security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,511 Commits 1 Branch 57 Tags
e91fc4486e57fc40e30d12253694de4c80a9e4ea
Commit Graph

10511 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
RRRabbit becfca6b41 Added Atomic Blue Detections Repo 2019-10-28 11:59:49 +01:00
Teimur Kheirkhabarov 59c6250282 Delete rules/windows/.DS_Store 2019-10-28 09:38:17 +03:00
Teimur Kheirkhabarov 2fb40acfe6 Fix mistake in possible_privilege_escalation_via_service_registry_permissions_weakness 2019-10-28 09:30:26 +03:00
Teimur Kheirkhabarov 32b0a3987e Several mistakes were fixed 2019-10-28 08:43:58 +03:00
Teimur Kheirkhabarov 3125b39239 Change incorrect MITRE Tags for some rules 2019-10-28 07:56:15 +03:00
zinint d1cf80d9b6 Update lnx_auditd_user_discovery.yml 2019-10-28 00:00:06 +03:00
zinint 68b4541274 t1033 2019-10-27 23:59:16 +03:00
Maxime Lamothe-Brassard a7003c2aa3 Adding support for "unix", looking like a mistake by the creator. 2019-10-27 15:55:12 -05:00
zinint 87c8326133 T1033 2019-10-27 23:49:07 +03:00
Maxime Lamothe-Brassard d019cef439 Ading a bit more of early support for netflow and some linux exe. 2019-10-27 15:48:28 -05:00
Maxime Lamothe-Brassard a57a7b58cf Added conceptial support for aliasing keyworkds to a specific field depending on the log source. 2019-10-27 15:28:54 -05:00
zinint 55eaae1cea Rename win_app_windows_descovery.yml to win_app_windows_discovery.yml 2019-10-27 23:15:10 +03:00
zinint 93b867024c T1012 2019-10-27 23:13:03 +03:00
Teimur Kheirkhabarov fde949174d OSCD Task 1 - Privilege Escalation 2019-10-27 20:54:07 +03:00
Maxime Lamothe-Brassard 60b20a76a6 Fixing handling of unsupported sources. 2019-10-27 12:37:06 -05:00
Maxime Lamothe-Brassard 0fe72d6133 Emit error on full-text searches not being supported. 2019-10-27 12:26:36 -05:00
Maxime Lamothe-Brassard f43300af8e Fix the top level pre-condition for Windows Event Logs on LC. 2019-10-27 12:17:15 -05:00
Maxime Lamothe-Brassard 91e48d8c1b Adding setup links and fixing test that would crash Not node, but not seen in prod rules. 2019-10-27 11:56:32 -05:00
Mikhail Larin 1f6aec8060 removed unsupported rule from oscd branch 2019-10-27 15:33:38 +03:00
4A616D6573 ca819d8707 Update win_susp_net_execution.yml 
Updated tags to pass Travis CI checks.
 2019-10-27 14:06:52 +11:00
Maxime Lamothe-Brassard 8d866b0868 Adding comments. 2019-10-26 17:37:13 -05:00
Maxime Lamothe-Brassard bc5e9bd03a Making rule output a full D&R (with the Response component) and includes a lot of metadata from the rule in the report. 2019-10-26 17:30:40 -05:00
Maxime Lamothe-Brassard 8cc3990aef Extending support for more random rules with odd names. 2019-10-26 16:59:33 -05:00
Maxime Lamothe-Brassard 4d65b62063 Adding support for generating rules for Windows builtin category for use in the External Logs of LC. 2019-10-26 16:30:50 -05:00
Maxime Lamothe-Brassard 30cc7ee809 Refactor mappings into a flat structure to account for missing parameters in some combinations. 2019-10-26 16:09:39 -05:00
Maxime Lamothe-Brassard 77329714c5 Adding service to indirection of mappings since it will be used for Windows Event Logs. 2019-10-26 16:06:42 -05:00
Maxime Lamothe-Brassard 823d86c7d9 Remove unimplemented config entries and fix bug with valueNode. 2019-10-26 15:54:08 -05:00
Maxime Lamothe-Brassard bba43c7a86 First draft of support for LimaCharlie D&R rules. 2019-10-26 15:45:48 -05:00
root 717e40e8ed modified win_susp_dxcap.yml 2019-10-26 20:27:32 +02:00
root 9bf0150100 modified win_susp_dnx.yml 2019-10-26 20:20:21 +02:00
root 3b70f2edd6 modified win_susp_dnx.yml 2019-10-26 20:16:40 +02:00
root 3528afeef7 modified win_susp_dnx.yml 2019-10-26 20:13:53 +02:00
root 1dca0456ee modified win_susp_dxcap.yml 2019-10-26 20:09:25 +02:00
root cbe0d73ce8 add win_susp_dxcap.yml 2019-10-26 20:06:02 +02:00
root aaf63d2238 add win_susp_dxcap.yml 2019-10-26 20:02:25 +02:00
root 0616c2c39d add win_susp_dnx.yml 2019-10-26 19:58:45 +02:00
root ee21888e67 add win_susp_cdb.yml 2019-10-26 19:49:45 +02:00
booberry46 b7fe52133d Update win_defender_bypass.yml 2019-10-27 00:07:56 +08:00
booberry46 3f1fc9a507 Add files via upload 2019-10-27 00:06:49 +08:00
Florian Roth 66a32549f1 rule: proxy malware ua - Zebrocy 2019-10-26 14:20:29 +02:00
Florian Roth 42808b7eb8 rule: webshell detection improved 2019-10-26 09:14:54 +02:00
root 844d55c781 add win_susp_bginfo.yml 2019-10-26 08:18:37 +02:00
root 5bb5938e86 add win_susp_bginfo.yml 2019-10-26 08:16:08 +02:00
root 01c4c7cdbd modifed win_susp_msoffice.yml 2019-10-26 08:11:09 +02:00
root bea2daac45 modifed win_susp_msoffice.yml 2019-10-26 07:55:44 +02:00
root fc7f8ecea3 add win_susp_msoffice.yml 2019-10-26 07:48:38 +02:00
root 611c193826 modifed win_susp_odbcconf.yml 2019-10-26 07:45:53 +02:00
Thomas Patzke 30948b9c1a Added sigma-similarity tool 
Fixed also bug in backend base class that was triggered by the way
backends are used by this tool.
 2019-10-25 21:59:03 +02:00
root aa9a22e662 add win_susp_odbcconf.yml 2019-10-25 19:02:17 +02:00
alexpetrov12 8c2b7e9f85 fix 2019-10-25 18:30:40 +03:00