security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,511 Commits 1 Branch 57 Tags
e91fc4486e57fc40e30d12253694de4c80a9e4ea
Commit Graph

41 Commits

Author SHA1 Message Date
Florian Roth e91fc4486e refactor: first bigger log source refactoring 
see discussion here: https://github.com/SigmaHQ/sigma/discussions/2835
 2022-03-22 17:58:29 +01:00
phantinuss 043747822f fix: more falsepositives harmonization 2022-03-16 14:57:06 +01:00
frack113 69413c26bb Update microsoft365_new_federated_domain_added.yml 2022-02-10 06:39:02 +01:00
Feathers 7cb55b1704 Create microsoft365_new_federated_domain_added.yml 2022-02-08 10:31:47 +01:00
frack113 73f258e2d1 Change double quote to quote 2022-01-06 14:02:35 +01:00
frack113 01dc930c17 Change status for old rules 2021-11-27 11:33:14 +01:00
frack113 3430943746 standardization 2021-11-09 07:27:25 +01:00
Austin Songer 62f2affd03 Spelling fix 2021-08-24 14:15:50 +00:00
Austin Songer c0e58d3c27 Update 2021-08-23 23:00:58 +00:00
Austin Songer 29e1ce7e8f Update 2021-08-23 22:50:39 +00:00
Austin Songer ad892eb239 Update 2021-08-23 22:46:37 +00:00
Austin Songer 84944cf849 Update 2021-08-23 22:30:11 +00:00
Austin Songer 53482b7e9c Update 2021-08-23 22:19:41 +00:00
Austin Songer 754158bfd2 Update 2021-08-23 22:18:12 +00:00
Austin Songer da69b2f531 Update 2021-08-23 22:09:27 +00:00
Austin Songer 595bd3b80f Updated 2021-08-23 22:07:09 +00:00
Austin Songer 1fa32fcd1a Update 2021-08-23 22:02:47 +00:00
Austin Songer 4ab9519546 Update 2021-08-23 18:59:07 +00:00
Austin Songer 8e4b8f45dd Update 2021-08-23 18:57:17 +00:00
Austin Songer a5c551ad61 Merge branch '365' of https://github.com/austinsonger/sigma into 365 2021-08-23 18:55:40 +00:00
Austin Songer 41786a1b63 In-Progress 2021-08-23 18:55:29 +00:00
Austin Songer 3d151ef9f1 Update microsoft365_logon_from_risky_ip_address.yml 2021-08-23 12:59:53 -05:00
Austin Songer 23e96712f8 Update microsoft365_data_exfiltration_to_unsanctioned_app.yml 2021-08-23 12:59:44 -05:00
Austin Songer 1834324a16 Update 2021-08-23 17:33:57 +00:00
Austin Songer 7d211f2487 Data exfiltration to unsanctioned apps 2021-08-23 17:33:00 +00:00
Austin Songer ae84559488 M365 - Risky IP Addresses 2021-08-23 17:18:16 +00:00
frack113 dbbb422a42 Merge pull request #1885 from austinsonger/microsoft365_unusual_volume_of_file_deletion.yml 
microsoft365_unusual_volume_of_file_deletion.yml
 2021-08-20 17:20:43 +02:00
frack113 34ac3587e9 Merge pull request #1884 from austinsonger/microsoft365_potential_ransomware_activity.yml 
microsoft365_potential_ransomware_activity.yml
 2021-08-20 17:20:34 +02:00
frack113 73fee68d4b Merge pull request #1883 from austinsonger/microsoft365_user_restricted_from_sending_email.yml 
microsoft365_user_restricted_from_sending_email.yml
 2021-08-20 17:20:22 +02:00
Austin Songer a25f6e196f Update microsoft365_unusual_volume_of_file_deletion.yml 2021-08-20 08:17:25 -05:00
Austin Songer 360b936357 Update microsoft365_potential_ransomware_activity.yml 2021-08-20 08:17:09 -05:00
Austin Songer ae36804935 Update microsoft365_user_restricted_from_sending_email.yml 2021-08-20 08:16:48 -05:00
frack113 4e29dc9c45 fix title 2021-08-20 09:06:16 +02:00
Austin Songer 853c2eb41d Update microsoft365_potential_ransomware_activity.yml 2021-08-20 01:19:01 -05:00
Austin Songer f745593e80 Update microsoft365_potential_ransomware_activity.yml 2021-08-20 00:33:42 -05:00
Austin Songer 54bda90685 Create microsoft365_user_restricted_from_sending_email.yml 2021-08-19 23:08:25 -05:00
Austin Songer 9b19190ea7 Create microsoft365_potential_ransomware_activity.yml 2021-08-19 23:05:05 -05:00
Austin Songer 99fbd4ef44 Create microsoft365_unusual_volume_of_file_deletion.yml 2021-08-19 23:00:23 -05:00
Austin Songer 0a3e57cc12 Update 2021-08-20 02:10:32 +00:00
Austin Songer 842ade16be Forgot to add my username to some of the rules. 2021-08-20 02:09:31 +00:00
frack113 50f02ed957 move microsoft365 rules 2021-08-13 15:45:28 +02:00