security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,511 Commits 1 Branch 57 Tags
e91fc4486e57fc40e30d12253694de4c80a9e4ea
Commit Graph

31 Commits

Author SHA1 Message Date
Florian Roth b4245c561c Merge pull request #2836 from SigmaHQ/rule-devel 
fix: Service Installation 7045 field confusion
 2022-03-21 11:18:29 +01:00
Florian Roth ce4cdf06f0 fix: Service Installation 7045 field confusion 2022-03-21 11:10:03 +01:00
Paul Hager 68659cf5fd new susp service installation rules 2022-03-18 16:08:40 +01:00
phantinuss 84d0c472ba fix: remove penetration test as valid false positive reason 2022-03-16 14:33:18 +01:00
phantinuss 8d3f8acb60 fix: none --> Unknown 2022-03-16 14:19:21 +01:00
phantinuss 9b82e099a3 fix: unlikely --> Unlikely 2022-03-16 14:16:10 +01:00
phantinuss 4585133325 fix: remove penetration testing as a valid false positive 2022-03-16 13:51:26 +01:00
phantinuss b23eee6ebf fix: unknown --> Unknown 2022-03-16 13:43:54 +01:00
frack113 f9c0e21323 Refactor regex 2022-03-07 19:08:30 +01:00
frack113 5d4035ea05 Fix contains 2022-03-06 20:50:19 +01:00
frack113 67189b6e51 refactor regex 2022-03-06 20:40:21 +01:00
frack113 793bf99c85 refactor regex 2022-03-06 20:15:32 +01:00
Florian Roth 921d46ca79 fix: FPs noticed with Aurora 2022-02-21 18:43:18 +01:00
Florian Roth 46f094d6f9 Merge pull request #2635 from SigmaHQ/rule-devel 
refactor: avoid regex use
 2022-02-03 21:56:58 +01:00
Florian Roth 6ce92b27be refactor: more regex avoidance 2022-02-03 20:05:10 +01:00
Florian Roth 6efa5da3dc fix: unescaped double back slashes 2022-02-01 15:57:15 +01:00
frack113 4631d0c482 remove invalid tag 2022-01-19 18:23:30 +01:00
Florian Roth a3a9e2add8 fix: wrong modifier 2022-01-16 17:43:55 +01:00
Florian Roth be224a6f37 rule: new rules covering admin share activity 2022-01-16 17:40:50 +01:00
Florian Roth 6f7d28b52a Merge pull request #2532 from SigmaHQ/aurora-false-positive-fixing 
fix: FPs noticed with Aurora
 2022-01-08 15:57:31 +01:00
Florian Roth bdbb156090 fix: FPs noticed with Aurora 2022-01-08 15:12:17 +01:00
Florian Roth 3cf4c9845c Merge pull request #2530 from SigmaHQ/rule-devel 
docs: changed title of rules that were equal
 2022-01-07 14:15:17 +01:00
Florian Roth d31f5258eb docs: changed title of rules that were equal 2022-01-07 13:07:35 +01:00
frack113 73f258e2d1 Change double quote to quote 2022-01-06 14:02:35 +01:00
Florian Roth 73c7c5790c docs: removed tracking info from reference link 2021-12-27 11:52:16 +01:00
frack113 b368d036cf change level to medium 2021-12-16 22:44:45 +01:00
frack113 4f866f8da3 fix detection 2021-12-15 10:04:37 +01:00
frack113 8908c4ca8e Add win_vul_cve_2021_42278_or_cve_2021_42287 2021-12-15 09:32:39 +01:00
frack113 93c5d8b361 Add win_vul_cve_2021_42278_or_cve_2021-42287 2021-12-15 09:24:23 +01:00
frack113 e2b70a2edb add win_susp_system_update_error rule 2021-12-04 13:02:12 +01:00
frack113 e215f4606b Order rules 2021-12-04 10:07:07 +01:00