security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,511 Commits 1 Branch 57 Tags
e91fc4486e57fc40e30d12253694de4c80a9e4ea
Commit Graph

6187 Commits

Author SHA1 Message Date
Tim Shelton f6caaf795a oof, misspelled detection type 2022-02-25 16:32:33 +00:00
Florian Roth 744813ff87 rule: Hermetic Wiper group activity 2022-02-25 17:29:32 +01:00
Florian Roth eec5b1458c docs: wording change 2022-02-25 17:29:16 +01:00
Tim Shelton 9d06c3cfe7 Filters false positive from msiexec.exe 2022-02-25 16:17:01 +00:00
Florian Roth 653c39fe6a Merge pull request #2746 from SigmaHQ/aurora-false-positive-fixing 
fix: FPs noticed with Aurora
 2022-02-25 16:29:24 +01:00
Florian Roth d6d206d6d6 rules: BlackByte rule update, and some generic rules 2022-02-25 16:02:42 +01:00
frack113 775279423d Fix detection 2022-02-25 15:39:26 +01:00
Florian Roth 7baf014421 rule: BlackByte ransomware 2022-02-25 15:24:36 +01:00
Florian Roth 5901b41f95 fix: FPs noticed with Aurora 2022-02-25 13:55:37 +01:00
Florian Roth 701cb53f97 Merge pull request #2745 from SigmaHQ/rule-devel 
rule: ScreenConnect Backstag, CrackMapExec Flags
 2022-02-25 13:33:58 +01:00
Florian Roth b0b675b004 rule: CrackMapExec flags rule 2022-02-25 11:39:19 +01:00
Florian Roth 98c1c60758 Merge branch 'master' into rule-devel 2022-02-25 10:38:58 +01:00
Florian Roth 881d1f707e Merge pull request #2738 from humpalum/master 
feat: CrashDump Disable Sigmarule
 2022-02-25 10:38:15 +01:00
Florian Roth 3d609cfdf3 rule: ScreenConnect anomaly 
https://www.mandiant.com/resources/telegram-malware-iranian-espionage
 2022-02-25 10:31:58 +01:00
Florian Roth 89071f09e7 docs: changed technique to T1564 (Hide Artefacts) 
https://attack.mitre.org/techniques/T1564/
 2022-02-25 09:50:46 +01:00
Florian Roth a786ed36db add MITRE ATT&CK techniques 2022-02-25 09:25:22 +01:00
Florian Roth 6f79d70532 Merge branch 'master' into rule-devel 2022-02-25 09:19:16 +01:00
frack113 73bffcacbf Merge pull request #2741 from Pooch11/win-dpapi-key 
Fix detection criteria modifier to contains 'bckupkey'
 2022-02-24 21:27:29 +01:00
frack113 beafcc7b4c Merge pull request #2740 from AndrewRathbun/master 
Update proc_creation_win_susp_esentutl_params.yml - minor spelling error
 2022-02-24 21:27:00 +01:00
unknown 528cdd199b Update modified date 2022-02-24 14:38:35 -05:00
unknown 03048a1fdb Fix criteria to contains bckupkey 2022-02-24 13:55:34 -05:00
Florian Roth 220344f477 Merge pull request #2735 from SigmaHQ/rule-devel 
rules: suspicious schtasks creation
 2022-02-24 18:19:45 +01:00
Andrew Rathbun b17f2b3840 Update proc_creation_win_susp_esentutl_params.yml 2022-02-24 11:52:21 -05:00
Tobias Michalski d210e56e34 fix: Removed Spacing 2022-02-24 16:02:58 +01:00
Tobias Michalski 1b6483002b fix: Added newline 2022-02-24 15:57:13 +01:00
Tobias Michalski 573902c38d feat: CrashDump Disable Sigmarule 2022-02-24 15:55:36 +01:00
Tobias Michalski e89867848d Update sysmon_mimikatz_trough_winrm.yml 2022-02-24 11:27:57 +01:00
Tobias Michalski 4a6ab42c6b Update sysmon_mimikatz_trough_winrm.yml 2022-02-24 11:09:47 +01:00
Tobias Michalski 662e5ed66d fix: False Positives 2022-02-24 10:35:31 +01:00
frack113 2dc2b99714 Merge pull request #2736 from frack113/issues_2724 
fix Provider_Name
 2022-02-24 09:27:29 +01:00
Florian Roth 536910f7d7 fix: FPs with new task scheduler rule 2022-02-24 08:41:53 +01:00
frack113 ffe2dd2a00 fix Provider_Name 2022-02-24 06:54:22 +01:00
Florian Roth 1682bdb8a8 fix: condition section 2022-02-23 23:28:53 +01:00
Florian Roth 22fbf5bb0a fix: indentation of conditions 2022-02-23 23:28:22 +01:00
Florian Roth d455dec42c fix: wrong condition 2022-02-23 23:26:33 +01:00
Florian Roth 825bf41f51 rules: susp schtasks creation 2022-02-23 23:25:20 +01:00
Florian Roth 9561e155ed docs: changed title 2022-02-23 23:25:06 +01:00
Florian Roth 0005509c11 Merge pull request #2733 from phantinuss/master 
fix: FPs
 2022-02-23 20:27:49 +01:00
Florian Roth 4b7e8feebe Merge pull request #2731 from SigmaHQ/rule-devel 
refactor: ncat rule, rule: explorer NOUACCHECK
 2022-02-23 17:31:08 +01:00
phantinuss 8212b1a2ad fix: FP 2022-02-23 17:18:53 +01:00
Florian Roth f05f615b0d rule: explorer NOUACCHECK flag 2022-02-23 15:47:44 +01:00
Florian Roth d0c2aead9e refactor: improved ncat rule 2022-02-23 15:18:52 +01:00
phantinuss 329b5aa0eb fix: reduce level, many legitimate usages expected 2022-02-23 14:13:12 +01:00
Florian Roth a2c1840685 Merge pull request #2729 from humpalum/patch-3 
fix: Set rule to medium due to too many filters
 2022-02-23 13:59:30 +01:00
Florian Roth 22e975334c refactor: extended powershell cmdline flag rule 2022-02-23 12:52:38 +01:00
Florian Roth 68d93fcc98 Merge branch 'master' into rule-devel 2022-02-23 11:19:33 +01:00
Florian Roth 122b7029cb Merge branch 'rule-devel' of https://github.com/SigmaHQ/sigma into rule-devel 2022-02-23 11:19:21 +01:00
Florian Roth eefaa17599 fix: Office Shell rule - Outlook Print attachment 2022-02-23 11:19:17 +01:00
Tobias Michalski 15c61b42bf fix: Set rule to medium due to too many filters 2022-02-23 11:03:23 +01:00
Florian Roth bebfe4bfcf Merge pull request #2728 from SigmaHQ/rule-devel 
docs: title changed
 2022-02-23 10:27:41 +01:00