security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,511 Commits 1 Branch 57 Tags
e91fc4486e57fc40e30d12253694de4c80a9e4ea
Commit Graph

7964 Commits

Author SHA1 Message Date
frack113 d4317d60a4 Merge pull request #2262 from frack113/dfir_20211115 
DFIR exchange-exploit-leads-to-domain-wide-ransomware
 2021-11-16 06:31:19 +01:00
frack113 d06e7dfc5e Merge pull request #2263 from phantinuss/master 
Minor rule changes
 2021-11-15 21:00:25 +01:00
frack113 42cbe8664b Update registry_event_mal_ursnif.yml 2021-11-15 20:21:20 +01:00
frack113 4850a7824e Merge pull request #2261 from frack113/cloud_product 
Cloud product
 2021-11-15 20:20:16 +01:00
phantinuss c3ecbc52a9 add Exchange reference to title/description 2021-11-15 14:00:05 +01:00
frack113 51744b31b4 fix name 2021-11-15 13:38:38 +01:00
frack113 b9be5b262f Add win_pc_susp_reg_bitLocker 2021-11-15 13:24:26 +01:00
phantinuss f4d5238049 fix: FP 2021-11-15 12:30:51 +01:00
Florian Roth 20686c908d rules: lsass dumps 2021-11-15 12:16:44 +01:00
frack113 c7a2fe0ca4 Add onelogin product 2021-11-14 10:59:08 +01:00
frack113 6e4944e475 Add okta product 2021-11-14 10:58:26 +01:00
frack113 b4e7c350ee Add gworkspace product 2021-11-14 10:56:17 +01:00
frack113 7dfd6b1417 Add gcp product 2021-11-14 10:54:14 +01:00
frack113 1c99a93cd8 Add azure product 2021-11-14 10:50:16 +01:00
frack113 5f87eba896 restore src_ip for coverage 2021-11-14 10:11:29 +01:00
frack113 b293372913 Add product aws 2021-11-14 09:56:59 +01:00
frack113 9d0be2348d Fix field name 2021-11-14 09:26:00 +01:00
frack113 5245360186 No filetype or bodyMagic in zeek http log field 2021-11-14 09:24:34 +01:00
frack113 f647571478 fix logsource 2021-11-13 09:59:14 +01:00
frack113 f1958161d0 Merge pull request #2257 from frack113/optimize 
Optimize rules
 2021-11-13 08:21:12 +01:00
Florian Roth 622e6ae152 Merge pull request #2258 from zakibro/master 
Making the Password Policy Discovery rule more resilient by adding de…
 2021-11-12 22:10:14 +01:00
Florian Roth 645292d945 removed contributor, added to authors 2021-11-12 19:44:50 +01:00
Florian Roth 8054ae005f Merge pull request #2228 from austinsonger/register 
win_susp_registration_via_cscript.yml
 2021-11-12 19:42:20 +01:00
Austin Songer 5a542431ac Update win_susp_registration_via_cscript.yml 2021-11-12 11:12:31 -06:00
Pawel Mazur 07a3e3e234 Making the Password Policy Discovery rule more resilient by adding detection for specific commands 2021-11-12 16:18:29 +01:00
frack113 64839d9e4f Fix detection field name 2021-11-12 14:21:53 +01:00
frack113 f145392b6a Fix detection field name 2021-11-12 13:55:45 +01:00
frack113 eb5465e5a6 Fix detection from reference 2021-11-12 13:41:48 +01:00
Florian Roth 0ab163b6ba fix: FP which happens more frequently under normal circumstances 2021-11-12 13:31:25 +01:00
Florian Roth 04ad3d7622 Update win_hack_hydra.yml 2021-11-12 13:14:27 +01:00
Florian Roth 1661c61147 Merge pull request #2250 from securepeacock/patch-5 
Create sysmon_excel_outbound_network_connection.yml
 2021-11-12 13:05:02 +01:00
frack113 9f7a027913 Fix category and EventID 2021-11-12 12:18:44 +01:00
frack113 8e39eb7fde Remove useless EventID 2021-11-12 11:28:09 +01:00
David André 7ad901fce1 Corrected typo in HyperBro malware name 2021-11-12 08:36:13 +01:00
frack113 555eb9244d Merge pull request #2253 from redsand/filter_empty_details_in_registry_changes 
Filter empty details in registry changes
 2021-11-12 07:00:58 +01:00
frack113 78ff73b6ea Merge pull request #2251 from frack113/linux_fix 
Fix rules in Linux directory
 2021-11-12 06:50:29 +01:00
securepeacock 27a72f10fe Update sysmon_excel_outbound_network_connection.yml 
I got an error for level field, I'm guessing it was due to a capital M and it's case sensitive.
 2021-11-11 21:57:44 -05:00
securepeacock e514567a82 Update sysmon_excel_outbound_network_connection.yml 2021-11-11 21:50:10 -05:00
securepeacock e207596041 Update sysmon_excel_outbound_network_connection.yml 2021-11-11 21:46:24 -05:00
securepeacock 1d58c79386 Update sysmon_excel_outbound_network_connection.yml 2021-11-11 21:44:07 -05:00
securepeacock b4da880a9f Update sysmon_excel_outbound_network_connection.yml 
Updated per Florian's recommendations, please let me know if there's anything else.
 2021-11-11 19:49:16 -05:00
Tim Shelton a1c85108fa Updating author and date modified 2021-11-11 20:37:34 +00:00
Tim Shelton 4bc4732203 Merge branch 'master' of https://github.com/redsand/sigma into ignore_sql_server_tools_for_powershell 2021-11-11 20:36:22 +00:00
Tim Shelton 089a772a5a Merge branch 'filter_empty_details_in_registry_changes' of https://github.com/redsand/sigma into filter_empty_details_in_registry_changes 2021-11-11 20:34:16 +00:00
Tim Shelton 07f9e3912c updating modified date and author fields 2021-11-11 20:34:00 +00:00
redsand (Tim Shelton) 7edaa510e2 Merge branch 'SigmaHQ:master' into filter_empty_details_in_registry_changes 2021-11-11 14:32:26 -06:00
Tim Shelton 9fddfd4afb filter out where Details is (Empty) 2021-11-11 17:34:20 +00:00
Florian Roth 5d0c160e41 Merge branch 'master' into pr/2228 2021-11-11 18:10:05 +01:00
Florian Roth 4e2e75cd2f Merge branch 'master' into pr/2231 2021-11-11 18:09:23 +01:00
Florian Roth 81922af134 Merge pull request #2249 from redsand/add_allow_for_dns_exe_via_dc 
Add allow for dns exe via dc
 2021-11-11 17:22:32 +01:00