security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,511 Commits 1 Branch 57 Tags
e91fc4486e57fc40e30d12253694de4c80a9e4ea
Commit Graph

27 Commits

Author SHA1 Message Date
phantinuss b23eee6ebf fix: unknown --> Unknown 2022-03-16 13:43:54 +01:00
frack113 ec7319be21 Name Normalization 
Name Normalization
 2022-02-27 07:39:46 +01:00
Florian Roth dff806c5bc changed description, fix: onion TLD position of '.' 2022-02-20 12:17:12 +01:00
Florian Roth d3c0d90ba7 increased level 2022-02-20 12:14:05 +01:00
frack113 82660bbaf2 Simple TOR rules 2022-02-20 11:26:13 +01:00
frack113 171edbd1bc Merge pull request #2694 from frack113/Red_20220213 
Windows Redcannary
 2022-02-14 06:34:20 +01:00
frack113 f288134b41 Windows Redcannary 2022-02-13 11:04:00 +01:00
frack113 7e3c088165 Windows Redcannary 2022-02-12 15:53:13 +01:00
Florian Roth 9c7679e319 fix: duplicate date field 2022-02-08 20:41:26 +01:00
Florian Roth d388ce945c refactor: reduced level of TeamViewer rule 2022-02-08 20:40:31 +01:00
Florian Roth ba3065e943 refactor: added another TV domain 2022-01-30 22:26:01 +01:00
Florian Roth 1b57916890 rule: suspicious renamed teamviewer 2022-01-30 22:05:47 +01:00
frack113 4631d0c482 remove invalid tag 2022-01-19 18:23:30 +01:00
Florian Roth e055ec1d52 refactor: change all " of them" expressions 2022-01-11 10:59:57 +01:00
frack113 01dc930c17 Change status for old rules 2021-11-27 11:33:14 +01:00
frack113 bdb00f403f fix rule 2021-11-24 19:24:16 +01:00
frack113 960a03eaf4 add lobas Binary 2021-11-24 19:17:00 +01:00
frack113 f47d0da3f7 add missing MITRE Techniques 2021-11-20 12:26:01 +01:00
Florian Roth c07a9adb9b fix: moved rule written for DNS/Sysmon to the correct folder 2021-11-09 17:30:15 +01:00
Florian Roth 39283c0ac2 CobaltStrike DNS rules 2021-11-09 17:29:43 +01:00
frack113 4c85858e12 split global sysmon_regsvr32_network_activity.yml 2021-09-21 10:33:47 +02:00
frack113 2a76c469e0 normalise name 2021-09-11 13:34:19 +02:00
frack113 d9cd1652f2 Split global sysmon rules 2021-09-09 16:11:41 +02:00
Thomas Patzke 103a8f8052 Removed EventID from generic DNS query rule 2021-07-08 07:41:11 +02:00
Florian Roth c0b93a010c NCCGroup rules from rclone blog post 
https://research.nccgroup.com/2021/05/27/detecting-rclone-an-effective-tool-for-exfiltration/
 2021-05-27 12:49:40 +02:00
Steven 0c9a82af89 - Remove 'service: sysmon' since defining the categories made the rules generic 2020-10-02 09:37:52 +02:00
Steven 8b74abe0bc - Created new categories for sysmon events 
- Replaced the explicit EventIDs with the reference to the category
- Moved the rules to the corresponding directories
 2020-09-30 20:44:14 +02:00