security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
9,072 Commits 1 Branch 57 Tags
e43d7f7e0ef10d76e05eb2fa62045bc4e6f03f27
Commit Graph

6798 Commits

Author SHA1 Message Date
Florian Roth 0903b667c1 Merge pull request #2356 from SigmaHQ/aurora-false-positive-fixing 
Aurora false positive fixing
 2021-12-01 15:10:50 +01:00
Florian Roth f75ffb6141 Merge pull request #2358 from SigmaHQ/rule-devel 
rules: addition to APT UserAgents, new: NPPSpy Hacktool Usage
 2021-12-01 15:10:17 +01:00
Florian Roth 7fad4768e4 rule: APT UA - new user agent 2021-12-01 14:20:05 +01:00
Florian Roth 6b7206ca2a fix: print driver FP 2021-12-01 14:14:53 +01:00
Florian Roth 5a01a88af1 fix: FPs with FileStream events 2021-12-01 14:10:56 +01:00
Florian Roth 4a136fdce6 simplified condition 2021-12-01 14:06:09 +01:00
Florian Roth f2199eacad fix: FPs noticed with Aurora 2021-12-01 13:39:53 +01:00
frack113 b71c2d7a07 Merge pull request #2355 from mgreen27/master 
Update win_renamed_binary.yml
 2021-12-01 08:12:08 +01:00
frack113 80a1b02fe5 Update win_renamed_binary.yml 2021-12-01 06:54:30 +01:00
frack113 25e9a6d13c Merge pull request #2352 from frack113/provider_name 
Add Provider Name to system and security channel
 2021-12-01 06:53:30 +01:00
Matthew Green 0384f8fb52 Update win_renamed_binary.yml 2021-12-01 15:07:06 +11:00
Florian Roth 6d155ad2ce fix: simplified and extended rule 2021-11-30 20:12:07 +01:00
Florian Roth 149f2d509a Merge pull request #2354 from SigmaHQ/aurora-false-positive-fixing 
Aurora false positive fixing
 2021-11-30 20:07:09 +01:00
Florian Roth 9b235f6873 fix: Granted Access 0x410 in different rules 2021-11-30 19:20:37 +01:00
Florian Roth e89646a696 Merge branch 'aurora-false-positive-fixing' of https://github.com/SigmaHQ/sigma into aurora-false-positive-fixing 2021-11-30 19:15:20 +01:00
Florian Roth 112c3522d8 fix: FPs noticed with Aurora 2021-11-30 19:14:49 +01:00
frack113 24d73a5f8a Add definition info 2021-11-30 15:10:36 +01:00
frack113 5c1b3f8362 Add Provider_Name 2021-11-30 15:03:53 +01:00
Florian Roth a4a2654050 Merge pull request #2349 from redsand/fix_xor_false_positive 
adding false positive filter for amazon ssm-document-worker
 2021-11-30 14:11:34 +01:00
frack113 03e549e335 Fix FP Kaspersky Security Center Web Console 2021-11-30 10:36:12 +01:00
frack113 e54bd6b03c Fix TrendMicro OSCE FP 2021-11-30 10:16:35 +01:00
Florian Roth 20b5c0bb5d Merge pull request #2347 from redsand/sysmon_logon_scripts_userinitmprlogonscript_proc 
Sysmon logon scripts userinitmprlogonscript proc
 2021-11-29 23:25:16 +01:00
Florian Roth 2da59406b7 Merge pull request #2344 from frack113/dfir_20211129 
add win_pc_susp_regsvr32_image
 2021-11-29 23:24:45 +01:00
Tim Shelton 0c283ab767 adding false positive filter for amazon ssm-document-worker 2021-11-29 21:51:19 +00:00
Florian Roth ca77ec42cc Merge pull request #2346 from redsand/fp_powershell_malicious_commandlets 
adding amazon ec2 to list of false positives for powershell cmdlet detection
 2021-11-29 22:33:39 +01:00
Tim Shelton 422a579aca Merge branch 'sysmon_logon_scripts_userinitmprlogonscript_proc' of https://github.com/redsand/sigma into sysmon_logon_scripts_userinitmprlogonscript_proc 2021-11-29 19:59:38 +00:00
Tim Shelton c20a6daa73 adding wildcard to netlogon to be a bit more inclusive. 2021-11-29 19:59:26 +00:00
Tim Shelton 48a45b06eb fixing format 2021-11-29 19:23:31 +00:00
Tim Shelton f0c6dbdc84 adding amazon ec2 to list of false positives 2021-11-29 19:20:00 +00:00
Florian Roth 9209051f94 fix: FPs noticed with Aurora 2021-11-29 18:25:34 +01:00
Florian Roth b8985a222f fix: FPs noticed with Aurora 2021-11-29 16:13:24 +01:00
frack113 09712e7388 add win_pc_susp_regsvr32_image 2021-11-29 16:05:53 +01:00
Florian Roth 97d2ce0297 NPPSpy file creation rule 2021-11-29 16:03:03 +01:00
Florian Roth 4d7fd953a5 revert change to filters in dbghelp/dbgcore rule 2021-11-29 15:47:50 +01:00
Florian Roth dcf9d8c828 fix: FPs noticed with Aurora 2021-11-29 15:38:43 +01:00
Florian Roth 17d6528f41 Merge branch 'master' into aurora-false-positive-fixing 2021-11-29 13:09:38 +01:00
Florian Roth 80485d94f2 docs: Tscon description change 2021-11-29 13:07:39 +01:00
Florian Roth 1ab0dd7100 Merge branch 'rule-devel' of https://github.com/SigmaHQ/sigma into rule-devel 2021-11-29 11:40:47 +01:00
Florian Roth ede058b4fd Update win_malware_emotet.yml 2021-11-29 11:38:28 +01:00
Florian Roth 820cc0ccf8 Merge branch 'master' into rule-devel 2021-11-29 11:00:25 +01:00
Florian Roth ef7810fa8b fix: fixing issues with wildcard symbol 
https://github.com/SigmaHQ/sigma/issues/2339
 2021-11-29 10:57:01 +01:00
Florian Roth 47d8de37b7 Merge pull request #2340 from SigmaHQ/rule-devel 
rule: whoami as parameter
 2021-11-29 10:56:03 +01:00
Florian Roth 10db577863 rule: whoami as parameter 2021-11-29 09:55:56 +01:00
Florian Roth 142437d9dc fix: FPs noticed with Aurora 2021-11-28 14:57:54 +01:00
Florian Roth e41c195ca5 Merge pull request #2335 from SigmaHQ/aurora-false-positive-fixing 
Aurora false positive fixing
 2021-11-28 10:03:48 +01:00
Florian Roth 19aa434cbd fix: update modified date 2021-11-28 01:17:09 +01:00
Florian Roth 8f22165f26 fix: FPs noticed with Aurora 2021-11-28 01:16:18 +01:00
Florian Roth 330fcf485c Merge branch 'master' into promote_status 2021-11-27 17:15:56 +01:00
Florian Roth 1fd729c619 Merge pull request #2334 from SigmaHQ/aurora-false-positive-fixing 
Aurora false positive fixing
 2021-11-27 17:15:12 +01:00
frack113 9b27955dd7 Restore status 2021-11-27 16:09:33 +01:00