blue-team-tools

Author	SHA1	Message	Date
Florian Roth	efcf1d9019	Merge pull request #1867 from SigmaHQ/rule-devel fix: FPs with [reflection.assembly]::Load	2021-08-18 11:42:47 +02:00
Florian Roth	a2e45353aa	Merge pull request #1825 from frack113/iis_ProxyLogon rule: ProxyLogon web_cve_2021_26858_iis_rce.yml	2021-08-18 09:54:15 +02:00
Florian Roth	66c674e8e8	Merge pull request #1837 from phantinuss/master generalise amsi bypass rule to CobaltStrike BOF injection pattern	2021-08-18 09:53:21 +02:00
Florian Roth	5fa5a412d5	fix: FPs with [reflection.assembly]::Load	2021-08-18 09:49:34 +02:00
Austin Songer	309e71491b	Update azure_keyvault_key_modified_or_deleted.yml	2021-08-17 08:44:39 -05:00
Austin Songer	23d0477120	Update azure_keyvault_secrets_modified_or_deleted.yml	2021-08-17 08:42:41 -05:00
Austin Songer	16e0def41d	Update and rename azure_vault_key_modified_or_deleted.yml to azure_keyvault_key_modified_or_deleted.yml	2021-08-17 08:31:22 -05:00
Austin Songer	ecdcd8f843	Rename azure_key_vault_modified_or_deleted.yml to azure_keyvault_modified_or_deleted.yml	2021-08-17 08:30:10 -05:00
Austin Songer	49ab7d7bb6	Merge branch 'SigmaHQ:master' into azure_application_gateway_modified_or_deleted.yml	2021-08-17 08:29:18 -05:00
Austin Songer	8a7d9d23f5	Merge branch 'SigmaHQ:master' into azure_application_security_group_modified_or_deleted.yml	2021-08-17 08:29:15 -05:00
Austin Songer	f0ef01ae09	Merge branch 'SigmaHQ:master' into azure_key_vault_modified_or_deleted.yml	2021-08-17 08:29:12 -05:00
Austin Songer	a01d8cc2fe	Merge branch 'SigmaHQ:master' into azure_keyvault_secrets_modified_or_deleted.yml	2021-08-17 08:29:09 -05:00
Florian Roth	a0625ad074	Merge branch 'master' into rule-devel	2021-08-17 12:29:55 +02:00
Florian Roth	9684c4e55f	Merge branch 'rule-devel' of https://github.com/SigmaHQ/sigma into rule-devel	2021-08-17 12:03:54 +02:00
Florian Roth	80b3acfce9	fix: false positive with Xen / Oracle scripts	2021-08-17 12:03:49 +02:00
Austin Songer	9986515b59	Update azure_suppression_rule_created.yml	2021-08-17 00:04:11 -05:00
Austin Songer	84e96d5b4f	Create azure_suppression_rule_created.yml	2021-08-17 00:04:00 -05:00
Austin Songer	1fcc1701b7	Create azure_keyvault_secrets_modified_or_deleted.yml	2021-08-16 23:54:57 -05:00
Austin Songer	7abceb07ce	Create azure_vault_key_modified_or_deleted.yml	2021-08-16 23:50:56 -05:00
Austin Songer	758293e2f9	Delete azure_application_security_group_modified_or_deleted.yml	2021-08-16 23:42:15 -05:00
Austin Songer	824d64a9ce	Create azure_key_vault_modified_or_deleted.yml	2021-08-16 23:41:43 -05:00
Austin Songer	3c8f27ba76	Create azure_application_security_group_modified_or_deleted.yml	2021-08-16 23:31:45 -05:00
Austin Songer	144cfcb016	Create azure_application_gateway_modified_or_deleted.yml	2021-08-16 23:30:30 -05:00
$frack113$ frack113	63733a623e	Merge pull request #1861 from austinsonger/aws_eks_cluster_modified_or_deleted.yml aws_eks_cluster_created_or_deleted.yml	2021-08-17 06:25:18 +02:00
$frack113$ frack113	2521ae2ed1	Merge pull request #1859 from austinsonger/gcp_vpn_tunnel_modified_or_deleted.yml gcp_vpn_tunnel_modified_or_deleted.yml	2021-08-17 06:24:49 +02:00
$frack113$ frack113	e098fc73cb	add keywords condition	2021-08-17 06:24:04 +02:00
$frack113$ frack113	accb675ed5	fix error space	2021-08-16 20:36:55 +02:00
Austin Songer	80062ff5cd	Update aws_eks_cluster_created_or_deleted.yml	2021-08-16 12:42:14 -05:00
Austin Songer	cfb863a98e	Update aws_eks_cluster_created_or_deleted.yml	2021-08-16 11:52:22 -05:00
$frack113$ frack113	06840be3e7	fix author	2021-08-16 18:46:25 +02:00
$frack113$ frack113	dfd9e6d8f0	Merge pull request #1857 from frack113/fix_HostApplication Update definition for powershell-classic rule	2021-08-16 17:18:24 +02:00
$frack113$ frack113	eb406ba36f	Merge pull request #1844 from frack113/cleanup Add more compliance test	2021-08-16 17:17:25 +02:00
Austin Songer	ed507b82f4	Update and rename aws_eks_cluster_modified_or_deleted.yml to aws_eks_cluster_created_or_deleted.yml	2021-08-16 09:58:48 -05:00
Austin Songer	c7831a3d70	Update gcp_vpn_tunnel_modified_or_deleted.yml	2021-08-16 09:45:31 -05:00
Florian Roth	d2790f2450	fix: missing "\|all" modifier	2021-08-16 16:14:48 +02:00
$frack113$ frack113	e1b99db149	fix duplicate uuid	2021-08-16 15:50:14 +02:00
Florian Roth	669308a37a	Merge pull request #1855 from frack113/coti_sqlcmd Rule to detect Coti sqlcmd	2021-08-16 14:27:24 +02:00
Florian Roth	141ca03c9b	Merge pull request #1853 from secDre4mer/contileak feat: Add some rules to detect Conti behaviour	2021-08-16 14:18:43 +02:00
Florian Roth	3028eb68b6	refactoring: procdump rules	2021-08-16 13:55:00 +02:00
$frack113$ frack113	911579023c	fix powershell_alternate_powershell_hosts.yml	2021-08-16 13:30:45 +02:00
$frack113$ frack113	2dbf9af27d	add definition to powershell-classic	2021-08-16 12:56:24 +02:00
$frack113$ frack113	fda11e3608	fix very bad cut and paste	2021-08-16 11:22:50 +02:00
$frack113$ frack113	a861f55e5c	fix title	2021-08-16 11:15:32 +02:00
$frack113$ frack113	a70607bce7	add process_creation_coti_sqlcmd.yml	2021-08-16 11:08:19 +02:00
Florian Roth	79bc89b344	rule: av hacktool events	2021-08-16 10:57:03 +02:00
Florian Roth	f8bedfa759	docs: added link to leak file on VT	2021-08-16 10:12:35 +02:00
$frack113$ frack113	dc9bb22a00	fix duplicate id	2021-08-16 09:29:22 +02:00
Max Altgelt	78e2c0da92	fix: Clean up duplicated ID	2021-08-16 09:26:45 +02:00
$frack113$ frack113	fb80b35141	fix condition	2021-08-16 09:21:38 +02:00
$frack113$ frack113	5b09dff1fb	cleanup win_malware_conti_shadowcopy.yml	2021-08-16 09:21:04 +02:00

... 51 52 53 54 55 ...

7964 Commits