security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,511 Commits 1 Branch 57 Tags
e91fc4486e57fc40e30d12253694de4c80a9e4ea
Commit Graph

10511 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
bar 83623f396c Merge remote-tracking branch 'upstream/master' 2020-07-21 17:22:06 +03:00
bar da30266c60 ImageLoaded mapping added 2020-07-21 17:21:14 +03:00
David Straßegger 875360f373 fixed wrong function call for elastalert aggregation. fixes #940 2020-07-20 14:32:30 +02:00
Poming huang 2b2bf34a64 add wmi persistence script event consumer false positive 2020-07-20 12:27:16 +08:00
Florian Roth 71aa8ad3ba Merge pull request #937 from brachera/master 
Updates to rules and tags
 2020-07-18 08:19:48 +02:00
Aidan Bracher ff3f9fe9b3 Updated tags 2020-07-18 03:02:43 +01:00
Aidan Bracher 1fd73a23b2 Updated tags with sub-techniques 2020-07-18 03:01:34 +01:00
Aidan Bracher 4ac1058ab5 Updated tags 2020-07-18 03:01:11 +01:00
Aidan Bracher 4ffe9cb042 Updated tags with sub-techniques 2020-07-18 02:53:46 +01:00
Aidan Bracher 3bd768e49b Updated tags with sub-techniques 2020-07-18 02:52:15 +01:00
Aidan Bracher dcf20e580d Updated tags to include sub-techniques 2020-07-18 02:50:57 +01:00
Aidan Bracher 1442812681 Updated tags 2020-07-18 02:44:53 +01:00
Aidan Bracher b61527d0b2 Added ATT&CK tactic 2020-07-18 02:42:10 +01:00
Aidan Bracher 161829a4c0 Added ATT&CK tactic 2020-07-18 02:41:48 +01:00
Aidan Bracher 147fd46157 Added ATT&CK tactic 2020-07-18 02:41:10 +01:00
Aidan Bracher 2d227a08c5 Updated suspicious service with sub-techniques 2020-07-18 02:40:22 +01:00
Aidan Bracher 97452a9df3 Update to include sub-technique mapping 2020-07-18 02:38:47 +01:00
Aidan Bracher 30bd591c96 Update win_apt_ke3chang to include sub-techniques 2020-07-18 02:37:56 +01:00
Aidan Bracher ad9a8ff956 Updated to include extra registry key 2020-07-18 02:37:11 +01:00
Aidan Bracher ea1b2ae59f Updated invoke_phantom with sub-technique mapping 2020-07-18 02:32:42 +01:00
Aidan Bracher 23dd2e3cac Updated to include sub-technique mapping 2020-07-18 02:29:58 +01:00
Aidan Bracher 2006aa8f5e Inclusion of registry keys for WinDefender disabling 2020-07-18 02:23:30 +01:00
Marko Okuka 1d39b40fd1 Fixing typo in rule: Username to User 2020-07-16 10:09:29 -04:00
Florian Roth ae05e8eb11 Merge pull request #935 from SanWieb/933-EventID-process_creation 
Revert "Ref #933 - Added windows Process Creation to config"
 2020-07-16 14:32:19 +02:00
Sander 94272c7770 Revert "Ref #933 - Added windows Process Creation to config" 
This reverts commit 6c35a7afa0.
 2020-07-16 14:30:17 +02:00
Florian Roth 80e6e933a9 Merge pull request #934 from SanWieb/933-EventID-process_creation 
Proposed fix for #933
 2020-07-16 13:38:12 +02:00
Sander 6c35a7afa0 Ref #933 - Added windows Process Creation to config 2020-07-16 13:16:57 +02:00
Florian Roth 3025d6850c Merge pull request #932 from rtkdmasse/rule-selection-typos 
Change the selection from Command to CommandLine in a couple of rules
 2020-07-16 09:10:15 +02:00
Florian Roth 992bf676f9 Update sysmon_apt_pandemic.yml 2020-07-16 08:48:32 +02:00
Florian Roth b1de627e94 Update win_apt_zxshell.yml 2020-07-16 08:47:24 +02:00
Florian Roth 4b9b57330a Merge pull request #931 from brachera/master 
Fix for indentation issue
 2020-07-16 08:46:42 +02:00
Daniel Masse 0489a50bd0 Change the selection from Command to CommandLine in a couple of rules 2020-07-15 15:55:26 -04:00
Florian Roth f8e10273ef Merge pull request #929 from Neo23x0/pr/919 
Pr/919
 2020-07-15 21:30:57 +02:00
Florian Roth b50d234cb5 Merge pull request #913 from ryanplasma/master 
Update logsources description->definition
 2020-07-15 21:30:33 +02:00
Sander Wiebing 254942e4c3 Merge pull request #4 from Neo23x0/master 
Update repository
 2020-07-15 17:58:01 +02:00
Aidan Bracher e0476d5ce6 Merge branch 'master' of git://github.com/Neo23x0/sigma 2020-07-15 16:35:29 +01:00
Aidan Bracher 1e5ee5823c Fix for indentation issue 
Wrong indentation of line 182 meant that even where config options
were given, the default per backend was being used, rendering
custom config useless.
 2020-07-15 16:29:27 +01:00
Florian Roth d0c09f10a9 changed newline character to LF 2020-07-15 16:46:44 +02:00
Ryan Plas de53a08746 Merge branch 'master' of github.com:Neo23x0/sigma 2020-07-15 10:27:33 -04:00
duzvik a9b860d749 Update sysmon_abusing_azure_browser_sso.yml 2020-07-15 14:24:49 +03:00
duzvik d24e15cc27 Update sysmon_abusing_azure_browser_sso.yml 2020-07-15 14:12:58 +03:00
duzvik c5dfffdac0 Create sysmon_abusing_azure_browser_sso.yml 2020-07-15 14:02:34 +03:00
Florian Roth 8f66803ddf Merge pull request #927 from Neo23x0/rule-devel 
improved CVE-2020-1350 rule
 2020-07-15 12:06:31 +02:00
Florian Roth 1c103a749f fix: more FPs based on feedback 
https://twitter.com/GossiTheDog/status/1283341486680166400
 2020-07-15 12:05:50 +02:00
Florian Roth c2eb110fca fix: more exact patterns 2020-07-15 11:56:11 +02:00
Florian Roth ae7fbb9245 fix: false positive filters based on SOC Prime's rule 2020-07-15 11:49:20 +02:00
Florian Roth e5a34a965c Merge pull request #926 from Neo23x0/rule-devel 
rule: CVE-2020-1350
 2020-07-15 11:19:07 +02:00
Florian Roth 80639afd43 rule: CVE-2020-1350 2020-07-15 11:03:31 +02:00
Bhabesh Rai e0c1d84951 Added new Lateral Movement Attack ID 2020-07-14 22:32:29 +05:45
Florian Roth c7e412788a Merge pull request #924 from Neo23x0/devel 
Live MITRE ATT&CK data from TAXI service in Test Scripts
 2020-07-14 18:15:29 +02:00