security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,511 Commits 1 Branch 57 Tags
e91fc4486e57fc40e30d12253694de4c80a9e4ea
Commit Graph

7964 Commits

Author SHA1 Message Date
Austin Songer 715b6ecdda Create azure_new_cloudshell_created.yml 2021-09-12 20:00:08 -05:00
Austin Songer f227437920 Create okta_api_token_revoked.yml 2021-09-12 19:47:59 -05:00
Austin Songer 329c5e96fc Create okta_api_token_created.yml 2021-09-12 19:47:21 -05:00
Austin Songer 5f7e657319 Create okta_admin_role_assigned_to_user_or_group.yml 2021-09-12 19:45:57 -05:00
Austin Songer 7b37162107 Update okta_user_account_mfa_reset.yml 2021-09-12 19:41:50 -05:00
Austin Songer 4d58194dab Update okta_user_account_mfa_bypass_attempt.yml 2021-09-12 19:41:38 -05:00
Austin Songer 30823b72b2 Update okta_policy_rule_modified_or_deleted.yml 2021-09-12 19:41:14 -05:00
Austin Songer 31ccf89dcc Update okta_network_zone_deactivated_or_deleted.yml 2021-09-12 19:41:00 -05:00
Austin Songer 08e79bb22e Update okta_application_modified_or_deleted.yml 2021-09-12 19:40:49 -05:00
Austin Songer 8b0756bd32 Create okta_unauthorized_access_to_app.yml 2021-09-12 19:39:24 -05:00
Austin Songer 8607af29e0 Create okta_user_account_lockout.yml 2021-09-12 19:35:19 -05:00
Austin Songer 12e5eeac9e Update okta_policy_modified_or_deleted.yml 2021-09-12 19:30:03 -05:00
Austin Songer 1af9120f37 Rename okta_account_mfa_reset.yml to okta_user_account_mfa_reset.yml 2021-09-12 19:25:11 -05:00
Austin Songer d5653cbfd0 Create okta_user_account_mfa_bypass_attempt.yml 2021-09-12 19:24:57 -05:00
Austin Songer c51e1db228 Create okta_network_zone_deactivated_or_deleted.yml 2021-09-12 19:22:15 -05:00
Austin Songer fefb856471 Create okta_account_mfa_reset.yml 2021-09-12 19:20:54 -05:00
Austin Songer 76d78c274a Create okta_policy_rule_modified_or_deleted.yml 2021-09-12 19:17:25 -05:00
Austin Songer ebd120a165 Create okta_application_modified_or_deleted.yml 2021-09-12 19:17:00 -05:00
Austin Songer 0d51178174 Create okta_policy_modified_or_deleted.yml 2021-09-12 19:13:15 -05:00
pbssubhash 0c092cd106 Final changes 2021-09-12 23:11:46 +05:30
pbssubhash 3c0c1706dc Changed 2021-09-12 23:06:01 +05:30
pbssubhash 276cb59756 yaml to yml ext 2021-09-12 18:41:56 +05:30
pbssubhash 5d654c4518 Changing title to camelcase 2021-09-12 18:36:20 +05:30
pbssubhash 1f7d239bf9 Name change 2021-09-12 18:24:35 +05:30
pbssubhash 014ac2d24e Modifying Rules 2021-09-12 18:09:14 +05:30
pbssubhash 2b228e5f33 Merge branch 'SigmaHQ:master' into master 2021-09-12 18:08:42 +05:30
frack113 437ea3408b split sysmon_stickykey_like_backdoor.yml 2021-09-12 09:58:43 +02:00
frack113 81c2b2731c split sysmon_dns_serverlevelplugindll.yml 2021-09-12 09:53:20 +02:00
frack113 f3ad5953d5 split sysmon_apt_pandemic 2021-09-12 09:42:11 +02:00
frack113 3db427873a split sysinternals eula and uac bypass 2021-09-12 09:38:05 +02:00
frack113 830c0c9f22 Update process_creation_advanced_ip_scanner.yml 2021-09-12 08:53:10 +02:00
frack113 dc5c26ad2d Merge pull request #2018 from zakibro/master 
New Linux Auditd Rules - Steghide Steganography
 2021-09-12 08:29:56 +02:00
frack113 e355367c03 Clean SyncAppvPublishingServer rules 2021-09-12 07:46:35 +02:00
frack113 2223afb6fe split global rules 2021-09-11 20:30:32 +02:00
frack113 92999468ee Merge pull request #2012 from frack113/upgrade_test 
Upgrade test_rules.py
 2021-09-11 15:29:19 +02:00
frack113 a73d37cd72 fix related 2021-09-11 14:22:01 +02:00
frack113 338c9f5ae7 Split global rule 2021-09-11 13:45:41 +02:00
frack113 2a76c469e0 normalise name 2021-09-11 13:34:19 +02:00
zakibro 6412ddaaee Update lnx_auditd_steghide_extract_steganography.yml 2021-09-11 11:19:21 +02:00
zakibro d0741f9f3a Update lnx_auditd_steghide_embed_steganography.yml 
Formatting and detection changes
 2021-09-11 11:18:08 +02:00
Pawel Mazur 89f15c01f9 New Linux Auditd Rules - Steghide Steganography 2021-09-11 10:56:17 +02:00
frack113 747fedb6c6 Merge pull request #2015 from neonprimetime/patch-1 
Propose making rule more generic than just ipify
 2021-09-11 09:06:01 +02:00
frack113 8d3a77d1f5 Update net_susp_ipify.yml 2021-09-11 08:31:24 +02:00
frack113 d2e622f149 Merge pull request #2011 from d4rk-d4nph3/master 
Added rule for Atlassian Confluence CVE-2021-26084
 2021-09-11 07:24:58 +02:00
neonprimetime security (Justin C Miller) 033494c8f7 Propose making rule more generic than just ipify 
Propose making this detection more generic, cover more lookup services than just ipify
https://twitter.com/neonprimetime/status/1436376497980428318
 2021-09-10 12:14:43 -05:00
Florian Roth 7d6baaa79a Merge pull request #2014 from SigmaHQ/rule-devel 
CVE-2021-40444 file creation - winword.exe + .cab
 2021-09-10 18:50:59 +02:00
Florian Roth a4e2c0feba Revert "refactor: exclude case in which upper ticks are used" 
This reverts commit f00aaf8461.
 2021-09-10 18:13:36 +02:00
Florian Roth 9e7ede66cc CVE-2021-40444 file creation - winword.exe + .cab 2021-09-10 18:13:09 +02:00
Austin Songer 1ea9aab455 Update Monitor_Office_Applications_from_proxy_executing_regsvr32_with_payload.yml 2021-09-10 09:44:31 -05:00
Austin Songer 57d349bfe5 Update process_creation_office_application_from_proxy_executing_regsvr32_with_payload.yml 2021-09-10 09:44:22 -05:00