security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,932 Commits 1 Branch 57 Tags
dd115ca74c8d8ccc5be91404d2e5eafb8bca1981
Commit Graph

3743 Commits

Author SHA1 Message Date
Qasim Qlf ec657a3118 Merge branch 'master' into master 2022-09-27 16:26:22 +05:00
Florian Roth e2aacfea35 Merge pull request #3519 from SigmaHQ/rule-devel 
Rule devel
 2022-09-27 12:05:22 +02:00
Florian Roth be9fb6a6bd Merge pull request #3523 from SigmaHQ/aurora-false-positive-fixing 
Aurora false positive fixing
 2022-09-27 11:10:11 +02:00
Florian Roth d2f7ff8059 Merge branch 'aurora-false-positive-fixing' of https://github.com/SigmaHQ/sigma into aurora-false-positive-fixing 2022-09-27 10:47:21 +02:00
Florian Roth 5e6a926ac3 fix: FPs 2022-09-27 10:47:19 +02:00
Florian Roth 43d9f3a13b Merge branch 'master' into rule-devel 2022-09-27 10:29:03 +02:00
Qasim Qlf de517ba8a2 Update proc_creation_win_uac_bypass_icmluautil.yml 2022-09-27 13:21:48 +05:00
Qasim Qlf 600494adbc Fix the filter 2022-09-27 13:11:08 +05:00
Florian Roth 408bf97181 Update proc_creation_win_susp_renamed_createdump.yml 2022-09-27 09:12:44 +02:00
Florian Roth b53f08b081 Update proc_creation_win_process_dump_rundll32_comsvcs.yml 2022-09-27 09:12:06 +02:00
Florian Roth 9b091811dd Update proc_creation_win_uac_bypass_icmluautil.yml 2022-09-27 00:22:34 +02:00
Florian Roth f9322f342c Update proc_creation_win_susp_sharpview.yml 2022-09-27 00:22:10 +02:00
Florian Roth 224ea52dcd Update proc_creation_win_cmstp_com_object_access.yml 2022-09-27 00:21:33 +02:00
Florian Roth e6d7ba8224 Merge branch 'master' into aurora-false-positive-fixing 2022-09-27 00:20:07 +02:00
Florian Roth 0503e2b8f7 fix: FPs on Azure 2022-09-27 00:17:53 +02:00
Florian Roth e1375467c5 fix: FPs with Azure hosts 2022-09-26 23:52:48 +02:00
frack113 a55749f27d Merge pull request #3516 from veramine/patch-1 
Update proc_creation_win_commandline_path_traversal_evasion.yml
 2022-09-21 18:20:23 +02:00
Florian Roth eeca6a898b fix: mitre attack tags 2022-09-21 18:16:02 +02:00
Florian Roth 2ffca9c8da fix: condition 2022-09-21 18:08:24 +02:00
Florian Roth 026844026f fix: condition in sharpersist rule 2022-09-21 18:04:18 +02:00
Florian Roth 61a4a48ac0 fix: CommandLine field types 2022-09-21 18:02:42 +02:00
Florian Roth 8e011540b0 rule: createdump renamed 2022-09-21 16:30:47 +02:00
phantinuss b7f20b884c fix: FPs from new evtx-baseline 2022-09-21 13:51:19 +02:00
Nasreddine Bencherchali 4a74129048 Fix after review 2022-09-21 13:12:21 +02:00
Nasreddine Bencherchali d9cd98838f Add descriptions 2022-09-21 12:02:15 +02:00
Nasreddine Bencherchali 59530f49d4 Fix more FP in testing 2022-09-21 11:53:39 +02:00
Veramine 5fbebce703 Update proc_creation_win_commandline_path_traversal_evasion.yml 
Removed extra space after the hyphen
 2022-09-20 21:45:45 -07:00
Veramine 411d79017e Update proc_creation_win_commandline_path_traversal_evasion.yml 
Changed to simpler CommandLine|contains and updated modified date.
 2022-09-20 21:33:16 -07:00
frack113 d8dcddea25 Merge pull request #3513 from gs3cl/gsec-mod 
new rule for the winpeas tool
 2022-09-21 06:20:28 +02:00
Veramine fda2ca4308 Update proc_creation_win_commandline_path_traversal_evasion.yml 
Fix FP with Citrix launcher
 2022-09-20 17:20:19 -07:00
Florian Roth 83fbd7f258 Update proc_creation_win_winpeas_tool.yml 2022-09-20 17:45:13 +02:00
Florian Roth cb09f9d522 Update proc_creation_win_winpeas_tool.yml 2022-09-20 17:44:56 +02:00
Nasreddine Bencherchali 2f7a54cc31 Fix FP 2022-09-20 11:20:33 +02:00
gs3cl 137653f08a fix format and delete 'OriginalFileName' 2022-09-20 11:04:12 +02:00
gs3cl 9e589736c2 Update proc_creation_win_winpeas_tool.yml 2022-09-19 23:23:28 +02:00
gs3cl 9bfd2c729f change condition and format 2022-09-19 23:00:02 +02:00
gs3cl 86a4f24ce8 del "domain" under CommandLine 2022-09-19 22:36:18 +02:00
gs3cl d8e806cf93 Update falsepositives and format 2022-09-19 21:17:32 +02:00
gs3cl 44a4991419 Update and rename proc_creation_detect_execution_of_winPEAS.yml to proc_creation_win_winpeas_tool.yml 2022-09-19 21:00:59 +02:00
gs3cl 52eae2c92b new rule for winpeas tool 2022-09-19 20:25:18 +02:00
Florian Roth cab32f2be4 Merge pull request #3510 from SigmaHQ/aurora-false-positive-fixing 
Windows 2022 false positive fixing
 2022-09-18 16:50:34 +02:00
Florian Roth bf660b2de2 fix: FPs (testing, and Windows 2022 test system) 2022-09-18 16:21:05 +02:00
tr0mb1r 8b60317e2e Microsoft Teams Suspicious ObjectAccess events (#3500) 2022-09-17 08:47:35 +02:00
Florian Roth 1264429681 Merge pull request #3499 from nasbench/linux-rules-update 
Linux Rules Update
 2022-09-16 21:13:19 +02:00
phantinuss bbc4aa3298 improve detection rate 2022-09-16 16:40:41 +02:00
nasreddine.bencherchali@nextron-systems.com 7f3158d09e Fix after review 2022-09-16 11:47:19 +02:00
Florian Roth cb55ed9f93 Merge pull request #3496 from krestinichev/add-new-rule 
Add new rule: proc_creation_disable_SEP
 2022-09-16 10:37:02 +02:00
Florian Roth c2256845b2 refactor: renamed and changed title 2022-09-16 09:45:56 +02:00
nasreddine.bencherchali@nextron-systems.com 7a5017696f Add more flag to curl windows rule 2022-09-16 09:23:15 +02:00
Florian Roth b4376ea580 refactor: CRLF to LF 2022-09-16 09:22:21 +02:00