security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,511 Commits 1 Branch 57 Tags
e91fc4486e57fc40e30d12253694de4c80a9e4ea
Commit Graph

10511 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Hendrik 96e90fbff2 Fix recursion of rules 2020-11-06 12:43:52 +01:00
Alejandro Ortuno 7c5067ade4 Making it a global rule 2020-11-06 10:25:59 +01:00
Alejandro Ortuno a9a90e024c make it global rule 2020-11-06 09:56:49 +01:00
Olivier Caillault 34f24a60a1 Updating attack navigator version to v4.0 2020-11-05 23:37:01 +01:00
Hendrik bf5d40eec3 New Backend - Kibana NDJSON 
Tested against 7.9.3
 2020-11-05 23:34:25 +01:00
K-Yo c17c1fa96b Merge pull request #1 from K-Yo/fix-unicode-error 
Fix unicode error in sigma2attack
 2020-11-05 22:39:54 +01:00
Olivier Caillault 31639366cd Fix unicode error in sigma2attack 2020-11-05 22:30:12 +01:00
Florian Roth 6dfeb6a63b Merge pull request #1276 from Neo23x0/rule-devel 
rule: FPs with WmiPrvSE rule
 2020-11-05 17:04:25 +01:00
Florian Roth c3785d6dc7 rule: FPs with WmiPrvSE rule 2020-11-05 16:44:33 +01:00
bczyz1 c554aaea8f update win_apt_slingshot.yml 
- optimized rule
- added detection of task modification (flag /change + /disable as described here https://stackoverflow.com/questions/26169582/does-anyone-know-of-a-way-to-turn-off-windows-defragmenters-default-schedule-us)
 2020-11-05 15:51:22 +01:00
yugoslavskiy efc3f298b8 simplify syntax 2020-11-04 23:03:34 +01:00
yugoslavskiy 2f789c45dc change a syntax a bit to re-run the tests 2020-11-04 22:30:27 +01:00
Florian Roth 784150b66c Merge pull request #1273 from Neo23x0/rule-devel 
rule: added second expression
 2020-11-04 17:09:47 +01:00
Florian Roth 908023fa66 rule: added second expression 2020-11-04 16:43:35 +01:00
bczyz1 4a5b2d642e Fix typo in win_apt_lazarus_session_hijack.yml 2020-11-03 14:46:29 +01:00
Florian Roth 413abf13cd Merge pull request #1270 from Neo23x0/rule-devel 
rule: reworked weblogic CVE-2020-14882 rule
 2020-11-03 10:40:39 +01:00
Florian Roth f848bb912c rule: reworked weblogic CVE-2020-14882 rule 2020-11-03 10:39:40 +01:00
Florian Roth b218264d47 Merge pull request #1268 from Neo23x0/rule-devel 
rule: WebLogic exploit CVE-2020-14882
 2020-11-03 10:35:05 +01:00
GlebSukhodolskiy 5e94a34401 Merge branch 'oscd_reg_test' into oscd_reg 2020-11-03 12:09:07 +03:00
GlebSukhodolskiy 8068487340 test trigger 2020-11-03 12:04:03 +03:00
GlebSukhodolskiy 544876951f fixed duplication v2 2020-11-03 02:34:34 +03:00
GlebSukhodolskiy 48e46c279a fixed duplication 2020-11-03 02:25:22 +03:00
GlebSukhodolskiy cf8c721662 fixed optimization and references 2020-11-03 02:16:13 +03:00
GlebSukhodolskiy b717f69e09 Placeholders add 2020-11-03 01:19:16 +03:00
GlebSukhodolskiy d0827b120c Update sysmon_asep_reg_keys_modification.yml 2020-11-03 01:12:40 +03:00
Thomas Patzke c202feaf87 Merge pull request #1269 from Neo23x0/ci 
Removed ES query tests
 2020-11-02 23:11:05 +01:00
GlebSukhodolskiy 57f24a338b Update sysmon_asep_reg_keys_modification.yml 2020-11-03 01:00:37 +03:00
Thomas Patzke 31241d9bbd Removed ES query tests 2020-11-02 22:57:01 +01:00
GlebSukhodolskiy e2c4af012b Changed to Placeholders Usage 
A query was too big to pass a test, so I changed logic to placeholders usage.
 2020-11-03 00:56:42 +03:00
Florian Roth dd0d1d053c rule: WebLogic exploit CVE-2020-14882 2020-11-02 11:11:37 +01:00
Jonhnathan 9173fb2cb9 Update Makefile 2020-11-01 21:28:26 -03:00
Jonhnathan 83f2646667 Merge branch 'ecs-1' of https://github.com/w0rk3r/sigma into ecs-1 2020-11-01 21:22:48 -03:00
Jonhnathan 21161c82cc Revert "Create win_susp_replace_lolbin.yml" 
This reverts commit e6a6549676.
 2020-11-01 21:21:47 -03:00
Jonhnathan 90e211bad8 Create ecs-suricata.yml 2020-11-01 21:21:04 -03:00
Jonhnathan c84641d332 Revert "Changed the rule to download only and not the copy" 
This reverts commit 1324bc1ad1.
 2020-11-01 20:36:02 -03:00
Jonhnathan 972a04fb60 Revert "Update win_susp_replace_lolbin.yml" 
This reverts commit 6b2c235ab3.
 2020-11-01 20:35:59 -03:00
feedb e93dd7fe61 fix 2020-11-01 15:25:12 +03:00
Vasiliy Burov 903ce08277 Update win_susp_multiple_files_renamed_or_deleted.yml 2020-11-01 14:21:27 +03:00
yugoslavskiy ea71828d34 change syntax a bit to re-run the test 2020-10-31 23:57:13 +01:00
stvetro 8dc8fdc44b Added antifalsepositive condition 
4688 always has non empty cmd
 2020-10-31 12:46:30 +04:00
omkargudhate22 f1bb9726ca updated mitre tag 2020-10-30 13:35:40 +05:30
omkar72 86a849728d ryuk changes 2020-10-30 13:15:11 +05:30
Roberto Rodriguez 972326f761 A few more - 7 Rules 2020-10-29 21:11:41 -04:00
Roberto Rodriguez 25b92d4a2e Merge branch 'master' of https://github.com/Neo23x0/sigma 2020-10-29 21:04:45 -04:00
Vasiliy Burov ab60fdcef4 Update win_susp_multiple_files_renamed_or_deleted.yml 2020-10-29 23:38:22 +03:00
Alejandro Ortuno 5918cc0a3d remove cat 2020-10-29 09:58:58 +01:00
Vasiliy Burov 683824ee46 Update win_susp_multiple_files_renamed_or_deleted.yml 2020-10-29 11:44:45 +03:00
Alejandro Ortuno 0c0c1725fa refactor detections 2020-10-29 09:34:47 +01:00
Vasiliy Burov d743cbbe4b Update win_susp_multiple_files_renamed_or_deleted.yml 2020-10-29 11:14:43 +03:00
yugoslavskiy 167e9745cd Update macos_remote_system_discovery.yml 2020-10-29 02:06:45 +01:00