blue-team-tools

Author	SHA1	Message	Date
$frack113$ frack113	c36cf428ac	clean list 1 elem	2021-09-16 16:18:30 +02:00
Florian Roth	a926439b39	fix: `default` to `(Default)`	2021-09-16 11:39:45 +02:00
$frack113$ frack113	6e981f56df	fix detection from references	2021-09-16 09:20:41 +02:00
$frack113$ frack113	8a847e0538	Update process_creation_possible_privilege_escalation_via_service_registry_permissions.yml	2021-09-15 19:05:31 +02:00
$frack113$ frack113	973e0666ac	Merge pull request #2020 from frack113/pc_global Split some global process_creation rules	2021-09-15 19:03:30 +02:00
$frack113$ frack113	3b8282c221	fix detection	2021-09-15 16:21:30 +02:00
$frack113$ frack113	b08b3e2b0d	Merge pull request #2021 from frack113/global_registry Split registry Global rules	2021-09-14 19:18:34 +02:00
$frack113$ frack113	d13af3e258	Merge pull request #2019 from frack113/normalise_name Split 2 global rules and normalyze name	2021-09-14 19:17:55 +02:00
Florian Roth	4118402127	Merge pull request #2027 from frack113/fix_reg_key Fix registry TargetObject	2021-09-13 15:59:47 +02:00
Sittikorn S	dd9921b360	Update win_file_winword_cve_2021_40444.yml Add modified date	2021-09-13 19:41:01 +07:00
$frack113$ frack113	047ebab36b	fix HKCU	2021-09-13 14:01:39 +02:00
$frack113$ frack113	7b6ae81b8b	fix TargetObject HK	2021-09-13 13:16:16 +02:00
$frack113$ frack113	bd3b1323b4	fix TargetObject HKCU	2021-09-13 12:45:10 +02:00
Sittikorn S	edd5c2745e	Update win_file_winword_cve_2021_40444.yml change TargetFilename\|contains\|all	2021-09-13 16:05:56 +07:00
Sittikorn S	5977596e65	Update win_file_winword_cve_2021_40444.yml	2021-09-13 16:05:22 +07:00
Sittikorn S	7386904e42	Update win_file_winword_cve_2021_40444.yml Add new condition	2021-09-13 15:33:14 +07:00
pbssubhash	4ae1d41983	Corrected Rules - Logsource	2021-09-13 10:16:02 +05:30
pbssubhash	0c092cd106	Final changes	2021-09-12 23:11:46 +05:30
pbssubhash	3c0c1706dc	Changed	2021-09-12 23:06:01 +05:30
pbssubhash	2b228e5f33	Merge branch 'SigmaHQ:master' into master	2021-09-12 18:08:42 +05:30
$frack113$ frack113	437ea3408b	split sysmon_stickykey_like_backdoor.yml	2021-09-12 09:58:43 +02:00
$frack113$ frack113	81c2b2731c	split sysmon_dns_serverlevelplugindll.yml	2021-09-12 09:53:20 +02:00
$frack113$ frack113	f3ad5953d5	split sysmon_apt_pandemic	2021-09-12 09:42:11 +02:00
$frack113$ frack113	3db427873a	split sysinternals eula and uac bypass	2021-09-12 09:38:05 +02:00
$frack113$ frack113	830c0c9f22	Update process_creation_advanced_ip_scanner.yml	2021-09-12 08:53:10 +02:00
$frack113$ frack113	e355367c03	Clean SyncAppvPublishingServer rules	2021-09-12 07:46:35 +02:00
$frack113$ frack113	2223afb6fe	split global rules	2021-09-11 20:30:32 +02:00
$frack113$ frack113	92999468ee	Merge pull request #2012 from frack113/upgrade_test Upgrade test_rules.py	2021-09-11 15:29:19 +02:00
$frack113$ frack113	a73d37cd72	fix related	2021-09-11 14:22:01 +02:00
$frack113$ frack113	338c9f5ae7	Split global rule	2021-09-11 13:45:41 +02:00
$frack113$ frack113	2a76c469e0	normalise name	2021-09-11 13:34:19 +02:00
$frack113$ frack113	d2e622f149	Merge pull request #2011 from d4rk-d4nph3/master Added rule for Atlassian Confluence CVE-2021-26084	2021-09-11 07:24:58 +02:00
Florian Roth	7d6baaa79a	Merge pull request #2014 from SigmaHQ/rule-devel CVE-2021-40444 file creation - winword.exe + .cab	2021-09-10 18:50:59 +02:00
Florian Roth	a4e2c0feba	Revert "refactor: exclude case in which upper ticks are used" This reverts commit `f00aaf8461`.	2021-09-10 18:13:36 +02:00
Florian Roth	9e7ede66cc	CVE-2021-40444 file creation - winword.exe + .cab	2021-09-10 18:13:09 +02:00
Austin Songer	1ea9aab455	Update Monitor_Office_Applications_from_proxy_executing_regsvr32_with_payload.yml	2021-09-10 09:44:31 -05:00
Austin Songer	57d349bfe5	Update process_creation_office_application_from_proxy_executing_regsvr32_with_payload.yml	2021-09-10 09:44:22 -05:00
Austin Songer	9d9a5088bb	Update Monitor_executable_and_script_files_creation_by_Office_applications_using_file_extentions.yml	2021-09-10 09:43:24 -05:00
Austin Songer	5aa5586c54	Update Monitor_executable_and_script_files_creation_by_Office_applications_using_file_extentions.yml	2021-09-10 09:43:11 -05:00
$frack113$ frack113	0288f5b626	fix condition operator case	2021-09-10 13:51:52 +02:00
$frack113$ frack113	ac9ea531ae	Merge pull request #1956 from Cyb3rEng/master Adding Various Rules To Monitor Process Creations in Sysmon, Event Logs & EDR	2021-09-10 10:47:23 +02:00
$frack113$ frack113	fe035388f0	Rename Monitor_Office_Application_from_proxy executing_regsvr32_with_payload.yml to process_creation_office_application_from_proxy_executing_regsvr32_with_payload.yml	2021-09-10 10:02:19 +02:00
Florian Roth	3824a12323	style: fixed indentation level, order of fields	2021-09-10 09:33:52 +02:00
Florian Roth	59b9902502	style: fixed indentation level	2021-09-10 09:33:09 +02:00
$frack113$ frack113	3d147f528f	Rename Monitor_WMI_Win32_Process Create_command_execution_by_Office_Applications.yml to process_creation_command_execution_by_office_applications.yml	2021-09-10 09:23:00 +02:00
Cyb3rEng	f4155010ff	Duplicate Rule Removed rule as it was duplicated	2021-09-09 23:09:20 -06:00
Cyb3rEng	4af244b135	Duplicate Rule Removed rule as it was duplicated	2021-09-09 23:08:52 -06:00
Bhabesh Rai	91081a7fbc	Added rule for Atlassian Confluence CVE-2021-26084	2021-09-10 10:04:16 +05:45
Cyb3rEng	361121c402	changed title title: Lolbins Process Created With WmiPrvSE	2021-09-09 21:51:49 -06:00
Cyb3rEng	a3a12375b5	changed title title: Lolbins Process Created With Office Application	2021-09-09 21:51:22 -06:00

... 32 33 34 35 36 ...

6187 Commits