security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,511 Commits 1 Branch 57 Tags
e91fc4486e57fc40e30d12253694de4c80a9e4ea
Commit Graph

10511 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jonhnathan 4f4fcbc576 Update win_susp_wmi_login.yml 2020-11-19 22:47:20 -03:00
Jonhnathan ea385767b9 Update win_susp_ntlm_auth.yml 2020-11-19 22:40:43 -03:00
Jonhnathan 5d85bbba56 Improve detection logic 2020-11-19 22:37:13 -03:00
Jonhnathan c20bce4a77 Update win_susp_msmpeng_crash.yml 2020-11-19 22:30:48 -03:00
Jonhnathan 7fe2c00ac1 Update win_net_ntlm_downgrade.yml 2020-11-19 22:14:37 -03:00
Jonhnathan 371c112143 Fix the detection logic 
ObjectName = admin was included in the query using AND, not OR.
 2020-11-19 21:45:19 -03:00
Alek Rollyson 83b8af6cd2 Add FirEye Helix backend 2020-11-19 11:18:28 -05:00
Thomas Patzke a0a5bfe204 Removed ES query tests 2020-11-19 09:39:50 +01:00
Thomas Patzke e3b310438c Removed ES query tests 2020-11-19 09:38:00 +01:00
Ömer Günal 1582c5230a Update lnx_process_discovery.yml 2020-11-18 23:25:15 +03:00
weslambert 832e582b8d Fix typo 2020-11-17 17:44:40 -05:00
Tiago Faria 93b06d5425 add SIEGMA and S2AN 2020-11-17 22:36:47 +00:00
Florian Roth 7566f19635 Merge pull request #1267 from w0rk3r/ecs-1 
Suricata ECS
 2020-11-17 15:05:47 +01:00
Florian Roth 9944c0e563 Merge branch 'master' into pr/1267 2020-11-17 14:33:55 +01:00
Florian Roth 1540241106 Merge branch 'master' of https://github.com/Neo23x0/sigma 2020-11-17 14:29:42 +01:00
Florian Roth 88e3de816d docs: uberAgent ESA target in README 2020-11-17 14:29:36 +01:00
Florian Roth c5c6557ca2 Merge pull request #1256 from vastlimits/master 
Backend: uberAgent ESA converter backend
 2020-11-17 14:29:01 +01:00
Florian Roth 94540ea0b6 Merge pull request #1284 from heyibrahimkhan/master 
added role name field to ecs-cloudtrail.
 2020-11-17 14:24:40 +01:00
Thomas Patzke 199a897f75 Fix rule indent 2020-11-17 10:12:55 +01:00
Alejandro Ortuno 304a411910 Merge branch 'service-scanning' of github.com:/alejandroortuno/sigma into service-scanning 2020-11-17 10:00:52 +01:00
Thomas Patzke 7860bda5d6 Removed ES query tests 2020-11-17 09:49:03 +01:00
v3t0 3d206b08d8 [OSCD] Added a rule to detect potential persistence using registry keys 2020-11-15 19:04:12 -05:00
yugoslavskiy 2939b33ab5 Update lnx_network_service_scanning.yml 2020-11-16 01:00:09 +01:00
Ömer Günal edc416a1d8 Update lnx_system_info_discovery.yml 2020-11-14 19:24:23 +03:00
Ömer Günal 821bdf8ab4 Update lnx_install_root_certificate.yml 2020-11-14 19:19:28 +03:00
stvetro 19eb8306d3 Removed unnessary antifalse positive 2020-11-14 09:50:29 +04:00
heyibrahimkhan@gmail.com eed4fe04d5 added role name field to ecs-cloudtrail. 2020-11-13 05:59:55 +05:00
Simen Lybekk c0a7cdc3de mdatp: Use case-insensitive searches by default 
This sohuld match the draft Sigma specification as well as other backends
 2020-11-12 14:09:30 +01:00
Simen Lybekk a75d4fb561 mdatp: Add more field mappings and table<->generic event mappings, skip IMPHASH as it's not supported 2020-11-12 13:15:38 +01:00
Sven Scharmentke 446b0b7f9d Merge branch 'master_origin' 2020-11-11 12:32:53 +01:00
Sven Scharmentke a58d04e4df Rules: Support image_load 2020-11-11 12:31:55 +01:00
Thomas Patzke 43b9b17767 Merge pull request #1281 from andurin/kibana-ndjson-configs 
kibana-ndjson for all configs which already have kibana
 2020-11-11 07:34:37 +01:00
Ömer Günal 19cad11a4a Update lnx_system_info_discovery.yml 2020-11-10 20:11:49 +03:00
Ömer Günal ab959394ab Update lnx_install_root_certificate.yml 2020-11-10 20:09:46 +03:00
Ömer Günal f41accab33 Update lnx_install_root_certificate.yml 2020-11-10 20:09:03 +03:00
Ryan Plas d4d694b4da Logic fix for sysmon_non_priv_program_files_move 2020-11-10 10:01:47 -05:00
Florian Roth af4d546408 Merge pull request #1282 from Neo23x0/rule-devel 
fix: FPs with notepad++ GUP rule
 2020-11-10 13:39:28 +01:00
Florian Roth 2e9d7951a6 Merge pull request #1272 from bczyz1/patch-2 
Fix typo in win_apt_lazarus_session_hijack.yml
 2020-11-10 13:35:08 +01:00
Florian Roth 230562bdf6 Merge pull request #1278 from K-Yo/update-navigator-v4 
Update navigator v4
 2020-11-10 13:34:46 +01:00
Florian Roth c087e39698 Merge pull request #1277 from K-Yo/fix-unicode-error 
Fix unicode error in sigma2attack
 2020-11-10 13:34:05 +01:00
Florian Roth f6c0fb2d33 fix: FPs with notepad++ GUP rule 2020-11-09 16:34:12 +01:00
Alejandro Ortuno ad031d97ee Filter out listening mode on nc 2020-11-09 10:32:56 +01:00
Hendrik 7e742cc049 kibana-ndjson for all configs which already have kibana 2020-11-09 08:46:17 +01:00
Ömer Günal 577165b7f7 Update lnx_system_info_discovery.yml 2020-11-08 11:09:27 +03:00
Ömer Günal 0e4a5baf1a Update lnx_install_root_certificate.yml 2020-11-08 11:08:30 +03:00
Ömer Günal 499a8f85b0 Update lnx_install_root_certificate.yml 2020-11-08 11:06:11 +03:00
Ömer Günal 5dc3472af0 Update lnx_system_info_discovery.yml 2020-11-07 11:51:53 +03:00
Ömer Günal 89a24d4bfa Update lnx_install_root_certificate.yml 2020-11-07 11:50:30 +03:00
yugoslavskiy c17e8574d0 change the syntax a bit and removed .service suffix as it is 
[redundant](https://www.freedesktop.org/software/systemd/man/systemctl.html]:

```
Unit commands listed above take either a single unit name (designated as UNIT), or multiple unit specifications (designated as PATTERN…). In the first case, the unit name with or without a suffix must be given. If the suffix is not specified (unit name is "abbreviated"), systemctl will append a suitable suffix, ".service" by default, and a type-specific suffix in case of commands which operate only on specific unit types. For example,

# systemctl start sshd
and
# systemctl start sshd.service

are equivalent
```
 2020-11-06 20:56:08 +01:00
Thomas Patzke 485457ee55 Merge pull request #1280 from andurin/kibana-ndjson 
Elasticsearch Kibana ndjson backend
 2020-11-06 13:44:00 +01:00