security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,781 Commits 1 Branch 57 Tags
df60f30cc1ab92a4fed4de3e7ee733287c8499ce
Commit Graph

12781 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Florian Roth df60f30cc1 Update file_event_win_cred_dump_tools_dropped_files.yml 2022-09-27 00:21:09 +02:00
Florian Roth eeca6a898b fix: mitre attack tags 2022-09-21 18:16:02 +02:00
Florian Roth 2ffca9c8da fix: condition 2022-09-21 18:08:24 +02:00
Florian Roth 026844026f fix: condition in sharpersist rule 2022-09-21 18:04:18 +02:00
Florian Roth 61a4a48ac0 fix: CommandLine field types 2022-09-21 18:02:42 +02:00
Florian Roth 8e011540b0 rule: createdump renamed 2022-09-21 16:30:47 +02:00
Florian Roth 2fe25f3c80 rule: sharpersist usage 2022-09-15 16:50:34 +02:00
Florian Roth 22d0e22d14 rule: 3proxy usage, fix: rule - missing contains 2022-09-14 10:22:01 +02:00
Florian Roth 9f62270aff refactor: add dumpy tool 2022-09-13 13:38:44 +02:00
Florian Roth 37aed9ac3b docs: add link 2022-09-13 13:38:32 +02:00
Florian Roth 3a38b63fff refactor: chisel rules 2022-09-13 13:38:10 +02:00
Florian Roth 2d7e545cad fix: list with one element 2022-09-13 08:38:57 +02:00
Florian Roth c22974205f Merge branch 'master' into rule-devel 2022-09-13 08:07:35 +02:00
Florian Roth 61422ca237 rule: UAC Bypass via ICMLuaUtil 2022-09-13 08:07:15 +02:00
Florian Roth 072a9d73eb fix: changes to existing rules 2022-09-13 08:07:03 +02:00
Florian Roth 9b6c8afcc6 Merge pull request #3489 from qasimqlf/patch-4 
Tag added
 2022-09-12 11:24:07 +02:00
Qasim Qlf 1eaad811b6 tag added 2022-09-12 14:15:48 +05:00
frack113 4581b253f3 Merge pull request #3485 from elhoim/add_renamed_vmnat 
Add renamed vmnat rule
 2022-09-11 19:17:39 +02:00
David André 93da67b593 Update proc_creation_win_renamed_vmnat.yml 
Added accidentaly removed falsepositives
 2022-09-11 13:13:58 +02:00
David André 262f046351 Delete image_load_vmware_nondefault_path.yml 
File added in wrong branch
 2022-09-11 13:07:23 +02:00
David André 5656a3a50b Merge branch 'SigmaHQ:master' into add_renamed_vmnat 2022-09-11 13:06:21 +02:00
David ANDRE 3ae8cc84e4 Merge remote-tracking branch 'origin/add_renamed_vmnat' into add_renamed_vmnat 2022-09-11 12:46:35 +02:00
David ANDRE d73aac41d3 Changes based on advice 2022-09-11 12:44:54 +02:00
David ANDRE 5b0c8f60e2 Removed trailing space 2022-09-11 12:36:44 +02:00
David ANDRE 503a32ed86 Merge branch 'add_renamed_vmnat' of github.com:elhoim/sigma into add_renamed_vmnat 2022-09-11 12:35:21 +02:00
David ANDRE c98997390b Changes following advice 2022-09-11 12:35:05 +02:00
frack113 b9c7b79847 Merge pull request #3477 from elhoim/sigmac_deprecation_warning 
Added deprecating warning in sigmac with color
 2022-09-10 15:43:35 +02:00
frack113 6e529bb9c8 Merge pull request #3484 from elhoim/add_samtheadmin 
Add rule to detect samtheadmin computer name used by hacktool
 2022-09-10 12:34:51 +02:00
frack113 21435629a0 Merge pull request #3482 from nasbench/nasbench-rule-devel 
Rule Devel (New+Update)
 2022-09-10 12:34:26 +02:00
frack113 97cecc6de7 Merge pull request #3479 from elhoim/add_sigmac_deprecation_readme 
Add deprecation notice in README page
 2022-09-10 12:34:07 +02:00
Florian Roth e7084eee04 Merge pull request #3487 from SigmaHQ/aurora-false-positive-fixing 
fix: fixing multiple FPs with the use of VSCode
 2022-09-10 12:07:01 +02:00
Florian Roth 0a5cfb93b3 fix: condition 2022-09-10 11:53:42 +02:00
Florian Roth 7dbdd4d1c6 fix: fixing multiple FPs with the use of VSCode 2022-09-10 11:42:44 +02:00
Florian Roth a053be791c Update proc_creation_win_user_discovery_get_aduser.yml 2022-09-10 09:49:14 +02:00
Florian Roth a616647b08 lowered score of scheduled task + SYSTEM rule 2022-09-10 09:48:50 +02:00
Florian Roth 9ed14ce571 tightened the regular expression 2022-09-10 09:34:16 +02:00
Nasreddine Bencherchali 2552b75e72 Delete proc_creation_win_net_add_local_user.yml 2022-09-09 23:11:28 +02:00
Thomas Patzke 21c016b0ed Merge branch 'master' of https://github.com/SigmaHQ/sigma 2022-09-09 22:56:58 +02:00
Thomas Patzke c6e633bf30 Release 0.22.1 2022-09-09 22:48:08 +02:00
Thomas Patzke 7afcf24d21 Splunk puts AND always into parentheses 
New fix for issue #3443
 2022-09-09 22:30:00 +02:00
Thomas Patzke 3396414bda Revert "Wrapped all-modifier result into NodeSubexpression" 
This reverts commit 1fbd2bba4d.
 2022-09-09 22:26:13 +02:00
frack113 b9cc206d9d Update win_susp_computer_name.yml 2022-09-09 18:53:48 +02:00
frack113 3b8184a6b7 Merge pull request #3480 from phantinuss/master 
fix: FP with windows defender
 2022-09-09 18:49:37 +02:00
David André 2ed9e37a7e Merge branch 'SigmaHQ:master' into add_renamed_vmnat 2022-09-09 16:56:40 +02:00
David ANDRE 6c1761a7b7 Revert "Merge branch 'master' of github.com:elhoim/sigma" 
This reverts commit fc98278b19.
 2022-09-09 16:55:12 +02:00
David ANDRE 6182b43279 Add rule for renamed vmnat.exe 2022-09-09 16:40:17 +02:00
David ANDRE fc98278b19 Merge branch 'master' of github.com:elhoim/sigma 2022-09-09 16:12:59 +02:00
David ANDRE 9a77542bc6 Add comment to explain lack of eventID\nBetter description 2022-09-09 16:11:07 +02:00
Florian Roth 02edc2977c Merge pull request #3483 from elhoim/rename_suspicious2 
Renamed suspicious in rules file names to susp
 2022-09-09 16:09:42 +02:00
David ANDRE b170af5687 Added rule for sam the admin suspicious computer 2022-09-09 16:08:19 +02:00