security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,511 Commits 1 Branch 57 Tags
e91fc4486e57fc40e30d12253694de4c80a9e4ea
Commit Graph

28 Commits

Author SHA1 Message Date
Florian Roth e3839ac282 removed: overlapping, unharmonised rule 
already covered in 04f5363a-6bca-42ff-be70-0d28bf629ead
 2022-03-22 09:58:29 +01:00
frack113 becf3baeb4 Merge pull request #2813 from phantinuss/master 
Changes to falsepositives metadata
 2022-03-17 14:31:27 +01:00
Tim Shelton c58f3d0351 Filtering of symantec submission for analysis 2022-03-16 19:07:15 +00:00
phantinuss 043747822f fix: more falsepositives harmonization 2022-03-16 14:57:06 +01:00
phantinuss 4585133325 fix: remove penetration testing as a valid false positive 2022-03-16 13:51:26 +01:00
phantinuss b23eee6ebf fix: unknown --> Unknown 2022-03-16 13:43:54 +01:00
markus-nclose 4c2a3c3036 CobaltStrike typo 
This typo keeps sneaking back in - critical for detection. 
Spelling correct according to https://www.nextron-systems.com/wp-content/uploads/2018/09/Antivirus_Event_Analysis_CheatSheet_1.5-2.pdf
 2022-02-02 07:31:48 +02:00
frack113 43690233fb Merge pull request #2572 from zeronetworks/master 
feat(rules): Adding rules for the rpc_firewall
 2022-01-24 18:18:22 +01:00
sagiezero 83afc12875 fix(rules): changed "product" and "service" to suggested values. 2022-01-23 09:44:24 +02:00
frack113 eb22807ddc Order rules 2022-01-20 22:06:55 +01:00
sagiezero 929711f5c1 fix(rules): missed stuff from previous fix 2022-01-20 17:27:47 +02:00
sagiezero eb5578fa33 fix(rules): fixed capital in rule names, removed unknown mitre tags, removed unknown tag in logsource. 2022-01-20 16:53:01 +02:00
frack113 b7b95f9055 Order application folder 2022-01-20 14:57:57 +01:00
sagiezero c76443051a feat(rules): changing location to "application" folder 2022-01-20 11:57:10 +02:00
frack113 01dc930c17 Change status for old rules 2021-11-27 11:33:14 +01:00
Mike Wade 52ab677798 Fixed my git issue 2020-09-13 22:03:04 -06:00
aw350m3 b00047a4e8 att&ck tags review: application, apt, cloud, generic, proxy 2020-09-03 14:16:54 +00:00
Florian Roth d42e87edd7 fix: fixed casing and long rule titles 2020-01-30 17:26:09 +01:00
Florian Roth efd3af0812 fix: fixed missing date fields in other files 2020-01-30 15:32:39 +01:00
Thomas Patzke 0592cbb67a Added UUIDs to rules 2019-11-12 23:12:27 +01:00
Thomas Patzke 788111f174 Fixes for Elasticsearch query correctness CI tests 
* Quoting in rule
* Reading queries without special processing of backslashes

Unfortunately, backslashes still cause breaks caused by Bash handling of
them.
 2018-04-09 22:33:29 +02:00
SherifEldeeb 48441962cc Change All "str" references to be "list"to mach schema update 2018-01-28 02:24:16 +03:00
SherifEldeeb 112a0939d7 Change "reference" to "references" to match new schema 2018-01-28 02:12:19 +03:00
Thomas Patzke 9adaf4c411 Cleanup 2017-12-07 16:21:02 +01:00
Thomas Patzke 9b65f250a8 Renamed rule file (typo) 2017-09-17 00:32:57 +02:00
Thomas Patzke 238f27fa0d Added OperationalError to relevant Python DB exceptions 2017-08-13 00:10:00 +02:00
Thomas Patzke 33b2ff16cf Rule for generic Python SQL exceptuons 
according to PEP 249
 2017-08-12 00:44:18 +02:00
Thomas Patzke 7ba62b791c Application security rules 
* reorganization into separate folder
* adding category
* minor tweaks
 2017-08-12 00:43:10 +02:00