security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,511 Commits 1 Branch 57 Tags
e91fc4486e57fc40e30d12253694de4c80a9e4ea
Commit Graph

7964 Commits

Author SHA1 Message Date
frack113 e3e0b1ec35 fix ProcessName|endswith 2021-06-21 21:28:46 +02:00
frack113 edfb67ddc7 fix TargetImage|endswith 2021-06-21 21:21:34 +02:00
frack113 6558a5b110 fix TargetImage|endswith 2021-06-21 21:19:04 +02:00
frack113 0bc04605cb fix TargetImage|endswith 2021-06-21 21:14:36 +02:00
frack113 4ff1395a1f fix category and TargetImage|endswith 2021-06-21 21:06:54 +02:00
frack113 b23423beba convert to TargetImage|endswith 2021-06-21 20:51:26 +02:00
Sittikorn S 1bcac7b04a Create win_script_event_consumer_spawn 2021-06-21 21:20:39 +07:00
WojciechLesicki f816ed4f5e Update for "modified" date. 2021-06-20 00:11:55 +02:00
WojciechLesicki 2e7aed5262 Added space in "Service File Name" field as it was in the previous version. 2021-06-19 23:45:01 +02:00
mlp1515 fc7b4dcc15 Update win_user_added_to_local_administrators.yml 
Change for french OS
 2021-06-16 17:08:30 +02:00
mlp1515 53632d4def Update sysmon_config_modification.yml 2021-06-16 15:34:23 +02:00
mlp1515 a5e77bac17 Merge branch 'SigmaHQ:master' into master 2021-06-16 15:32:48 +02:00
Florian Roth e5cd850640 Merge pull request #1556 from frack113/PR_617_V2 
Fix all the rules to pass the test
 2021-06-16 08:22:51 +02:00
Hasan 33fcfd71bb Merge fixes for Rules 2021-06-16 10:45:20 +05:00
Hasan fabcb6c3c6 Removed asterisks from filter 2021-06-16 10:42:29 +05:00
Hasan 8196fbaada Parenthesis for condition statement 2021-06-16 10:41:52 +05:00
mlp1515 b4883701b4 Update sysmon_wmi_module_load.yml 2021-06-15 16:16:28 +02:00
mlp1515 efeb5956a0 Merge branch 'SigmaHQ:master' into master 2021-06-15 16:12:07 +02:00
Hasan 415ced0023 Corrected MITRE reference tag 2021-06-15 19:07:50 +05:00
Hasan f079556067 Removed GUID phrase from description 2021-06-15 17:14:32 +05:00
Hasan 1764714e26 Rule to detect new TaskCache Entry 2021-06-15 17:08:14 +05:00
Hasan 1114a25a2c Removal of NODE from ALL filter for better coverage 2021-06-15 17:07:51 +05:00
Hasan 82bcfb29c3 Addition of Safemode flags 2021-06-15 17:07:02 +05:00
Florian Roth 9b93165ece BackdoorDiplomacy UA 2021-06-15 10:39:08 +02:00
Florian Roth 1650d4638d Merge pull request #1548 from luffynextgen/master 
Create sysmon_svchost_cred_dump.yml
 2021-06-14 14:27:25 +02:00
Florian Roth 0377a30893 fix: several issues 2021-06-14 09:42:25 +02:00
Florian Roth 59df5119c2 Merge pull request #1552 from frack113/fix_category 
Fix some sysmon category
 2021-06-14 09:34:15 +02:00
mlp1515 910aed232b Update sysmon_powershell_network_connection.yml 2021-06-14 09:10:34 +02:00
mlp1515 aa629d465b Update sysmon_powershell_network_connection.yml 
Add modified field
 2021-06-14 08:56:57 +02:00
mlp1515 aa5dab332e Update win_multiple_suspicious_cli.yml 
Modify modified field
 2021-06-14 08:54:07 +02:00
luffynextgen 6fd7979659 Update sysmon_svchost_cred_dump.yml 2021-06-14 08:52:16 +02:00
mlp1515 9a98a6dbed Update sysmon_powershell_network_connection.yml 
Add of the french OS value for User field
 2021-06-14 08:48:24 +02:00
frack113 558bcd5ceb Fix all the rules to pass the test 2021-06-14 07:33:26 +02:00
mlp1515 ecfb42fcb2 Update win_multiple_suspicious_cli.yml 
Add contains in CommandLine condition
 2021-06-13 13:43:43 +02:00
Florian Roth 3f46d0ea28 Update sysmon_outlook_newform.yml 2021-06-10 17:41:57 +02:00
frack113 fb2d0092f1 forget to add modified 2021-06-10 17:27:15 +02:00
frack113 4e516414c9 Split to Convert eventID to correct category 2021-06-10 16:58:45 +02:00
frack113 a0aed54f7d Convert eventID 22 to category dns_query 2021-06-10 16:43:33 +02:00
Tobias Michalski 54e98c8441 Merge branch 'master' of github.com:humpalum/sigma 2021-06-10 16:41:22 +02:00
Tobias Michalski 1f52763878 Removed EventIDs 2021-06-10 16:41:00 +02:00
frack113 7cb10b5475 convert eventID to category 2021-06-10 16:36:14 +02:00
Tobias Michalski e8c38a9d6c Renamed file to all lowercase 2021-06-10 16:35:02 +02:00
Florian Roth 83dddf99b4 Update win_exchange_TransportAgent.yml 2021-06-10 16:07:22 +02:00
Florian Roth 0cfc462fb9 fix: fixed driver load rule 2021-06-10 16:03:35 +02:00
Florian Roth cd0531b345 fix: removed process_creation log source 2021-06-10 15:37:00 +02:00
Tobias Michalski 3970934252 Switched EventID:1 to category: process_creation 2021-06-10 14:13:29 +02:00
Tobias Michalski b1913deaca Removed extra whitespace 2021-06-10 14:09:16 +02:00
luffynextgen e170a4a12a Update sysmon_svchost_cred_dump.yml 
following the advices given to me I changed the category and the filter to be closer to sysmon field.
 2021-06-10 14:04:58 +02:00
Tobias Michalski 56d200bad0 Fixed meta informations 2021-06-10 12:44:19 +02:00
Tobias Michalski bbc8633c67 Merge branch 'master' of github.com:humpalum/sigma 2021-06-10 11:32:08 +02:00