	add missing category	2021-11-06 10:17:12 +01:00
$frack113$ frack113	68d30293b5	Cleanup process_creation	2021-11-06 10:16:16 +01:00
$frack113$ frack113	a3f3ec84c9	fix product windows case	2021-11-05 13:16:24 +01:00
$frack113$ frack113	80d2aee944	Merge pull request #2227 from redsand/remove_duplicate_powershell_check Removing duplicate rule of Powershell memory check	2021-11-05 11:15:38 +01:00
$frack113$ frack113	3416db7301	Merge pull request #2225 from frack113/cmdl32 add win_pc_susp_cmdl32_lolbas	2021-11-04 20:58:50 +01:00
$frack113$ frack113	a811acde00	Merge pull request #2224 from frack113/schtasks_appdata add win_pc_susp_schtasks_user_temp	2021-11-04 20:58:31 +01:00
Tim Shelton	dda204bd51	updating yaml	2021-11-04 18:56:07 +00:00
Tim Shelton	e266491f0a	adding obsoletes tags	2021-11-04 18:36:55 +00:00
$frack113$ frack113	e058e56c22	fix unknown	2021-11-04 18:07:16 +01:00
Tim Shelton	1ae596b634	removing rule 867613fb-fa60-4497-a017-a82df74a172c . this is a duplicate of 092bc4b9-3d1d-43b4-a6b4-8c8acd83522f and does not contain an allow list of known processes.	2021-11-04 17:07:00 +00:00
$frack113$ frack113	5506b1c566	add OriginalFileName	2021-11-04 13:42:04 +01:00
$frack113$ frack113	edb1458791	add win_pc_susp_cmdl32_lolbas	2021-11-03 20:45:21 +01:00
$frack113$ frack113	be6186fa1c	Forget the Local	2021-11-03 17:01:34 +01:00
$frack113$ frack113	5a4db26ec7	add win_pc_susp_schtasks_user_temp	2021-11-03 15:14:34 +01:00
zakibro	30f13d41f5	Update lnx_auditd_load_module_insmod.yml fixing missing date	2021-11-02 17:16:59 +01:00
Pawel Mazur	dd7817917c	Linux - Auditd - Loading of Kernel Module via Insmod rule	2021-11-02 17:04:39 +01:00
$frack113$ frack113	eb9428ff6a	Merge pull request #2221 from skirankumar/master Added another application	2021-11-02 16:28:33 +01:00
S.kiran kumar	802cdb0189	Added another application	2021-11-01 21:41:57 +05:30
$frack113$ frack113	2a2bfab06e	add win_pc_set_policies_to_unsecure_level	2021-11-01 15:35:46 +01:00
$frack113$ frack113	fb750721b2	Merge pull request #2212 from frack113/new_status New status from discussions	2021-10-31 20:38:28 +01:00

1 2 3 4 5 ...

6434 Commits