security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,511 Commits 1 Branch 57 Tags
e91fc4486e57fc40e30d12253694de4c80a9e4ea
Commit Graph

10511 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
S.kiran kumar ca5e86c850 Update silenttrinity_stager_msbuild_activity.yml 2020-10-21 20:14:07 +05:30
S.kiran kumar 7db0351d6d Update silenttrinity_stager_msbuild_activity.yml 2020-10-21 20:11:55 +05:30
S.kiran kumar e474c26c90 Update silenttrinity_stager_msbuild_activity.yml 2020-10-21 20:07:31 +05:30
S.kiran kumar e8611ca0a7 Update silenttrinity_stager_msbuild_activity.yml 2020-10-21 20:00:19 +05:30
S.kiran kumar 7ba3d7a9c8 Update silenttrinity_stager_msbuild_activity.yml 2020-10-21 19:58:13 +05:30
Alejandro Ortuno 5e5576a91b Fix product 2020-10-21 10:13:28 +02:00
Alejandro Ortuno aa416090e1 Initial sigma rule 2020-10-21 10:09:00 +02:00
Alejandro Ortuno cdabf8e0e8 Sigma rules for network service scanning. 2020-10-21 09:41:40 +02:00
vh 383823f49a Fix: added default value of current_table 2020-10-21 10:12:17 +03:00
Sven Scharmentke c042651e4d Merge pull request #1 from svnscha/feature/backend-uberagent 
Backend: uberAgent ESA converter backend
 2020-10-21 08:59:12 +02:00
Sven Scharmentke ca852eca0e PR Review: Minor fixes 2020-10-21 08:54:50 +02:00
yugoslavskiy f050cedf92 update syntax to re-run the test once more... 2020-10-20 21:17:59 +02:00
yugoslavskiy ea85cc941f remove empty line to re-run the test 2020-10-20 20:41:11 +02:00
yugoslavskiy ca4a0f7a72 shorten the titile to pass the test 2020-10-20 20:37:49 +02:00
yugoslavskiy a96408b20a add an empty line to re-run the test 2020-10-20 20:11:13 +02:00
yugoslavskiy 5acf550646 remove empty line to re-run the test 2020-10-20 20:09:30 +02:00
S.kiran kumar 7fbaacabb0 Mitre attck tags chages 2020-10-20 23:20:34 +05:30
yugoslavskiy 81acc81d10 updated syntax a bit to re-run the test 2020-10-20 19:06:23 +02:00
yugoslavskiy 27baf472b8 add an empty line to re-run the test 2020-10-20 18:59:25 +02:00
yugoslavskiy fe545e00f6 delete empty line to re-run the test 2020-10-20 18:58:21 +02:00
Vasiliy Burov 3a2c1d213a Update win_susp_multiple_files_renamed.yml 2020-10-20 19:25:31 +03:00
yugoslavskiy 6ec761d27b update syntax a bit to re-run the test 2020-10-20 17:40:53 +02:00
yugoslavskiy 40f6d5e543 update syntax a bit to re-run the test 2020-10-20 17:39:04 +02:00
yugoslavskiy 585770faa3 update syntax a bit to re-run the test 2020-10-20 17:31:00 +02:00
vh f45e45d736 Fix: Import SigmaRegularExpressionModifier in the splunk backend. 2020-10-20 18:13:53 +03:00
yugoslavskiy 462c92e522 changes a syntax a bit to re-run the test 2020-10-20 17:10:20 +02:00
yugoslavskiy 60f71d911d shorten the title to pass the test 2020-10-20 17:08:11 +02:00
Florian Roth e7462be5b9 Merge pull request #1254 from Neo23x0/rule-devel 
Rule devel
 2020-10-20 13:53:30 +02:00
Sven Scharmentke 03ad9e22e1 Backend: uberAgent ESA converter backend 
This commit adds the first version of the uberAgent ESA converter backend for sigma. This backend generates ESA compatible query rules for uberAgent ESA Activity Monitoring.
 2020-10-20 13:23:05 +02:00
Florian Roth ee789a309c fix: FP with expression 2020-10-20 13:11:10 +02:00
Florian Roth 198b292c26 rule: emotet encoded commands 2020-10-20 12:51:58 +02:00
Yugoslavskiy Daniil e95749e190 fix syntax 2020-10-20 05:10:11 +02:00
Yugoslavskiy Daniil 99b40e4a6a chage list of plist to contains modifier. could be easily bypassed with endswith 2020-10-20 05:09:08 +02:00
Yugoslavskiy Daniil cea24c9984 add macos_disable_security_tools.yml, oscd initiative issue #1012, task number 60 2020-10-20 05:06:43 +02:00
Yugoslavskiy Daniil 2890adf093 add macos_xattr_gatekeeper_bypass.yml, oscd initiative issue #1012, task number 55 2020-10-20 04:34:02 +02:00
Yugoslavskiy Daniil 5a8c7cd3f9 add missing falcond 2020-10-20 04:00:16 +02:00
Yugoslavskiy Daniil 6f3ac02cb3 add lnx_security_software_discovery.yml, oscd initiative issue #1011, task number 26 2020-10-20 03:57:41 +02:00
Yugoslavskiy Daniil f0663c8412 add macos_security_software_discovery.yml, oscd initiative issue #1012, task number 41 2020-10-20 03:46:41 +02:00
Yugoslavskiy Daniil 491f9d023c add lnx_file_and_directory_discovery.yml, oscd initiative issue #1011, task number 18 2020-10-20 03:05:32 +02:00
Yugoslavskiy Daniil 7c50729388 add macos_file_and_directory_discovery.yml, oscd initiative issue #1012, task number 28 2020-10-20 02:58:08 +02:00
Yugoslavskiy Daniil 34591f9f64 add lnx_system_network_connections_discovery.yml, oscd initiative issue #1011, task number 8 2020-10-20 01:17:06 +02:00
Yugoslavskiy Daniil 941fbebcdc add macos_system_network_connections_discovery.yml, oscd initiative issue #1012, task number 14 2020-10-20 01:14:56 +02:00
Yugoslavskiy Daniil 272fbcc378 fix title 2020-10-20 00:47:02 +02:00
Yugoslavskiy Daniil f0060dec67 fix title 2020-10-20 00:44:23 +02:00
Yugoslavskiy Daniil 1ecb2c1932 add lnx_base64_decode.yml, oscd initiative issue #1011, task number 4 2020-10-20 00:39:06 +02:00
Yugoslavskiy Daniil 8b01062d17 add lnx_base64_decode.yml, oscd initiative issue #1011, task number 4 2020-10-20 00:37:53 +02:00
Yugoslavskiy Daniil cc3ef973c0 add macos_base64_decode.yml, oscd initiative issue #1012, task number 3 2020-10-20 00:36:21 +02:00
Tim I 0323e50011 Detect credential access for macOS via Keychain 2020-10-19 23:37:46 +03:00
stvetro 6bc483d287 Added mitre tags 2020-10-19 19:28:52 +04:00
stvetro 43707c9023 Added mitre tags 2020-10-19 19:20:52 +04:00