security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
10,511 Commits 1 Branch 57 Tags
e91fc4486e57fc40e30d12253694de4c80a9e4ea
Commit Graph

10511 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Florian Roth a3cb051381 Merge branch 'master' into rule-devel 2022-03-08 08:42:08 +01:00
Florian Roth f6d5c1645b fix: unused filter 
https://github.com/SigmaHQ/sigma/commit/df48b60cb47e9ca868ae4e7703f227500b6ad5da#commitcomment-68196360
 2022-03-08 08:41:53 +01:00
Bhabesh f8593638a8 Fixing name to HermeticWizard 2022-03-08 10:44:43 +05:45
Bhabesh 63dd632af9 Added HermeticWiper IoC for Suspicious Call by Ordinal 2022-03-08 10:42:37 +05:45
frack113 143f5fe4e2 Fix yml 2022-03-07 19:37:33 +01:00
Florian Roth 6b3fc11a48 Merge pull request #2783 from SigmaHQ/rule-devel 
fix: adjusted rules that use utf16le, extended others
 2022-03-07 19:25:58 +01:00
frack113 f9c0e21323 Refactor regex 2022-03-07 19:08:30 +01:00
Florian Roth 9824a9c0d5 Merge branch 'master' into rule-devel 2022-03-07 18:30:21 +01:00
Florian Roth 979d25ed67 fix: casing in thor config 2022-03-07 18:18:57 +01:00
Florian Roth eebd0439e8 Merge pull request #2782 from phantinuss/master 
Increase Rule status
 2022-03-07 18:15:04 +01:00
Florian Roth 5befed1fac fix: adjusted rules that use utf16le, extended others 2022-03-07 18:14:29 +01:00
Florian Roth 87f08c32f8 Merge pull request #2781 from SigmaHQ/rule-devel 
Imphash rule adjustments
 2022-03-07 18:01:49 +01:00
phantinuss 48922db480 chore: increase rule status 2022-03-07 17:11:00 +01:00
phantinuss b10892129b docs: known FP, but has to be checked if action was legitimately issued 2022-03-07 17:11:00 +01:00
phantinuss b986a99be1 fix: FPs 2022-03-07 17:11:00 +01:00
phantinuss 3925d0c6c6 chore: increase rule status 2022-03-07 17:10:59 +01:00
phantinuss a4adfe96bd chore: increase status to stable 2022-03-07 17:10:59 +01:00
Florian Roth 202f9db55d fix: issue with contains 2022-03-07 16:43:06 +01:00
Florian Roth cb60813067 Merge pull request #2780 from SigmaHQ/aurora-false-positive-fixing 
Aurora false positive fixing
 2022-03-07 16:41:17 +01:00
Florian Roth 73db2dbafa fix: a 2nd "contains" error 2022-03-07 16:03:17 +01:00
Florian Roth e113943cb6 fix: bug in rule with combined "contains|endswith" 2022-03-07 15:48:25 +01:00
Florian Roth b8d586d83e fix: FPs noticed with VSCode 2022-03-07 15:41:00 +01:00
Florian Roth 9cc77ce817 Merge branch 'master' into aurora-false-positive-fixing 2022-03-07 15:40:42 +01:00
Florian Roth c93fd80482 Merge branch 'master' into rule-devel 2022-03-07 15:38:58 +01:00
Florian Roth 0d083039ab refactor: new PPLDump imphashes 2022-03-07 15:38:53 +01:00
Florian Roth b71417e807 refactor: more exact imphash matching 2022-03-07 12:03:32 +01:00
Florian Roth 91ab32aa48 Merge pull request #2778 from frack113/refactor_regex 
Refactor regex
 2022-03-06 22:39:56 +01:00
frack113 5d4035ea05 Fix contains 2022-03-06 20:50:19 +01:00
frack113 4db5798dd0 fix error 2022-03-06 20:43:34 +01:00
frack113 67189b6e51 refactor regex 2022-03-06 20:40:21 +01:00
frack113 793bf99c85 refactor regex 2022-03-06 20:15:32 +01:00
Florian Roth 97744dc9eb Merge pull request #2777 from frack113/regex_clean 
refactor: regex
 2022-03-06 17:54:51 +01:00
Florian Roth 1b0c7cc3b9 Merge pull request #2776 from frack113/lolbas 
Add lolbas rules
 2022-03-06 17:54:18 +01:00
frack113 18bb388574 refactor: regex 2022-03-06 13:38:47 +01:00
frack113 d7b73be2c7 Add Missing CurrentDirectory filter 2022-03-06 13:22:30 +01:00
frack113 cb7a776623 Add lolbas rules 2022-03-06 12:10:51 +01:00
Florian Roth 5571938ac0 Merge pull request #2775 from SigmaHQ/rule-devel 
fix: missing escaped backslashes, rule: ntdll redirect
 2022-03-06 10:40:15 +01:00
Florian Roth a30ee0b37d Merge branch 'master' into rule-devel 2022-03-05 12:39:13 +01:00
Florian Roth a2031b7898 fix: condition with 1 of them 2022-03-05 12:39:04 +01:00
Florian Roth 2e2f4fbae5 Merge pull request #2773 from frack113/win11_office 
Office Installation FP
 2022-03-05 12:33:36 +01:00
Florian Roth f79dcd9e11 Merge pull request #2774 from frack113/splunk_win 
Add missing WinEventLog prefix
 2022-03-05 12:33:22 +01:00
Florian Roth f07e1bb6f1 refactor: cobaltstrike beacon imphashes 2022-03-05 12:33:06 +01:00
frack113 87a0bed0ec Add missing WinEventLog prefix 2022-03-05 11:35:49 +01:00
Florian Roth a6ed1a3fb8 fix: missing level 2022-03-05 11:24:46 +01:00
Florian Roth 335ed24751 fix: wrong channel prefix 2022-03-05 11:21:00 +01:00
frack113 b4de144862 Office Installation FP 2022-03-05 11:09:27 +01:00
Florian Roth f3518f2521 rule: ntdll type redirect 2022-03-05 10:39:33 +01:00
Florian Roth ec62ec6bbb fix: values missed escaping 2022-03-05 10:39:15 +01:00
Florian Roth 9595cef06e Merge pull request #2771 from SigmaHQ/rule-devel 
Multiple adjustments in different rules
 2022-03-05 09:57:12 +01:00
frack113 36e471dae6 Merge pull request #2767 from d4rk-d4nph3/master 
Added rule for Gamaredon UltraVNC Execution
 2022-03-04 20:59:35 +01:00