security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,511 Commits 1 Branch 57 Tags
e91fc4486e57fc40e30d12253694de4c80a9e4ea
Commit Graph

10511 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Florian Roth 67dfd729fd rule: extended Proxy UA suspicious rule 2019-12-12 10:42:23 +01:00
Florian Roth 9c59e3cf13 Merge branch 'master' into devel 2019-12-12 09:40:02 +01:00
Florian Roth 065df363dc rule: added Empire UA 2019-12-12 09:39:28 +01:00
Florian Roth c25b902add Merge pull request #558 from vburov/patch-7 
Added svchost.exe as a parent image
 2019-12-10 20:17:22 +01:00
Florian Roth 611b72dba5 Merge pull request #559 from vburov/patch-8 
Added some suspicious locations
 2019-12-10 20:15:16 +01:00
Vasiliy Burov 977551c69d Added some suspicious locations 
Added 'C:\Windows\Tasks' and 'C:\Windows\System32\Tasks' as suspicious locations accordingly article: https://github.com/ThreatHuntingProject/ThreatHunting/blob/master/hunts/suspicious_process_creation_via_windows_event_logs.md
 2019-12-10 20:17:40 +03:00
Vasiliy Burov 0dd4324aba Added svchost.exe as a parent image 
Added svchost.exe as a parent image accordingly this article (https://www.carbonblack.com/2014/06/10/screenshot-demo-hunt-evil-faster-than-ever-with-carbon-black/) and my investigations.
 2019-12-10 19:31:12 +03:00
Karneades fd4536afb5 Resolve PR #556 merge conflict 2019-12-09 21:23:00 +01:00
Rob Rankin e251568760 Data Compressed duplciate titles 2019-12-09 16:24:10 +00:00
Rob Rankin b771dd3d3b Rule name conflicts in Elastalert output 2019-12-09 16:14:28 +00:00
Thomas Patzke b701e9be50 Added ECS proxy configuration 2019-12-09 16:34:07 +01:00
Karneades 1c05b858fd Add release date for each version in changelog 2019-12-09 16:18:58 +01:00
Thomas Patzke a9d6158dde Merge branch 'rules' 2019-12-09 16:17:39 +01:00
Thomas Patzke 2ea87f187c Added Ursnif proxy detections 2019-12-09 16:02:10 +01:00
Yugoslavskiy Daniil 185a634bd9 update authors for 2 rules 2019-12-07 02:10:06 +01:00
Yugoslavskiy Daniil 4789b15fd5 add rules by Sergey Soldatov, Kaspersky Lab 2019-12-07 01:45:55 +01:00
Thomas Patzke 991108e64d Further proxy field name fixes (config + rules) 2019-12-07 00:23:30 +01:00
Thomas Patzke dd8442590f Fixed proxy rule field names 2019-12-07 00:11:33 +01:00
Thomas Patzke 51e9689425 Sigmatool release 0.15.0 0.15.0 2019-12-06 22:13:44 +01:00
Thomas Patzke 58d8512396 Merge pull request #553 from berggren/patch-1 
Add source distribution for PyPi when building
 2019-12-06 22:10:19 +01:00
Johan Berggren d8e1f56219 Add source distribution for PyPi when building 
Add sdist when building. This makes it easier to build packages from PyPi for example Debian PPA pkgs etc.
This will not affect anything else, just make the source distribution available in PyPi as a tar.gz archive.

If this gets merged, please bump the version and push to PyPi as well.
 2019-12-06 15:45:28 +01:00
Florian Roth e1244acf49 rule: fixed and extended bitsadmin rule 2019-12-06 13:39:04 +01:00
Florian Roth c1647ca4b7 Merge branch 'master' into devel 2019-12-06 13:38:29 +01:00
Florian Roth e91a79e707 Merge pull request #550 from refractionPOINT/lc-proxy-support 
LimaCharlie basic support for Proxy rule category.
 2019-12-06 08:20:14 +01:00
Florian Roth 6359223390 Merge pull request #551 from axi0m/patch-1 
Add hastebin raw URI to contains selection
 2019-12-06 08:19:44 +01:00
Kevin Dienst 865251238f Add hastebin raw URI to contains selection 2019-12-05 14:16:20 -06:00
Maxime Lamothe-Brassard 27bb07b74e Adding support for basic proxy rules using the HTTP_REQUEST events from the Chrome LC Agent. 2019-12-05 09:35:09 -08:00
Florian Roth ab2dd094a5 fix: fixed broken link in elise rule 2019-12-05 09:56:20 +01:00
Florian Roth 8e107f43a2 rule: raw paste service access 2019-12-05 08:54:49 +01:00
Thomas Patzke ad7d5d2a39 Added WMI login rule 2019-12-04 11:13:04 +01:00
Thomas Patzke e8c1c97f3e Added rule for failed code integrity checks 2019-12-03 15:08:26 +01:00
Thomas Patzke c47af5169c Increased SID history rule severity 2019-12-03 14:28:46 +01:00
Thomas Patzke 76578927e8 Added domain trust rule 2019-12-03 14:28:20 +01:00
Florian Roth c8e29da7ec fix: simplified rule with RE 2019-12-03 11:24:06 +01:00
Florian Roth fc09533f56 style: fixed title 2019-12-03 11:24:06 +01:00
yugoslavskiy 15cb1c42a9 Merge branch 'mrblacyk-oscd' into oscd 2019-12-02 02:57:07 +01:00
yugoslavskiy edad1695f6 Merge branch 'oscd' of https://github.com/mrblacyk/sigma into mrblacyk-oscd 2019-12-02 02:56:53 +01:00
yugoslavskiy 48a94d1609 Update lnx_dd_delete_file.yml 2019-12-02 02:54:48 +01:00
yugoslavskiy ca1c2f4436 Update lnx_chattr_immutable_removal.yml 2019-12-02 02:54:32 +01:00
yugoslavskiy 9e90335a5a Update lnx_pers_systemd_reload.yml 2019-12-02 02:54:13 +01:00
yugoslavskiy 46ca68436e Update lnx_file_or_folder_permissions.yml 2019-12-02 02:53:35 +01:00
yugoslavskiy 1273a10dcb add win_new_service_creation.yml 2019-12-02 01:19:54 +01:00
yugoslavskiy 9fba097421 add sysmon_in_memory_powershell.yml by Tom Kern 2019-12-01 23:26:00 +01:00
booberry46 df162b232f Update win_malware_emotet.yml 2019-11-30 13:17:44 +08:00
Thomas Patzke 98be3ce069 Fixed changelog (missing title) 2019-11-30 00:34:17 +01:00
mrblacyk 9d0889def4 Adding auditd compatibility 2019-11-29 09:34:08 +01:00
mrblacyk cafbb25d2e Update lnx_file_or_folder_permissions.yml 2019-11-29 09:33:04 +01:00
mrblacyk bf5e6cc56b Adding auditd compatibility 2019-11-29 09:32:05 +01:00
mrblacyk a15c84eb80 Adding auditd compatibility 2019-11-29 09:27:31 +01:00
Yugoslavskiy Daniil 71e588cae1 add apt silence rules by Group-IB 2019-11-28 21:15:55 +01:00