security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
10,511 Commits 1 Branch 57 Tags
e91fc4486e57fc40e30d12253694de4c80a9e4ea
Commit Graph

582 Commits

Author SHA1 Message Date
remotephone 48cabeafe5 Updated author section 2020-10-16 22:02:58 -05:00
remotephone 8f6ce25bab Merge changes from pull 1084 with this one 
https://github.com/Neo23x0/sigma/pull/1084 includes some commands I missed. This merges both and creates an OR selection condition to match both possible conditions.
 2020-10-16 22:01:44 -05:00
remotephone ffde8b0208 Update to handle different file locations 2020-10-16 21:54:41 -05:00
Mikhail Larin 29f2f1acfe added fish to macos rule 2020-10-17 02:37:21 +03:00
Mikhail Larin 65854752a9 additional shells for both rules fix 2020-10-17 02:33:32 +03:00
Mikhail Larin fb3bee0cad title fix 2020-10-17 02:17:40 +03:00
Mikhail Larin 9b568df527 Lin/Mac T1552.003 2020-10-17 02:06:01 +03:00
Ömer Günal 26bb43eaf6 Update lnx_system_info_discovery.yml 2020-10-16 23:00:44 +03:00
Ömer Günal a01c04018c Update lnx_password_policy_discovery.yml 2020-10-16 22:52:15 +03:00
Ömer Günal bf12c73118 Update at_command.yml 2020-10-16 22:49:40 +03:00
Ömer Günal 723df2f15b Update lnx_system_info_discovery.yml 2020-10-16 21:08:01 +03:00
Ömer Günal f7fbfda794 Update lnx_system_info_discovery.yml 2020-10-16 20:53:00 +03:00
Ömer Günal 2fa7008363 change reference 2020-10-16 20:42:12 +03:00
Ömer Günal bca3c80f43 Update lnx_clear_logs.yml 2020-10-16 20:39:26 +03:00
Ömer Günal 5c34e69fc9 Update lnx_process_discovery.yml 2020-10-16 10:58:51 +03:00
Ömer Günal 0b30835b7b Update at_command.yml 2020-10-16 10:56:06 +03:00
Ömer Günal 373c637e66 Update lnx_install_root_certificate.yml 2020-10-16 10:55:31 +03:00
Ömer Günal 27dcad8ffe Update lnx_process_discovery.yml 2020-10-16 10:52:54 +03:00
Ömer Günal 68e843f0d3 Update lnx_system_info_discovery.yml 2020-10-16 10:48:36 +03:00
Ömer Günal 38c7cb7406 Update lnx_password_policy_discovery.yml 2020-10-16 10:38:36 +03:00
Ömer Günal f1a6e980e5 added category 2020-10-16 10:33:50 +03:00
Ömer Günal 46e887ef38 Update lnx_clear_logs.yml 2020-10-16 10:32:25 +03:00
Jonhnathan 3361b62cc2 Update lnx_auditd_susp_exe_folders.yml 2020-10-15 23:09:06 -03:00
Jonhnathan d655ebf092 Update lnx_auditd_masquerading_crond.yml 2020-10-15 23:08:08 -03:00
Jonhnathan e26e5a1e7e Update lnx_auditd_create_account.yml 2020-10-15 23:07:39 -03:00
Jonhnathan 8fd768aa66 Update lnx_susp_ssh.yml 2020-10-15 23:05:53 -03:00
Jonhnathan d4284e60f9 Update lnx_susp_named.yml 2020-10-15 23:04:16 -03:00
Jonhnathan 83bad3de98 Update lnx_sudo_cve_2019_14287.yml 2020-10-15 23:03:40 -03:00
Jonhnathan 0ca17e88f6 Update lnx_setgid_setuid.yml 2020-10-15 22:55:41 -03:00
Jonhnathan 68ad66f390 Update lnx_proxy_connection.yml 2020-10-15 22:54:27 -03:00
Jonhnathan 41396636f9 Update lnx_file_copy.yml 2020-10-15 22:53:20 -03:00
Jonhnathan 6185640442 Update lnx_clamav.yml 2020-10-15 22:49:42 -03:00
Yugoslavskiy Daniil d8a6048492 update /macos_create_hidden_account.yml 2020-10-16 02:05:22 +02:00
Alejandro Ortuno 2ef52dbfd8 Initial Sigma Rule 2020-10-14 10:24:59 +02:00
Alejandro Ortuno bf8426d71b Initial commit of sigma rule 2020-10-14 10:14:00 +02:00
Alejandro Ortuno 75a05db446 Add slash to bypass testing 2020-10-14 08:50:15 +02:00
remotephone@gmail.com 8e7fbbd147 fixing UUID and description 2020-10-14 00:54:51 -05:00
remotephone@gmail.com ed22c8e0fe adding macos screencapture rule 2020-10-14 00:51:55 -05:00
remotephone@gmail.com 8bbde90328 adding line at end of file 2020-10-14 00:05:28 -05:00
remotephone@gmail.com 3cddb86b70 updating tags 2020-10-14 00:01:30 -05:00
remotephone@gmail.com 7343936653 adding gui input capture, first iteration 2020-10-13 23:59:53 -05:00
remotephone@gmail.com df20d2a5d2 adding new line at end of file 2020-10-13 22:44:02 -05:00
remotephone@gmail.com 7e002fcb5f updating selections to make query more efficient and less prone to evasion 2020-10-13 22:17:26 -05:00
remotephone@gmail.com 56952ecdd4 updating to select commandline arguments correctly for macos rule, and cleaning up description across both rules 2020-10-13 22:09:37 -05:00
Alejandro Ortuno c03a696762 additional modifications on commands and process names 2020-10-13 11:00:06 +02:00
Alejandro Ortuno 50fde8c13f minor changes on command line 2020-10-13 10:55:29 +02:00
Alejandro Ortuno 30bd626d76 Split command line and do contains all. 2020-10-13 10:51:00 +02:00
Alejandro Ortuno 7459bcd08c Use process_creation for the detection 2020-10-13 10:41:50 +02:00
remotephone@gmail.com a85c19db17 updating files to cover broader network discovery logic, renaming alert, adding recommended changes 2020-10-13 00:39:53 -05:00
remotephone@gmail.com 7d49db3988 updating falsepositives documentation to remove line that's not applicable 2020-10-12 23:19:02 -05:00