security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
9,072 Commits 1 Branch 57 Tags
e43d7f7e0ef10d76e05eb2fa62045bc4e6f03f27
Commit Graph

9072 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Florian Roth e43d7f7e0e Merge pull request #2357 from redsand/hawk_backend_fix_added_double_backslash_from_sigmac 
Fixing added backslashes that are generated by sigma backend
 2021-12-01 15:11:32 +01:00
Florian Roth 0903b667c1 Merge pull request #2356 from SigmaHQ/aurora-false-positive-fixing 
Aurora false positive fixing
 2021-12-01 15:10:50 +01:00
Florian Roth f75ffb6141 Merge pull request #2358 from SigmaHQ/rule-devel 
rules: addition to APT UserAgents, new: NPPSpy Hacktool Usage
 2021-12-01 15:10:17 +01:00
Tim Shelton 6927b0e69f Fixing added backslashes that are generated by sigma backend 2021-12-01 13:29:15 +00:00
Florian Roth 7fad4768e4 rule: APT UA - new user agent 2021-12-01 14:20:05 +01:00
Florian Roth 6b7206ca2a fix: print driver FP 2021-12-01 14:14:53 +01:00
Florian Roth 5a01a88af1 fix: FPs with FileStream events 2021-12-01 14:10:56 +01:00
Florian Roth 4a136fdce6 simplified condition 2021-12-01 14:06:09 +01:00
Florian Roth f2199eacad fix: FPs noticed with Aurora 2021-12-01 13:39:53 +01:00
frack113 b71c2d7a07 Merge pull request #2355 from mgreen27/master 
Update win_renamed_binary.yml
 2021-12-01 08:12:08 +01:00
frack113 80a1b02fe5 Update win_renamed_binary.yml 2021-12-01 06:54:30 +01:00
frack113 25e9a6d13c Merge pull request #2352 from frack113/provider_name 
Add Provider Name to system and security channel
 2021-12-01 06:53:30 +01:00
Matthew Green 0384f8fb52 Update win_renamed_binary.yml 2021-12-01 15:07:06 +11:00
Florian Roth 6d155ad2ce fix: simplified and extended rule 2021-11-30 20:12:07 +01:00
Florian Roth 149f2d509a Merge pull request #2354 from SigmaHQ/aurora-false-positive-fixing 
Aurora false positive fixing
 2021-11-30 20:07:09 +01:00
frack113 ed088f5c43 Merge pull request #2353 from frack113/zircolite 
Add zircolite config
 2021-11-30 19:54:21 +01:00
Florian Roth 9b235f6873 fix: Granted Access 0x410 in different rules 2021-11-30 19:20:37 +01:00
Florian Roth e89646a696 Merge branch 'aurora-false-positive-fixing' of https://github.com/SigmaHQ/sigma into aurora-false-positive-fixing 2021-11-30 19:15:20 +01:00
Florian Roth 112c3522d8 fix: FPs noticed with Aurora 2021-11-30 19:14:49 +01:00
frack113 00560f3162 Add zircolite config 2021-11-30 19:10:14 +01:00
frack113 24d73a5f8a Add definition info 2021-11-30 15:10:36 +01:00
frack113 5c1b3f8362 Add Provider_Name 2021-11-30 15:03:53 +01:00
Florian Roth a4a2654050 Merge pull request #2349 from redsand/fix_xor_false_positive 
adding false positive filter for amazon ssm-document-worker
 2021-11-30 14:11:34 +01:00
Florian Roth 69be18d343 Merge pull request #2351 from frack113/antimalware 
Antimalware FP
 2021-11-30 14:10:51 +01:00
frack113 03e549e335 Fix FP Kaspersky Security Center Web Console 2021-11-30 10:36:12 +01:00
frack113 e54bd6b03c Fix TrendMicro OSCE FP 2021-11-30 10:16:35 +01:00
Florian Roth 20b5c0bb5d Merge pull request #2347 from redsand/sysmon_logon_scripts_userinitmprlogonscript_proc 
Sysmon logon scripts userinitmprlogonscript proc
 2021-11-29 23:25:16 +01:00
Florian Roth 2da59406b7 Merge pull request #2344 from frack113/dfir_20211129 
add win_pc_susp_regsvr32_image
 2021-11-29 23:24:45 +01:00
Tim Shelton 0c283ab767 adding false positive filter for amazon ssm-document-worker 2021-11-29 21:51:19 +00:00
Florian Roth ca77ec42cc Merge pull request #2346 from redsand/fp_powershell_malicious_commandlets 
adding amazon ec2 to list of false positives for powershell cmdlet detection
 2021-11-29 22:33:39 +01:00
Tim Shelton 422a579aca Merge branch 'sysmon_logon_scripts_userinitmprlogonscript_proc' of https://github.com/redsand/sigma into sysmon_logon_scripts_userinitmprlogonscript_proc 2021-11-29 19:59:38 +00:00
Tim Shelton c20a6daa73 adding wildcard to netlogon to be a bit more inclusive. 2021-11-29 19:59:26 +00:00
Tim Shelton 48a45b06eb fixing format 2021-11-29 19:23:31 +00:00
Tim Shelton f0c6dbdc84 adding amazon ec2 to list of false positives 2021-11-29 19:20:00 +00:00
Florian Roth a11cd58cec Merge pull request #2345 from SigmaHQ/aurora-false-positive-fixing 
fix: FPs noticed with Aurora
 2021-11-29 20:00:35 +01:00
Florian Roth 9209051f94 fix: FPs noticed with Aurora 2021-11-29 18:25:34 +01:00
Florian Roth 182a4c2506 Merge pull request #2343 from SigmaHQ/aurora-false-positive-fixing 
Aurora false positive fixing
 2021-11-29 17:17:10 +01:00
Florian Roth b8985a222f fix: FPs noticed with Aurora 2021-11-29 16:13:24 +01:00
frack113 09712e7388 add win_pc_susp_regsvr32_image 2021-11-29 16:05:53 +01:00
Florian Roth 97d2ce0297 NPPSpy file creation rule 2021-11-29 16:03:03 +01:00
Florian Roth 4d7fd953a5 revert change to filters in dbghelp/dbgcore rule 2021-11-29 15:47:50 +01:00
Florian Roth dcf9d8c828 fix: FPs noticed with Aurora 2021-11-29 15:38:43 +01:00
Florian Roth 17d6528f41 Merge branch 'master' into aurora-false-positive-fixing 2021-11-29 13:09:38 +01:00
Florian Roth c67624da77 Merge branch 'master' into rule-devel 2021-11-29 13:09:01 +01:00
Florian Roth 80485d94f2 docs: Tscon description change 2021-11-29 13:07:39 +01:00
Florian Roth bab7ae8c7f Merge pull request #2342 from SigmaHQ/rule-devel 
Updated Emotet rule
 2021-11-29 12:28:11 +01:00
Florian Roth 1ab0dd7100 Merge branch 'rule-devel' of https://github.com/SigmaHQ/sigma into rule-devel 2021-11-29 11:40:47 +01:00
Florian Roth ede058b4fd Update win_malware_emotet.yml 2021-11-29 11:38:28 +01:00
Florian Roth 2fcc5f6c27 Merge pull request #2341 from SigmaHQ/rule-devel 
fix: fixing issues with wildcard symbol
 2021-11-29 11:38:16 +01:00
Florian Roth 820cc0ccf8 Merge branch 'master' into rule-devel 2021-11-29 11:00:25 +01:00