security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
10,511 Commits 1 Branch 57 Tags
e91fc4486e57fc40e30d12253694de4c80a9e4ea
Commit Graph

187 Commits

Author SHA1 Message Date
Florian Roth 31788f91d8 Merge pull request #2477 from SigmaHQ/aurora-false-positive-fixing 
fix: FPs noticed with Aurora
 2021-12-20 16:56:21 +01:00
Florian Roth 37da48ba3f fix: FPs noticed with Aurora 2021-12-20 12:04:40 +01:00
Florian Roth 8a3c521a34 Merge pull request #2466 from SigmaHQ/aurora-false-positive-fixing 
Aurora false positive fixing
 2021-12-18 07:16:16 +01:00
Florian Roth 4e49c28472 fix: FPs noticed with Aurora 2021-12-18 06:19:35 +01:00
Florian Roth f1918e512c Merge branch 'aurora-false-positive-fixing' of https://github.com/SigmaHQ/sigma into aurora-false-positive-fixing 2021-12-18 00:18:00 +01:00
Florian Roth 4b7b829d18 fix: FPs noticed with Aurora 2021-12-18 00:17:58 +01:00
Andreas Hunkeler 9ecacdaeea Move winrm rule to process creation 2021-12-17 17:31:06 +01:00
frack113 58063d1113 FP add perfmon.exe 2021-12-10 19:19:55 +01:00
Florian Roth 89e659355c fix: FPs noticed with Aurora 2021-12-07 15:06:49 +01:00
Florian Roth c241601fa9 fix: FPs noticed with Aurora 2021-12-06 13:45:59 +01:00
Florian Roth 48289bdab9 Merge branch 'aurora-false-positive-fixing' of https://github.com/SigmaHQ/sigma into aurora-false-positive-fixing 2021-12-05 11:21:43 +01:00
Florian Roth cb4ee6fbee fix: FPs noticed with Aurora 2021-12-05 11:21:40 +01:00
Florian Roth b6c8481a84 Merge branch 'master' into aurora-false-positive-fixing 2021-12-04 20:00:36 +01:00
Florian Roth a011df121f Merge branch 'aurora-false-positive-fixing' of https://github.com/SigmaHQ/sigma into aurora-false-positive-fixing 2021-12-04 19:18:47 +01:00
Florian Roth 5fa6f749f5 fix: FPs noticed with Aurora 2021-12-04 19:18:45 +01:00
Florian Roth 7cd747ff40 Merge pull request #2382 from SigmaHQ/aurora-false-positive-fixing 
Aurora false positive fixing
 2021-12-04 16:39:00 +01:00
Florian Roth 9a06cf2da5 fix: FPs noticed with Aurora 2021-12-04 14:28:51 +01:00
frack113 5e0326f461 Merge pull request #2376 from frack113/fix_FP 
Fix some FP
 2021-12-04 08:57:58 +01:00
Florian Roth 29cbdf80c2 Merge branch 'aurora-false-positive-fixing' of https://github.com/SigmaHQ/sigma into aurora-false-positive-fixing 2021-12-03 19:03:14 +01:00
Florian Roth bcc5010e7e fix: more FPs noticed with Aurora 2021-12-03 19:02:24 +01:00
frack113 4dbf10017d Add FP on new windows 10 VM 2021-12-03 17:31:59 +01:00
Florian Roth 6aed1a0d2a fix: FPs noticed with Aurora 2021-12-02 14:57:06 +01:00
Florian Roth 4a136fdce6 simplified condition 2021-12-01 14:06:09 +01:00
Florian Roth f2199eacad fix: FPs noticed with Aurora 2021-12-01 13:39:53 +01:00
Florian Roth 6d155ad2ce fix: simplified and extended rule 2021-11-30 20:12:07 +01:00
Florian Roth 9b235f6873 fix: Granted Access 0x410 in different rules 2021-11-30 19:20:37 +01:00
Florian Roth e89646a696 Merge branch 'aurora-false-positive-fixing' of https://github.com/SigmaHQ/sigma into aurora-false-positive-fixing 2021-11-30 19:15:20 +01:00
Florian Roth 112c3522d8 fix: FPs noticed with Aurora 2021-11-30 19:14:49 +01:00
Florian Roth 9209051f94 fix: FPs noticed with Aurora 2021-11-29 18:25:34 +01:00
Florian Roth b8985a222f fix: FPs noticed with Aurora 2021-11-29 16:13:24 +01:00
Florian Roth dcf9d8c828 fix: FPs noticed with Aurora 2021-11-29 15:38:43 +01:00
Florian Roth 17d6528f41 Merge branch 'master' into aurora-false-positive-fixing 2021-11-29 13:09:38 +01:00
Florian Roth 820cc0ccf8 Merge branch 'master' into rule-devel 2021-11-29 11:00:25 +01:00
Florian Roth ef7810fa8b fix: fixing issues with wildcard symbol 
https://github.com/SigmaHQ/sigma/issues/2339
 2021-11-29 10:57:01 +01:00
Florian Roth 142437d9dc fix: FPs noticed with Aurora 2021-11-28 14:57:54 +01:00
Florian Roth e41c195ca5 Merge pull request #2335 from SigmaHQ/aurora-false-positive-fixing 
Aurora false positive fixing
 2021-11-28 10:03:48 +01:00
Florian Roth 19aa434cbd fix: update modified date 2021-11-28 01:17:09 +01:00
Florian Roth 8f22165f26 fix: FPs noticed with Aurora 2021-11-28 01:16:18 +01:00
Florian Roth 330fcf485c Merge branch 'master' into promote_status 2021-11-27 17:15:56 +01:00
Florian Roth 227d99ff58 Merge pull request #2333 from SigmaHQ/rule-devel 
Suspicious LSASS Process Clone
 2021-11-27 14:42:14 +01:00
Florian Roth bd772975f7 rule: LSASS access from program in suspicious folder 2021-11-27 14:09:11 +01:00
Florian Roth 1f6fa6dd58 rule: ATPMiniDump extensions 2021-11-27 14:02:42 +01:00
Florian Roth 2844e58369 fix: FPs noticed with Aurora 2021-11-27 11:52:48 +01:00
frack113 01dc930c17 Change status for old rules 2021-11-27 11:33:14 +01:00
Florian Roth 97207bdf81 Merge branch 'master' into aurora-false-positive-fixing 2021-11-27 09:22:15 +01:00
Florian Roth 0ad9f9a859 fix: FPs noticed with Aurora 2021-11-27 09:13:53 +01:00
Florian Roth 11b8ccfe8f Merge branch 'rule-devel' of https://github.com/SigmaHQ/sigma into rule-devel 2021-11-26 20:47:22 +01:00
Florian Roth eae38d08f0 fix: FPs 2021-11-26 20:46:52 +01:00
Florian Roth 1702c057c6 Merge branch 'master' into rule-devel 2021-11-26 20:02:40 +01:00
Florian Roth 03cddbba29 fix: FPs 2021-11-26 20:00:55 +01:00