 Austin Songer
|
8dfae4c785
|
Update okta_api_token_revoked.yml
|
2021-09-22 19:51:44 -05:00 |
|
|
Austin Songer
|
1a64dc03a1
|
Update okta_api_token_created.yml
|
2021-09-22 19:51:31 -05:00 |
|
|
Austin Songer
|
f186235d8f
|
Update okta_admin_role_assigned_to_user_or_group.yml
|
2021-09-22 19:51:25 -05:00 |
|
|
frack113
|
3ac0d93f5b
|
Merge pull request #2062 from Pooch11/win-apt-greenbug-fix
win-apt-greenbug-fix small change to B64encoded value of '/server='
|
2021-09-22 20:05:37 +02:00 |
|
|
frack113
|
6e6d57b019
|
fix filename
|
2021-09-22 18:45:08 +02:00 |
|
|
unknown
|
9924cc3946
|
win-apt-greenbug-fix amend b64 value of /server= as seen in IOC
|
2021-09-22 10:33:04 -04:00 |
|
|
frack113
|
ab5f5f95bc
|
fix filename
|
2021-09-22 16:27:05 +02:00 |
|
|
frack113
|
3c906b52a0
|
fix filename
|
2021-09-22 16:21:07 +02:00 |
|
|
Florian Roth
|
b7b0bd4275
|
Update lnx_clear_syslog.yml
|
2021-09-22 09:46:05 +02:00 |
|
|
frack113
|
7b995f2d99
|
Merge pull request #2057 from secDre4mer/master
Add two rules
|
2021-09-22 09:15:32 +02:00 |
|
|
frack113
|
ac639bb9ec
|
Merge pull request #2060 from zakibro/master
New Rule - Linux - Auditd - Screencapture with Import Tool
|
2021-09-22 08:41:50 +02:00 |
|
|
frack113
|
045e87058b
|
add definition
|
2021-09-22 08:40:08 +02:00 |
|
|
unknown
|
3ace73f9fd
|
win-apt-greenbug-fix - change modified date as well
|
2021-09-21 16:59:32 -04:00 |
|
|
unknown
|
993bf46550
|
win-apt-greenbug-fix small change to B64encoded value of '/server=' in detection criteria
|
2021-09-21 16:56:01 -04:00 |
|
|
frack113
|
db9e6124e3
|
fix too many blank lines
|
2021-09-21 20:24:02 +02:00 |
|
|
frack113
|
6e08ba55c4
|
fix error
|
2021-09-21 20:16:26 +02:00 |
|
|
frack113
|
7a52da3b40
|
split global cleartext_protocols.yml
|
2021-09-21 19:56:47 +02:00 |
|
|
frack113
|
e377e4e96f
|
split global net_high_dns_bytes_out.yml
|
2021-09-21 19:53:25 +02:00 |
|
|
frack113
|
6777ca7a82
|
split global net_high_dns_requests_rate.yml
|
2021-09-21 19:51:11 +02:00 |
|
|
frack113
|
00f3055035
|
split global net_susp_network_scan.yml
|
2021-09-21 19:47:28 +02:00 |
|
|
frack113
|
b5e91d7185
|
fix field name and date
|
2021-09-21 19:41:46 +02:00 |
|
|
frack113
|
d37685d7cc
|
split global win_cobaltstrike_service_installs.yml
|
2021-09-21 19:36:34 +02:00 |
|
|
frack113
|
06a07605fd
|
split global win_mal_creddumper.yml
|
2021-09-21 19:31:52 +02:00 |
|
|
Pawel Mazur
|
e20e5033e7
|
New Rule - Linux - Auditd - Screencapture with Import Tool
|
2021-09-21 18:55:48 +02:00 |
|
|
Florian Roth
|
d884f774f9
|
Update powershell_memorydump_getstoragediagnosticinfo.yml
|
2021-09-21 18:01:46 +02:00 |
|
|
phantinuss
|
46febf48b0
|
fix: remove rule, too many FPs and no better matching criteria
|
2021-09-21 16:52:17 +02:00 |
|
|
frack113
|
dde3b17c20
|
split global win_mal_service_installs.yml
|
2021-09-21 16:17:59 +02:00 |
|
|
frack113
|
518d294ee9
|
fix id error
|
2021-09-21 16:06:27 +02:00 |
|
|
frack113
|
b9d14ef55a
|
split global win_metasploit_or_impacket_smb_psexec_service_install.yml
|
2021-09-21 16:02:47 +02:00 |
|
|
Max Altgelt
|
bf9bc03258
|
chore: properly name and describe rules
|
2021-09-21 15:59:01 +02:00 |
|
|
frack113
|
9dbc71ca2f
|
split global win_meterpreter_or_cobaltstrike_getsystem_service_installation.yml
|
2021-09-21 15:50:06 +02:00 |
|
|
frack113
|
0dd549ba67
|
fix selection name
|
2021-09-21 15:25:03 +02:00 |
|
|
frack113
|
7c8d1ab037
|
split global win_moriya_rootkit.yml
|
2021-09-21 15:18:25 +02:00 |
|
|
frack113
|
a4ad7e5358
|
split global win_net_ntlm_downgrade.yml
|
2021-09-21 15:10:08 +02:00 |
|
|
Max Altgelt
|
8c3faa390c
|
feat: Add rule for live memory dumping
|
2021-09-21 15:09:12 +02:00 |
|
|
frack113
|
a5c8fba7a5
|
fix error
|
2021-09-21 15:01:51 +02:00 |
|
|
Max Altgelt
|
346ff26809
|
feat: Add rule for syslog removal
|
2021-09-21 14:56:12 +02:00 |
|
|
frack113
|
20a785bad3
|
split global win_powershell_script_installed_as_service.yml
|
2021-09-21 13:55:04 +02:00 |
|
|
frack113
|
8c13bd23b9
|
split global win_powershell_web_request
|
2021-09-21 13:44:19 +02:00 |
|
|
frack113
|
ba3c7a020a
|
split global win_root_certificate_installed.yml
|
2021-09-21 13:34:32 +02:00 |
|
|
frack113
|
6368a88ad3
|
split global win_software_discovery.yml
|
2021-09-21 13:28:47 +02:00 |
|
|
frack113
|
332bed7906
|
split global win_susp_eventlog_cleared.yml
|
2021-09-21 13:22:40 +02:00 |
|
|
frack113
|
99f24a95a6
|
split global win_susp_failed_logons_single_source.yml
|
2021-09-21 13:19:00 +02:00 |
|
|
frack113
|
06ed7c41af
|
split clobal win_tap_driver_installation.yml
|
2021-09-21 13:15:21 +02:00 |
|
|
frack113
|
5951ad1d9a
|
Merge pull request #2056 from frack113/some_global
Split global rules
|
2021-09-21 12:42:59 +02:00 |
|
|
frack113
|
d5e1e97ed3
|
Merge pull request #2055 from frack113/split_invoke
split global win_invoke_obfuscation_*
|
2021-09-21 12:42:41 +02:00 |
|
|
frack113
|
0884a70e28
|
fix tests.py error
|
2021-09-21 10:52:37 +02:00 |
|
|
frack113
|
4718f914e9
|
split global sysmon_hack_dumpert.yml
|
2021-09-21 10:43:42 +02:00 |
|
|
frack113
|
5fc82e5dc6
|
split global sysmon_tttracer_mod_load.yml
|
2021-09-21 10:39:02 +02:00 |
|
|
frack113
|
4c85858e12
|
split global sysmon_regsvr32_network_activity.yml
|
2021-09-21 10:33:47 +02:00 |
|