security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,511 Commits 1 Branch 57 Tags
e91fc4486e57fc40e30d12253694de4c80a9e4ea
Commit Graph

582 Commits

Author SHA1 Message Date
remotephone@gmail.com 89c8a589a5 updating search syntax, splitting process name and cmdline and adding category 2020-10-12 22:49:19 -05:00
remotephone@gmail.com 476a3c04d9 Adding t1070_002 2020-10-12 00:01:10 -05:00
remotephone@gmail.com 781c7ce6dc Cleaning up falsepositives section of both rules 2020-10-11 23:52:47 -05:00
remotephone@gmail.com 48edc674bd updating keywords to CommandLine|contains and splitting rule into two 2020-10-11 22:43:28 -05:00
Yugoslavskiy Daniil e52baddda2 improve descriptin 2020-10-11 22:11:03 +02:00
Yugoslavskiy Daniil 7dec19afca add macos_create_hidden_account.yml; part of the oscd initiative task number 63 of the issue #1012 2020-10-11 22:01:05 +02:00
Alejandro Ortuno d17faf8234 Local groups discovery sigma rules 2020-10-11 18:15:53 +02:00
Alejandro Ortuno 3358dd47ea macos local account creation 2020-10-11 17:56:29 +02:00
Alejandro Ortuno 418a9d5a02 Use endswith with processname 2020-10-11 09:37:08 +02:00
Alejandro Ortuno 748dccc289 additional changes to split processname and commandline 2020-10-10 13:11:17 +02:00
Alejandro Ortuno 04f415c80b Added the sigma rules per OS 2020-10-08 13:23:11 +02:00
Alejandro Ortuno c5605ae8b6 Scheduled Cron Task/Job sigma rule 2020-10-08 13:15:02 +02:00
remotephone@gmail.com e967cce211 change new lines to LF instead of CLRF 2020-10-07 23:02:03 -05:00
remotephone@gmail.com 9802704a2b not sure why i'm failing the tests on a line I didn't change. copying format from another file 2020-10-07 22:54:31 -05:00
remotephone@gmail.com ff2ba5f876 double checking new line characters 2020-10-07 22:43:38 -05:00
remotephone@gmail.com 83ed39f95c adding UID, renaming 2020-10-07 22:25:54 -05:00
remotephone@gmail.com 4486c3ffc9 adding new line at end of file 2020-10-07 22:11:05 -05:00
remotephone@gmail.com cde0020d30 T1016 detection rules 2020-10-07 22:09:15 -05:00
Ömer Günal eac5ac9fc1 removed duplicate filter 2020-10-08 00:18:38 +03:00
Ömer Günal e6588c08f4 Create lnx_system_info_discovery.yml 2020-10-08 00:15:46 +03:00
Ömer Günal 2cea3800de Create lnx_password_policy_discovery.yml 2020-10-08 00:14:40 +03:00
Ömer Günal f00e79d123 Create lnx_file_deletion.yml 2020-10-07 22:28:37 +03:00
Ömer Günal 18821d2255 Create lnx_clear_logs.yml 2020-10-07 22:27:06 +03:00
Ömer Günal d44ef84b55 Update lnx_process_discovery.yml 2020-10-07 22:26:02 +03:00
Ömer Günal d328f92503 Update at_command.yml 2020-10-07 22:23:48 +03:00
Ömer Günal bdabb14483 Update at_command.yml 2020-10-07 22:22:31 +03:00
Ömer Günal 7b29e3a35f Update lnx_install_root_certificate.yml 2020-10-07 22:20:17 +03:00
Ömer Günal 8ea054ff0b Update at_command.yml 2020-10-07 00:07:30 +03:00
Ömer Günal b0b72de94d Create lnx_process_discovery.yml 2020-10-06 23:52:06 +03:00
Ömer Günal 7b39e76192 Create at_command.yml 2020-10-06 23:48:25 +03:00
Ömer Günal 759268108f rename filename 2020-10-06 09:04:36 +03:00
Ömer Günal 0e7eb32f62 update description 2020-10-05 20:22:43 +03:00
Ömer Günal 1e7a47440f Install Root Certificate 2020-10-05 20:21:20 +03:00
Florian Roth d3ee1aba66 docs: MITRE ATT&CK(R) trademark references removed or adjusted 
https://github.com/Neo23x0/sigma/issues/1028
 2020-09-30 08:53:52 +02:00
Mike Wade 8ce73bd8df Fixed issues with tags and missing files 2020-09-15 06:10:57 -06:00
Mike Wade 52ab677798 Fixed my git issue 2020-09-13 22:03:04 -06:00
Florian Roth de5444a81e Merge pull request #989 from oscd-initiative/master 
[OSCD Initiative][ATT&CK tags update]
 2020-09-08 13:27:58 +02:00
Florian Roth af3b93a522 Merge pull request #914 from omergunal/ogunal-2 
New rules for Linux
 2020-09-07 09:41:43 +02:00
Timur Zinniatullin 8dba6ceee6 2nd review 2020-08-25 09:31:38 +03:00
Timur Zinniatullin 1244cacfbf Update lnx_auditd_create_account.yml 2020-08-25 09:20:27 +03:00
Timur Zinniatullin 72fdf0da45 Update lnx_auditd_susp_cmds.yml 2020-08-04 20:00:30 +03:00
Timur Zinniatullin 4e688233d7 ATT&CK mapping update suggestions for \linux\ 2020-08-04 19:48:18 +03:00
Florian Roth 1c63a93643 fix: wrong casing in tag 2020-07-13 16:20:51 +02:00
viniciusvec 26f0d49772 Update lnx_shell_clear_cmd_history.yml 
Renamed tags to match production MITRE: https://attack.mitre.org/techniques/T1070/003/
 2020-07-13 14:06:14 +01:00
Ömer Günal bee467dbd6 Rename lnx_setgid_setuid to lnx_setgid_setuid.yml 2020-07-13 01:36:20 +03:00
Ömer Günal bf8f0307b7 Rename lnx_space_after_filename_ to lnx_space_after_filename_.yml 2020-07-13 01:33:59 +03:00
Ömer Günal 4b74a0df76 Create lnx_space_after_filename_ 2020-07-13 01:33:39 +03:00
Ömer Günal c749aa2539 Create lnx_setgid_setuid 2020-07-13 01:33:09 +03:00
Ömer Günal 6b24a5df65 Create lnx_security_tools_disabling.yml 2020-07-13 01:32:24 +03:00
Ömer Günal bdeca13825 Create lnx_proxy_connection.yml 2020-07-13 01:31:05 +03:00