security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,511 Commits 1 Branch 57 Tags
e91fc4486e57fc40e30d12253694de4c80a9e4ea
Commit Graph

11 Commits

Author SHA1 Message Date
phantinuss 6ae28b7a1c fix: legitimate --> Legitimate 2022-03-16 14:35:19 +01:00
Florian Roth c0bd1ef9bc Update sysmon_config_modification.yml 2022-01-13 21:07:11 +01:00
frack113 baaef207cb Add filter help 2022-01-13 06:38:43 +01:00
frack113 592485fac5 Windows Redcannary 2022-01-12 20:27:56 +01:00
frack113 0e5e4fa19d Split global rules 2021-09-07 13:30:32 +02:00
frack113 d02ee1eddd Update global ID 2021-09-02 21:16:55 +02:00
Max Altgelt 6f05e33feb fix: Correct incorrect message / keyword usage 
Correct a number of rules where message or keyword were incorrectly used
as field names in events (typically windows event logs). However, neither
field actually exists and as such these strings could never match.
 2021-08-12 16:28:07 +02:00
mlp1515 53632d4def Update sysmon_config_modification.yml 2021-06-16 15:34:23 +02:00
frack113 7cb10b5475 convert eventID to category 2021-06-10 16:36:14 +02:00
frack113 169f948ac2 Get a new error after another Atomic Test 2021-06-04 13:20:10 +02:00
frack113 3d9fe490ab Detect modification of sysmon configuration by sysmon 2021-06-04 11:27:15 +02:00