security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,899 Commits 1 Branch 57 Tags
e228d42b97b89eec45ace3974cbee2b83a7b9fbc
Commit Graph

2899 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
vunx2 e228d42b97 clean IP subnet 2020-03-18 16:49:44 +07:00
vunx2 1df5620a14 fix cleanValue + leading wildcard + EventID Intergration 2020-03-18 16:02:44 +07:00
vunx2 b070ffab74 Merge branch 'master' of https://github.com/Neo23x0/sigma 2020-03-03 10:08:31 +07:00
Thomas Patzke b63889af75 Fixed rules that likely will cause false negatives by fix 2020-03-01 23:14:53 +01:00
Thomas Patzke 01bd5cf0e0 Merge branch 'issue-645' 2020-03-01 22:41:13 +01:00
Thomas Patzke 0a62b8747e Merge pull request #634 from EccoTheFlintstone/fp_fix3 
Rule: restore initial behaviour matching single word with spaces on each side
 2020-03-01 22:40:24 +01:00
Thomas Patzke a0f7da8c03 Splunk XML backend rule title 
Fixes #645
 2020-03-01 22:23:35 +01:00
Florian Roth a557c727dd Merge pull request #644 from Neo23x0/devel 
Devel
 2020-02-29 16:17:12 +01:00
Florian Roth 19d383989c fix: keyword expression in rule 2020-02-29 16:03:31 +01:00
Florian Roth 15a400ac51 fix: fixing bug in rule 2020-02-29 15:51:00 +01:00
Florian Roth fa6458b70f rule: two rules to detect CVE-2020-0688 exploitation 2020-02-29 15:45:45 +01:00
Florian Roth fdcba84fc8 fix: escaped backslash 2020-02-29 10:12:59 +01:00
vunx2 58f5fa1b8e change to github 2020-02-28 16:56:48 +07:00
vunx2 139600009b conflict 2020-02-28 16:50:30 +07:00
Florian Roth 9e86170d79 Merge pull request #641 from NVISO-BE/web_exchange_cve_2020_0688_exploit 
CVE 2020-0688 Exploit attempt rule
 2020-02-27 13:34:05 +01:00
Remco Hofman 4f45e14a56 Match on c-uri instead of c-uri-path 2020-02-27 13:23:25 +01:00
Remco Hofman ff35eb0052 Title capitalization 2020-02-27 12:56:56 +01:00
Remco Hofman 72e34d2aa5 CVE 2020-0688 Exploit attempt rule 2020-02-27 12:51:10 +01:00
Florian Roth f88225dd2a Merge pull request #640 from Neo23x0/devel 
fix: broader exclusion for rule - OneDrive false positives
 2020-02-26 18:41:52 +01:00
Florian Roth 6bbd80a8ee fix: broader exclusion for rule - OneDrive false positives 2020-02-26 18:31:58 +01:00
Florian Roth ada0edb822 Merge pull request #621 from wagga40/new_koadic_rule 
New Koadic detection rule
 2020-02-26 13:25:03 +01:00
Florian Roth 0ba6874645 Merge pull request #638 from Neo23x0/devel 
Several false positives with new rules
 2020-02-26 09:46:02 +01:00
Florian Roth 1c90d6badd level increased 2020-02-26 09:42:31 +01:00
Florian Roth c8afd4a16b Merge pull request #637 from tjgeorgen/patch-1 
fix missing status & description in status field
 2020-02-26 09:40:55 +01:00
Florian Roth 031e6d3ee6 Merge pull request #635 from EccoTheFlintstone/fix_fp4 
wmiprvse subprocess: add fallback check on username instead of only l…
 2020-02-26 09:40:34 +01:00
Florian Roth 4f3e3166d3 fixing false positives 2020-02-26 09:33:55 +01:00
Florian Roth 82d2b1e6f0 Merge branch 'master' into devel 
# Conflicts:
#	rules/windows/process_creation/win_susp_squirrel_lolbin.yml
 2020-02-26 09:27:48 +01:00
Florian Roth e7aff17e72 FP: OneDrive setup 2020-02-26 09:26:19 +01:00
Tom Georgen 74f3fe70cc fix missing status & description in status field 2020-02-25 16:30:41 -05:00
Thomas Patzke 65444f7a77 Release 0.16.0 0.16.0 2020-02-25 22:19:52 +01:00
Thomas Patzke 4e42bebb34 Merge branch 'socprime-master' 2020-02-25 21:32:59 +01:00
Florian Roth a152853ac3 Merge pull request #624 from Antonlovesdnb/master 
New rules for Macro Detections
 2020-02-25 15:44:31 +01:00
Antonlovesdnb e8b861bff4 Update sysmon_susp_winword_vbadll_load.yml 2020-02-25 09:24:29 -05:00
Antonlovesdnb 4c5d489428 Update sysmon_susp_office_kerberos_dll_load.yml 2020-02-25 09:23:52 -05:00
Antonlovesdnb f92e2f2b18 Update sysmon_susp_office_dotnet_assembly_dll_load.yml 2020-02-25 09:23:22 -05:00
Antonlovesdnb 8141b1ae90 Update sysmon_susp_office_dsparse_dll_load.yml 2020-02-25 09:22:56 -05:00
Antonlovesdnb 45e4a585bf Update sysmon_susp_office_dotnet_gac_dll_load.yml 2020-02-25 09:22:37 -05:00
Antonlovesdnb c5b42aeaed Update sysmon_susp_office_dotnet_clr_dll_load.yml 2020-02-25 09:19:03 -05:00
Antonlovesdnb bb1eecfe14 Update sysmon_susp_office_dotnet_assembly_dll_load.yml 2020-02-25 09:17:33 -05:00
Florian Roth dd1a0e764c docs: more false positive conditions 2020-02-25 11:13:58 +01:00
Florian Roth 950fa18418 fix: changed titles to avoid duplicates 2020-02-25 11:12:47 +01:00
Florian Roth 5d96f81a84 fix: lowered level due to false positives 2020-02-25 11:12:11 +01:00
Florian Roth 8f7ee21d5c docs: detection rule license 2020-02-25 11:09:10 +01:00
Thomas Patzke 5a2ccbd040 Fixed ArcSight backend visibility 2020-02-24 23:27:22 +01:00
Thomas Patzke 6236429f3d Added/changed CI tests 2020-02-24 23:21:11 +01:00
Thomas Patzke 5b42135935 Added es-rule backend to all ES configurations 2020-02-24 23:20:48 +01:00
Thomas Patzke d9b48ea747 Fixes in es-rule backend 2020-02-24 23:20:19 +01:00
Thomas Patzke 4ee2c2762e Sorting of backend and configuration lists 2020-02-24 22:59:59 +01:00
Thomas Patzke 4ac6ddc8ef Merge branch 'changelog' 2020-02-24 22:35:41 +01:00
Thomas Patzke fa717233a9 Updated changelog 2020-02-24 22:30:36 +01:00