security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,511 Commits 1 Branch 57 Tags
e91fc4486e57fc40e30d12253694de4c80a9e4ea
Commit Graph

2788 Commits

Author SHA1 Message Date
Cyb3rEng 1f577174f9 Changed endswith condition 
removed double // from "\wbem\WmiPrvSE.exe"
 2021-09-08 21:06:41 -06:00
Cyb3rEng 5ac0fded26 Merge branch 'SigmaHQ:master' into master 2021-09-08 20:26:59 -06:00
frack113 8eb527d042 Update process_mailboxexport_share.yml 2021-09-08 20:21:02 +02:00
frack113 deb0ddfe09 fix duplicate tags 2021-09-08 20:16:53 +02:00
frack113 af8bf06b30 add missing tags 2021-09-08 20:14:49 +02:00
Florian Roth b1540d65b9 refactor: simplified rule 2021-09-08 17:35:50 +02:00
Florian Roth e388bc6bfa remove unsupported tag 2021-09-08 16:56:04 +02:00
Florian Roth c9b4f5d326 CVE-2021-40444 2021-09-08 16:49:49 +02:00
frack113 993112c7eb Merge pull request #2002 from frack113/missing_tag 
Add missing Tags #1974
 2021-09-08 06:26:55 +02:00
frack113 e712d9696b Merge pull request #2000 from frack113/split_global 
Split frack113 global rules
 2021-09-08 06:26:35 +02:00
Cyb3rEng bd4d21c41c Completed changes based on comments 
Removed :
unnecessary event ID
 2021-09-07 21:17:12 -06:00
Cyb3rEng 75a6e5c95b Completed Changes as per comments 
Removed :
unnecessary event ID
 2021-09-07 21:14:06 -06:00
Cyb3rEng 3b2ebe1580 Completed changes 
Removed :
unnecessary event ID
 2021-09-07 21:12:02 -06:00
Cyb3rEng 8467d5a65a Modified Rule 
Removed :
unnecessary event ID
 2021-09-07 21:09:07 -06:00
Cyb3rEng f0f3ecfe2f Converted to LF 
Removed :
unnecessary event ID
 2021-09-07 21:00:35 -06:00
Cyb3rEng 932b7cf2ba Merge branch 'SigmaHQ:master' into master 2021-09-07 19:58:09 -06:00
Thomas Patzke 143744bc12 Various fixes 
* Backslashes in regular expressions
* Casing of condition operators
* Further small errors
 2021-09-07 23:38:07 +02:00
frack113 4e394d83a1 add missing tags 2021-09-07 17:45:41 +02:00
frack113 0e5e4fa19d Split global rules 2021-09-07 13:30:32 +02:00
frack113 be442182fe convert to LF 2021-09-06 21:10:08 +02:00
frack113 9ef299c4f4 Change to LF 2021-09-06 21:07:49 +02:00
frack113 3b95b0c913 Remove useless Eventid 
Use tools/config/generic/windows-audit.yml to convert for security 4688
 2021-09-06 20:56:41 +02:00
Florian Roth 6b2bacd2cc Merge pull request #1979 from frack113/test_global 
Change ID in global action rule
 2021-09-06 08:44:14 +02:00
frack113 6780182c37 Merge pull request #1974 from frack113/tags_pack2 
Add missing Tags
 2021-09-03 19:13:32 +02:00
frack113 688df3405a Merge pull request #1970 from frack113/red_T1564.004_1 
Redcanary  t1564.004  ADS test 1
 2021-09-03 19:06:51 +02:00
ncrqnt adc3c9e608 fixed date: switched day/month 2021-09-03 12:03:38 +02:00
frack113 11e4b900e4 Update global id 2021-09-03 06:59:40 +02:00
frack113 135d0a2c61 Update global id 2021-09-03 06:50:00 +02:00
frack113 a6bb5574fb Update global id 2021-09-03 06:35:35 +02:00
phantinuss ab721c736c chore: move level/falsepositives to bottom 2021-09-02 14:55:17 +02:00
phantinuss 0b373ff1e9 fix: remove 2nd selection due to FPs 2021-09-02 14:47:47 +02:00
frack113 6a1b95d947 Findstr covert by win_susp_findstr.yml 2021-09-02 14:22:59 +02:00
frack113 aaa568ff2d print covert by win_susp_print.yml 2021-09-02 14:18:38 +02:00
phantinuss 5cb6eed52e fix: remove single value lists 2021-09-02 14:09:03 +02:00
phantinuss f4a5df67ae further narrowing down of the selection, therefore removing the filter 2021-09-02 10:28:01 +02:00
frack113 6f1f70ca5e Add missing tags 2021-09-02 09:59:19 +02:00
frack113 e0cd35261c add missing tags 2021-09-01 20:01:03 +02:00
phantinuss 0b38237dbf fix: add relation to now obsolete rule 2021-09-01 15:38:29 +02:00
phantinuss ae9966bdcc fix: unifying two overlapping rules 2021-09-01 14:48:32 +02:00
phantinuss deefcaa8ac fix: prevent possible FPs with the respective command only used as the last parameter 2021-09-01 14:33:46 +02:00
frack113 2dbbaf0180 fix missing char in date 2021-09-01 14:00:55 +02:00
frack113 e71fce6f11 fix errors 2021-09-01 13:55:14 +02:00
frack113 80dbfa7af5 add process_creation_alternate_data_streams.yml 2021-09-01 13:52:09 +02:00
phantinuss 9ffdced740 fix: implement suggestions from PR discussion 2021-09-01 10:21:37 +02:00
Cyb3rEng 470d64e66c Updated Rule 
Completed the following updates on the rule:
- Modified the title
- incremented 4 spaces for references and tags
- updated false positives
- updated author
- updated description in detection section.
 2021-08-31 22:28:34 -06:00
Cyb3rEng e0e1396dff Updated Rule 
Completed the following updates on the rule:
- Modified the title
- incremented 4 spaces for references and tags
- updated false positives
- updated author
- updated description in detection section.
 2021-08-31 22:26:44 -06:00
Cyb3rEng e7c7e4c061 Updated Rule 
Detection changed to #useful_information
 2021-08-31 22:24:28 -06:00
Cyb3rEng f2b8b83fe3 Updated Rule 
Completed the following updates on the rule:
- Modified the title
- incremented 4 spaces for references and tags
- updated false positives
- updated author
- updated description in detection section.
 2021-08-31 22:23:45 -06:00
Cyb3rEng 0d2257fb19 Updated Rule 
Completed the following updates on the rule:
- Modified the title
- incremented 4 spaces for references and tags
- updated false positives
- updated author
- updated description in detection section.
 2021-08-31 22:22:01 -06:00
Cyb3rEng 1b9a0c4a01 Updated Rule 
Completed the following updates on the rule:
- Modified the title
- incremented 4 spaces for references and tags
- updated false positives
- updated author
- updated description in detection section.
 2021-08-31 22:20:17 -06:00