security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6,607 Commits 1 Branch 57 Tags
db8cc0ee2d64e524d4c1912f8362fce8cf9e19a7
Commit Graph

24 Commits

Author SHA1 Message Date
Florian Roth db8cc0ee2d Merge pull request #1656 from SigmaHQ/rule-devel 
rule: suspicious vss ps load / PrinternightMare updates
 2021-07-08 15:03:28 +02:00
Florian Roth 2055f78780 refactor: make the rule more usable 2021-07-08 09:05:57 +02:00
Florian Roth 79338b2dbd fix: title 2021-07-08 08:33:46 +02:00
Florian Roth 96ea35fd92 rule: suspicious vss ps load 2021-07-07 18:21:57 +02:00
leegengyu 5d10cc68da Update mordordatasets references 2021-07-06 16:35:20 +08:00
wagga40 ae670603e8 Updated PrintNightmare Sysmon Imageload based rule with modifiers 2021-07-01 21:34:53 +02:00
Bhabesh Rai 69ca905506 Fixed bug in path 2021-07-01 12:26:00 +05:45
Bhabesh Rai dac9831d59 Fixed modified date 2021-07-01 12:23:38 +05:45
Bhabesh Rai 86f0ff5e44 Added new paths 2021-07-01 12:21:27 +05:45
Bhabesh Rai 206adbb2b6 Merging upstream updates 2021-07-01 12:18:30 +05:45
Bhabesh Rai e2c6b6977d Added new path 2021-07-01 12:12:09 +05:45
Daniel Masse fedda17231 Update the azure image_load rule to be a generic sysmon rule 2020-12-23 16:29:49 -05:00
Florian Roth de5444a81e Merge pull request #989 from oscd-initiative/master 
[OSCD Initiative][ATT&CK tags update]
 2020-09-08 13:27:58 +02:00
ecco ebc1d38027 fix in memory powershell false positive 2020-09-06 09:25:56 -04:00
Yugoslavskiy Daniil 42c4079ed8 att&ck tags review: windows/builtin, windows/driver_load, windows/file_event, windows/image_load, windows/other 2020-08-25 01:09:17 +02:00
Aidan Bracher dcf20e580d Updated tags to include sub-techniques 2020-07-18 02:50:57 +01:00
ecco e30eaa0202 be more specific about file location 2020-07-09 13:33:59 -04:00
ecco 94e3bd9e6b add WMI module load false positive 2020-07-09 13:32:21 -04:00
ecco 905f1b3823 add WMI and powershell false positives 2020-07-09 10:26:54 -04:00
Thomas Patzke 4762a59b89 Merge pull request #891 from rtkbkish/image-load-fixes 
Fix typo for rule in image_load category
 2020-07-07 22:31:32 +02:00
Brad Kish c758ca0eb9 Re-fix sysmon rules that are lost changes with category refactoring. 
Several fixes for sysmon rules got lost when the rules were refactored to use
categories.

Re-add the fixes.

https://github.com/Neo23x0/sigma/commit/38afd8b5def24191616ff0f0c0324cfbb7f0d6d0

https://github.com/Neo23x0/sigma/commit/422b2bffd77b217e6cec9a67c496b0aa44711ece

https://github.com/Neo23x0/sigma/commit/dfae2a6df6f5bbc90a7b476c22fc9c8fedab47e9
 2020-07-06 10:55:42 -04:00
Brad Kish 7031d9e2b8 Fix typo for rule in image_load category 
image_load not image_loaded.
 2020-07-03 16:23:17 -04:00
Florian Roth 9c0f9f398f refactor: sysmon rule cleanup > generlization 2020-07-01 10:58:39 +02:00
Florian Roth f3fedef8f5 Changed category names and remove sysmon log source 2020-06-24 17:41:21 +02:00