security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,246 Commits 1 Branch 57 Tags
e248012783f396fb202d30baa3e3370c00a82e23
Commit Graph

4246 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Thomas Patzke e248012783 Release 0.19 0.19 2021-02-23 21:27:14 +01:00
Thomas Patzke 5cfd837776 Removed irrelevant type check in fieldlist backend 
Fixes issue #1351
 2021-02-23 21:15:29 +01:00
Thomas Patzke 74ae89833f Added long description to PyPI distribution 2021-02-23 21:06:25 +01:00
Florian Roth c38e998846 Merge pull request #1356 from roysjosh/master 
fix: case in level
 2021-02-23 09:37:36 +01:00
Joshua Roys 025a17e44b fix: case in level 
Otherwise es-rule ends up with a null risk_score and invalid severity.
 2021-02-22 21:34:06 -05:00
Florian Roth 96803a5a27 Merge pull request #1355 from Neo23x0/rule-devel 
Rule devel
 2021-02-22 17:46:21 +01:00
Florian Roth 94035e1e11 fix: error in condition 2021-02-22 17:30:11 +01:00
Florian Roth 749789c17d fix: condition in eventlog rule 2021-02-22 17:24:19 +01:00
Florian Roth aea03076c2 rule: simplified rule 2021-02-22 17:19:14 +01:00
Florian Roth 43b2ad580f rule: DEWMODE webshell 2021-02-22 17:15:32 +01:00
Florian Roth f834862833 Merge pull request #1107 from vburov/patch-10 
Update win_susp_eventlog_cleared.yml
 2021-02-18 11:19:53 +01:00
Florian Roth a6684c66d6 Merge pull request #1110 from vburov/patch-11 
Update win_disable_event_logging.yml
 2021-02-18 11:18:32 +01:00
Florian Roth f62fc2e889 Merge pull request #1341 from d4rk-d4nph3/master 
Added rule for TerraMaster TOS CVE-2020-28188
 2021-02-18 11:17:48 +01:00
Florian Roth 786a799c3f Merge pull request #1345 from blueteam0ps/patch-2 
Created win_sus_auditpol_usage.yml
 2021-02-18 11:17:04 +01:00
Florian Roth 76e6f38215 Merge pull request #1348 from bartlomiej-czyz/patch-1 
Create win_metasploit_or_impacket_smb_psexec_service_install.yaml
 2021-02-18 11:14:40 +01:00
Florian Roth 089a931007 rule: ScreenConnect remote access 2021-02-11 13:04:16 +01:00
Florian Roth 4c2691d3c3 rule: disable windows eventlog 2021-02-11 12:28:52 +01:00
Florian Roth 18f2e32774 Domestic Kitten Furball malware pattern 2021-02-08 17:52:55 +01:00
bartlomiej-czyz b771fb0c55 Change win_metasploit_or_impacket_smb_psexec_service_install.yml severity level 2021-02-08 12:45:59 +01:00
Florian Roth da570ba173 Merge pull request #1217 from noraj/patch-2 
readme: package in linux distros
 2021-02-08 09:29:08 +01:00
Florian Roth 08a5f400ba Update README.md 2021-02-07 15:27:59 +01:00
Florian Roth 8ae8c213a9 Merge pull request #1337 from architect00/master 
rule: scheduled task deletion
 2021-02-07 15:26:13 +01:00
Florian Roth 10d440eb15 Merge pull request #1349 from bartlomiej-czyz/patch-2 
Create win_rundll32_without_parameters.yml
 2021-02-07 15:21:45 +01:00
Florian Roth 12054544bb Merge pull request #1350 from Christopolos94/master 
Updated fields to align with MS Advanced Threat Hunting Schema.
 2021-02-04 13:23:38 +01:00
Chris Brake 4aa7505b40 Updated fields to align with MS Advanced Threat Hunting Schema. Standardised and sorted fields across schemas. 2021-02-04 11:54:29 +00:00
bartlomiej-czyz ae15cef5e7 Rename .yaml to .yml 2021-02-03 22:20:48 +01:00
bartlomiej-czyz e79168ee56 Create win_rundll32_without_parameters.yml 2021-02-03 22:18:23 +01:00
bartlomiej-czyz 3e9c177c65 Create win_metasploit_or_impacket_smb_psexec_service_install.yaml 2021-02-03 22:16:21 +01:00
BlueTeamOps c3c706503e Update win_sus_auditpol_usage.yml 2021-02-02 22:24:54 +11:00
BlueTeamOps b0d0bb95b0 Created win_sus_auditpol_usage.yml 
This adds detection for suspicious behaviour of the auditpol binary
 2021-02-02 19:12:13 +11:00
Bhabesh Rai a8d33171d7 Fixed c-uri 2021-02-02 10:23:47 +05:45
Florian Roth 309e15dc5c rule: add call by ordinal 2021-02-01 20:16:31 +01:00
Florian Roth 597633c938 rule: ShimCache Flush 2021-02-01 20:05:28 +01:00
Florian Roth e80e4b210f fix: missing global action and sections 2021-02-01 20:00:17 +01:00
Florian Roth 2c48d2b0bb fix: missing global action and sections 2021-02-01 20:00:06 +01:00
Thomas Patzke 9eafc8d6a5 Merge pull request #1342 from k3mpaxl/master 
Fixing Qradar implementation for creating valid AQL queries
 2021-02-01 19:58:39 +01:00
Bhabesh Rai 63e2f4bbce Added rule for Sudo CVE-2021-3156 Exploitation Attempt 2021-02-01 23:08:45 +05:45
Florian Roth 179db920ec Merge pull request #1343 from Neo23x0/rule-devel 
Rule devel
 2021-02-01 12:28:22 +01:00
Florian Roth aaeb72a2b6 fix: FPs 2021-02-01 11:47:23 +01:00
Florian Roth 33fee6af8b rule: security product uninstallation 2021-01-30 11:24:08 +01:00
Florian Roth e533b4effb fix: tags 2021-01-28 13:51:51 +01:00
Florian Roth cd4491cba2 rule: disable volume snaptshots 2021-01-28 13:48:30 +01:00
Gregor 921ebf7445 Optimizing Qradar query generation in cases where field definitions are missing 2021-01-26 15:24:44 +01:00
Gregor ac3730d2fa Fixing Qradar implementation for create valid AQL queries 2021-01-25 15:37:05 +01:00
Florian Roth 6b9eef58da Merge pull request #1338 from Neo23x0/rule-devel 
Improved UNC2452 activity rules
 2021-01-25 14:36:44 +01:00
Florian Roth 7d99a48bb2 rule: new Quakbot pattern 2021-01-25 12:03:30 +01:00
Florian Roth a4bec724a6 rule: SonicWall exploitation 2021-01-25 11:54:23 +01:00
Bhabesh Rai 465ab713b0 Added rule for TerraMaster TOS CVE-2020-28188 2021-01-25 13:01:27 +05:45
Thomas Patzke 72468e671f Merge pull request #1340 from WuerthIT/bugfix_field_support 
bugfix field support
 2021-01-22 16:58:45 +01:00
Florian Roth e34bed0f76 Merge pull request #1339 from WuerthIT/fix_for_pcap_rule 
fix service from system to security for rule win_pcap_drivers.yml
 2021-01-22 16:15:23 +01:00