security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,106 Commits 1 Branch 57 Tags
dc83671da03a5a2fb2c013344f4e4bfe098a4225
Commit Graph

15106 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mohamed Ashraf dc83671da0 Update proxy_ua_malware.yml 2023-03-27 13:13:16 +02:00
Mohamed Ashraf (X__Junior) e868b66592 Update proxy_ua_malware.yml 2023-03-27 11:10:14 +02:00
Paul Schiffer b83c8aaf60 fix: typo in command line argument (#4140) 2023-03-24 15:46:46 +01:00
Nasreddine Bencherchali c5bb566fc9 Merge pull request #4139 from SigmaHQ/fix-broken-link 
Update sigma-logsource-checker.py
 2023-03-24 14:03:51 +01:00
Nasreddine Bencherchali 399b9c9251 Update sigma-logsource-checker.py 2023-03-24 13:56:11 +01:00
Nasreddine Bencherchali 8ad4140f57 feat: add logsource guides (#4103) 2023-03-24 13:53:59 +01:00
Gavin Knapp ec892dec93 feat: new rule proxy_susp_ipfs_cred_harvest.yml (#4113) 2023-03-24 12:29:25 +01:00
Nasreddine Bencherchali 76812d14ee Merge pull request #4138 from phantinuss/master 
fix: FPs found in testing environment
 2023-03-24 11:39:23 +01:00
phantinuss 85423f784c fix: condition filtering on all filters 2023-03-24 10:59:01 +01:00
phantinuss aa1ab49773 fix: FPs found in testing environment 2023-03-24 10:41:21 +01:00
phantinuss 330b68cac3 Merge pull request #4128 from gs3cl/gesec_winpeas 
Update proc_creation_win_hktl_winpeas.yml
 2023-03-24 08:40:11 +01:00
gs3cl df54e30ec8 chg author 2023-03-23 20:07:09 +01:00
Nasreddine Bencherchali a504ab6927 fix: add cli option 2023-03-23 15:36:13 +01:00
Nasreddine Bencherchali d48a08c441 fix: update selection choices 2023-03-23 15:30:48 +01:00
Nasreddine Bencherchali d14e287cdf Merge pull request #4134 from nasbench/nasbench-rule-devel 
fix: fp found in testing
 2023-03-23 12:19:39 +01:00
Nasreddine Bencherchali 07956e26e9 fix: remove version number 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-03-23 12:11:29 +01:00
Nasreddine Bencherchali 8b1ae7cc85 Merge pull request #4135 from phantinuss/master 
fix: FP found in testing, filter needs contains
 2023-03-23 12:09:17 +01:00
phantinuss afcbc08c85 fix: FP found in testing 2023-03-23 10:52:08 +01:00
Nasreddine Bencherchali 0ccef7822e fix: fp found in testing 2023-03-22 20:31:33 +01:00
Mohamed Ashraf 4c3296ce7a feat: new rule related to possible iviewers.dll sideloading (#4131) 2023-03-22 17:54:02 +01:00
xFFninja a0732b0d17 fix: update incorrect event field Accesses (#4133) 
This PR fixes the use of an incorrect field name in the rule rules/windows/builtin/security/win_security_exploit_cve_2023_23397_outlook_remote_file_query.yml
 2023-03-22 12:21:30 +01:00
Florian Roth 221afb3d13 Merge pull request #4123 from gbossert/patch-1 
Reference SEKOIA.IO as a user of Sigma and Sigma Correlation
 2023-03-22 09:03:46 +01:00
Florian Roth cf7831390d Merge pull request #4132 from nasbench/nasbench-rule-devel 
fix: fp found in testing
 2023-03-21 21:38:56 +01:00
Nasreddine Bencherchali bf148ad0ac fix: fp found in testing 2023-03-21 16:32:46 +01:00
D4rkCiph3r da468ec37a feat: new rule proc_creation_macos_add_to_admin_group.yml (#4121) 2023-03-21 11:29:42 +01:00
phantinuss a046b1c33a Merge pull request #4122 from cyb3rjy0t/patch-6 
azure_ad_suspicious_signin_bypassingMFA
 2023-03-21 09:37:24 +01:00
phantinuss 664d4b7b3e Merge pull request #4125 from X-Junior/new_malware_ua 
feat : new malware UA
 2023-03-21 08:59:53 +01:00
phantinuss 98ab4bcd6a fix: wording 2023-03-21 08:58:22 +01:00
gs3cl 302b42267f Update proc_creation_win_hktl_winpeas.yml 
fix error
 2023-03-21 08:26:22 +01:00
gs3cl 1dc81a5455 Update proc_creation_win_hktl_winpeas.yml 
- add selection_linpeas_option
- add selection_default_dl
- chg AND to OR for OriginalFileName
 2023-03-21 07:52:35 +01:00
tuan a035aa0385 feat: new rule related to process termination using kill (#4112) 2023-03-20 22:04:26 +01:00
Nasreddine Bencherchali b253e8cafc fix: apply suggestions from code review 2023-03-20 22:02:38 +01:00
Nasreddine Bencherchali ef95025e7b Merge pull request #4117 from alexmcdonald1124/mdatp-integrity-levels 
feat: adding integrity level mapping for Microsoft Defender backend
 2023-03-20 21:45:38 +01:00
Nasreddine Bencherchali 556ff56850 Merge pull request #4115 from YamatoSecurity/update-CIDR-rules 
fix: FPs on CIDR rules
 2023-03-20 21:42:23 +01:00
gs3cl e50d06b687 Update proc_creation_win_hktl_winpeas.yml 2023-03-20 21:31:40 +01:00
Nasreddine Bencherchali eb5d96f270 fix: update modified 2023-03-20 16:44:29 +01:00
Mohamed Ashraf (X__Junior) 87404ea1e1 Update proxy_ua_malware.yml 2023-03-20 17:41:13 +02:00
Georges Bossert 9fb8edac36 Reference SEKOIA.IO as a user of Sigma 
SEKOIA.IO leverages Sigma language along with its new correlation extension
 2023-03-20 13:39:33 +01:00
phantinuss d6b91a9abf fix: file extension (3) 2023-03-20 09:54:28 +01:00
phantinuss 23fc8e1d0c fix: file extension (2) 2023-03-20 09:40:23 +01:00
phantinuss f53e9676bb fix: missing file extention 2023-03-20 08:55:49 +01:00
cyb3rjy0t 14eea4ebcb azure_ad_suspicious_signin_bypassingMFA 2023-03-20 00:41:33 -04:00
Nasreddine Bencherchali b52abdef5c Merge pull request #4120 from leer-ts/master 
feat: add new rule related to `CVE-2023-23397` exploitation
 2023-03-17 23:39:49 +01:00
Nasreddine Bencherchali 4bcf5b75a7 fix: remove backslash and add example 2023-03-17 23:32:10 +01:00
Nasreddine Bencherchali 4a171ae82d fix: add definition section 
Added a definition section to indicate that SACLs are required
 2023-03-17 23:26:38 +01:00
Nasreddine Bencherchali cf49c5d509 fix: update rule for SIGMAHQ standard 2023-03-17 23:14:40 +01:00
Qasim Qlf 685c3d7970 fix: detection name word 'activity' (#4119) 2023-03-17 23:11:15 +01:00
leer-ts d456305533 Create win_security_outlook_remote_file.yml 2023-03-17 17:52:12 -04:00
Yamato Security bc8ee0831a revert comments 2023-03-18 04:54:43 +09:00
Yamato Security f05993bbbe update comment 2023-03-18 04:47:42 +09:00