blue-team-tools

Author	SHA1	Message	Date
Thomas Patzke	ff7128209e	Adjusted level	2019-06-20 00:03:48 +02:00
Thomas Patzke	5aecb6a5af	Merge branch 'mgreen27-master'	2019-06-20 00:02:57 +02:00
Thomas Patzke	0f8849a652	Rule fixes * tagging * removed spaces * converted to generic log source * typos/case	2019-06-20 00:01:56 +02:00
Thomas Patzke	f4c86f15b8	Merge branch 'master' of https://github.com/mgreen27/sigma into mgreen27-master	2019-06-19 23:49:20 +02:00
Thomas Patzke	429c29ed5a	Merge pull request #363 from yugoslavskiy/win_kernel_and_3rd_party_drivers_exploits_token_stealing rule added: Windows Kernel and 3rd-party drivers exploits. Token stea…	2019-06-19 23:43:10 +02:00
Thomas Patzke	f4da0c5540	Added field SecurityID to Winlogbeat config	2019-06-19 23:35:50 +02:00
Thomas Patzke	960cd69d50	Merge branch 'patch-4' of https://github.com/dvas0004/sigma into dvas0004-patch-4	2019-06-19 23:34:25 +02:00
Thomas Patzke	f271685f59	Merge pull request #372 from dvas0004/patch-2 Addition of KeyLength field	2019-06-19 23:28:31 +02:00
Thomas Patzke	e4e8ebbf95	Merge pull request #368 from JayPowerUser/web-source-code-enumeration Web Source Code Enumeration via .git	2019-06-19 23:27:37 +02:00
Thomas Patzke	dbbc1751ef	Converted rule to generic log source	2019-06-19 23:25:25 +02:00
Thomas Patzke	d14f5c3436	Merge pull request #371 from savvyspoon/issue285 CAR tagging	2019-06-19 23:21:43 +02:00
Thomas Patzke	d82df83ef1	Merge pull request #369 from TareqAlKhatib/refactors Refactors	2019-06-19 23:16:19 +02:00
Florian Roth	a47ec859a8	List for field 'AllowedToDelegateTo'	2019-06-19 08:20:41 +02:00
Thomas Patzke	84c7320849	Merge pull request #370 from SherifEldeeb/patch-1 Add detection for recent Mimikatz versions	2019-06-16 12:50:42 +02:00
mgreen27	07e2ee474c	sigma/Add sysmon_renamed_binary	2019-06-15 20:20:52 +10:00
mgreen27	1d26708887	sigma/Add sysmon_renamed_binary	2019-06-15 20:19:35 +10:00
David Vassallo	d7443d71a4	Create win_pass_the_hash_2.yml alternative detection methods	2019-06-14 18:08:36 +03:00
David Vassallo	fdce7ad9bf	Addition of KeyLength field	2019-06-14 17:58:47 +03:00
Michael Wade	f70549ec54	First Pass	2019-06-13 23:15:38 -05:00
Sherif Eldeeb	2d22a3fe02	Add detection for recent Mimikatz versions GrantedAccess is 0x1010 not 0x1410 in recent versions of mimikatz. This modification should address both	2019-06-12 12:13:31 +03:00
Thomas Patzke	a23f15d42b	Converted rule to generic log source	2019-06-11 13:20:15 +02:00
Thomas Patzke	5715413da9	Usage of Channel field name in ELK Windows config	2019-06-11 13:15:43 +02:00
John Tuckner	3529b717cb	fixed backend errors in ala	2019-06-10 09:25:59 -05:00
Tareq AlKhatib	d61a971874	Minor refactors	2019-06-10 09:55:52 +03:00
Tareq AlKhatib	3bcfc53905	Corrected Typo	2019-06-10 09:54:37 +03:00
Tareq AlKhatib	fce2a45dac	Corrected Typo	2019-06-10 09:51:34 +03:00
James Ahearn	eae7e3ab10	Web Source Code Enumeration via .git	2019-06-08 22:40:28 -04:00
Thomas Patzke	407d8214f7	Added APT40 Dropbox exfiltration proxy rule	2019-06-07 14:03:41 +02:00
David Vassallo	41f5ebc403	Update win_alert_ad_user_backdoors.yml the original rule generates false positives if the "AllowedToDelegateTo" is set to "-". This seems to be a common occurrence, hence my proposed addition	2019-06-07 13:29:45 +03:00
Unknown	7b0ecde334	Renamed jusched https://www.bitdefender.com/files/News/CaseStudies/study/262/Bitdefender-WhitePaper-An-APT-Blueprint-Gaining-New-Visibility-into-Financial-Threats-interactive.pdf	2019-06-06 14:03:02 +02:00
Unknown	5037f7bf54	Merge remote-tracking branch 'sigma/development' into development	2019-06-06 13:45:25 +02:00
t0x1c-1	7b9a73fb1f	Improved Rule Removed complex CommandLine	2019-06-06 13:45:21 +02:00
yugoslavskiy	5827165c2d	event id deleted	2019-06-03 15:51:54 +02:00
yugoslavskiy	cf947e3720	changed to process_creation category	2019-06-03 15:47:24 +02:00
yugoslavskiy	6a39b4fb41	date added	2019-06-03 15:42:02 +02:00
yugoslavskiy	10db09c596	rule added: Windows Kernel and 3rd-party drivers exploits. Token stealing	2019-06-03 15:37:41 +02:00
Florian Roth	a0c9f1594e	Rule: renamed file - name was too generic	2019-06-02 10:57:44 +02:00
Florian Roth	491c519d1f	Rule: added wmic SHADOWCOPY DELETE	2019-06-02 10:56:13 +02:00
Florian Roth	80560dc12f	Rule: Scanner PoC for CVE-2019-0708 RDP RCE vuln	2019-06-02 09:52:18 +02:00
Florian Roth	5e7ae0590c	Rule: Split up WanaCry rule into two separate rules	2019-06-02 09:52:18 +02:00
Florian Roth	df35d70ab1	Merge pull request #361 from neu5ron/patch-4 update correct process name	2019-06-01 20:51:55 +02:00
Nate Guagenti	2163208e9c	update correct process name incorrect process name. accidentally had fsutil, should be bcdedit. thanks to https://twitter.com/INIT_3 for pointing this out	2019-06-01 09:50:50 -04:00
Thomas Patzke	8a0f706cca	Merge branch 'master' of https://github.com/Neo23x0/sigma	2019-05-30 23:24:37 +02:00
Thomas Patzke	1986bcb843	Sigma tools release 0.11 0.11	2019-05-30 22:56:38 +02:00
Thomas Patzke	4e96666c04	Merge pull request #336 from petermat/added_rule_T1156 added rule .bash_profile and .bashrc T1156	2019-05-30 22:43:33 +02:00
Thomas Patzke	673973e523	Merge pull request #357 from agix/es_dsl_bug fix missing condition when unique plus timeframe	2019-05-30 22:42:09 +02:00
Thomas Patzke	fa0aaa7d2b	Merge branch 'agix-elastalert_dsl_backend'	2019-05-30 22:38:41 +02:00
Thomas Patzke	67707b6c82	Added test for new elastalert-dsl backend	2019-05-30 22:38:12 +02:00
Thomas Patzke	8023011bb1	Merge branch 'elastalert_dsl_backend' of https://github.com/agix/sigma into agix-elastalert_dsl_backend	2019-05-30 22:33:57 +02:00
Florian GAULTIER	89c1d7b63d	Wrong fix, self.queries should be emptied after copied to rule_object	2019-05-29 16:10:14 +02:00

... 174 175 176 177 178 ...

10511 Commits