security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
10,511 Commits 1 Branch 57 Tags
e91fc4486e57fc40e30d12253694de4c80a9e4ea
Commit Graph

10511 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Florian Roth 825bf41f51 rules: susp schtasks creation 2022-02-23 23:25:20 +01:00
Florian Roth 9561e155ed docs: changed title 2022-02-23 23:25:06 +01:00
Florian Roth fd69e8abeb Merge pull request #2734 from frack113/fix_winlog 
winlogbeat-modules-enabled fix channel
 2022-02-23 20:29:02 +01:00
Florian Roth 2c631b8c4f Merge pull request #2732 from phantinuss/checkbaseline 
new test: bash script for local baseline check
 2022-02-23 20:28:41 +01:00
Florian Roth 0005509c11 Merge pull request #2733 from phantinuss/master 
fix: FPs
 2022-02-23 20:27:49 +01:00
frack113 d3dff083f2 fix channel 2022-02-23 17:50:23 +01:00
Florian Roth 4b7e8feebe Merge pull request #2731 from SigmaHQ/rule-devel 
refactor: ncat rule, rule: explorer NOUACCHECK
 2022-02-23 17:31:08 +01:00
phantinuss 8212b1a2ad fix: FP 2022-02-23 17:18:53 +01:00
phantinuss c69ae6e291 new test: bash script for local baseline check 
only supports Linux and MacOS
 2022-02-23 16:09:14 +01:00
Florian Roth f05f615b0d rule: explorer NOUACCHECK flag 2022-02-23 15:47:44 +01:00
Florian Roth d0c2aead9e refactor: improved ncat rule 2022-02-23 15:18:52 +01:00
phantinuss 329b5aa0eb fix: reduce level, many legitimate usages expected 2022-02-23 14:13:12 +01:00
Florian Roth a2c1840685 Merge pull request #2729 from humpalum/patch-3 
fix: Set rule to medium due to too many filters
 2022-02-23 13:59:30 +01:00
Florian Roth 8ebfa48087 Merge pull request #2730 from SigmaHQ/rule-devel 
Rule adjustments: Office Spawn Filter, PowerShell flag rule extended
 2022-02-23 13:59:18 +01:00
Florian Roth 22e975334c refactor: extended powershell cmdline flag rule 2022-02-23 12:52:38 +01:00
Florian Roth 68d93fcc98 Merge branch 'master' into rule-devel 2022-02-23 11:19:33 +01:00
Florian Roth 122b7029cb Merge branch 'rule-devel' of https://github.com/SigmaHQ/sigma into rule-devel 2022-02-23 11:19:21 +01:00
Florian Roth eefaa17599 fix: Office Shell rule - Outlook Print attachment 2022-02-23 11:19:17 +01:00
Tobias Michalski 15c61b42bf fix: Set rule to medium due to too many filters 2022-02-23 11:03:23 +01:00
Florian Roth bebfe4bfcf Merge pull request #2728 from SigmaHQ/rule-devel 
docs: title changed
 2022-02-23 10:27:41 +01:00
Florian Roth a5955730bd docs: title changed 2022-02-22 19:10:20 +01:00
Florian Roth 86892c8f89 Merge pull request #2726 from rafaelszt/master 
Adds root folder monitoring for bash configs
 2022-02-22 17:33:21 +01:00
Florian Roth 41d5b87839 Merge pull request #2722 from SigmaHQ/rule-devel 
New rules and FP fixes
 2022-02-22 17:33:05 +01:00
Florian Roth d3d6771599 Merge pull request #2725 from phantinuss/checkbaseline 
Workflow: Overview of matching rules and case insensitive FP filtering
 2022-02-22 16:54:10 +01:00
Florian Roth 738e77e239 fix: issues with installer 2022-02-22 16:52:53 +01:00
Rafael Teixeira 09aa506059 Updated modified date 2022-02-22 12:48:41 -03:00
Florian Roth 24ece0c60a Merge branch 'master' into rule-devel 2022-02-22 16:33:51 +01:00
Florian Roth c54897e88f Merge pull request #2721 from SigmaHQ/aurora-false-positive-fixing 
Aurora false positive fixing
 2022-02-22 16:33:35 +01:00
phantinuss 41bd6f4945 workflow: exclude FPs case insensitively 2022-02-22 15:23:05 +01:00
phantinuss c0b0facc5b workflow: add overview over triggered rules at the end 2022-02-22 15:23:05 +01:00
Florian Roth b1ec01c289 fix: TiWorker.exe FW change 2022-02-22 13:58:21 +01:00
Florian Roth 70220eaced fix: last FPs 2022-02-22 13:53:28 +01:00
frack113 464686e0c5 add posh_pm_suspicious_reset_computermachinepassword 2022-02-22 13:44:51 +01:00
Florian Roth 679461082c Merge branch 'aurora-false-positive-fixing' of https://github.com/SigmaHQ/sigma into aurora-false-positive-fixing 2022-02-22 13:43:59 +01:00
Florian Roth b983330310 fix: more fixes 2022-02-22 13:42:39 +01:00
Florian Roth 7a2216c7be Merge branch 'master' into aurora-false-positive-fixing 2022-02-22 13:37:58 +01:00
Florian Roth 93a1e37dab fix: FP with new schtasks rule 2022-02-22 13:34:48 +01:00
Florian Roth cc9a5b4b07 fix: FPs with new rules 2022-02-22 13:32:34 +01:00
frack113 8bb3379b68 Normalization of rule names 2022-02-22 11:16:31 +01:00
frack113 c95336c7e0 Merge pull request #2723 from frack113/fix_test 
Set to low as too many FP
 2022-02-22 10:31:05 +01:00
frack113 af987fb1a0 Set to low as too many FP 2022-02-22 09:38:10 +01:00
Florian Roth ace8e705d9 Merge branch 'master' into aurora-false-positive-fixing 2022-02-22 09:21:36 +01:00
Florian Roth 8d9e16355b fix: FP in Office Shell rule with Outlook PhotoViewer 2022-02-22 09:17:33 +01:00
Florian Roth 06f6f6e7f0 Merge pull request #2720 from redsand/fp_backward_powershell 
Filter fp when commands are base64 encoded
 2022-02-22 08:59:49 +01:00
Florian Roth 118e28dbb6 Merge pull request #2708 from frack113/firewall_as 
Add firewall-as basic rules
 2022-02-22 08:54:00 +01:00
Florian Roth f2beff6bd5 Merge branch 'master' into aurora-false-positive-fixing 2022-02-22 08:53:05 +01:00
Florian Roth 11ebbb2503 Merge branch 'aurora-false-positive-fixing' of https://github.com/SigmaHQ/sigma into aurora-false-positive-fixing 2022-02-22 08:52:53 +01:00
Florian Roth 3a40ea79d3 fix: FPs noticed with Aurora 2022-02-22 08:52:51 +01:00
Tim Shelton 9461309687 Filter fp when commands are base64 encoded 2022-02-21 21:15:47 +00:00
Florian Roth c733e742e0 Merge pull request #2719 from SigmaHQ/aurora-false-positive-fixing 
fix: FPs noticed with Aurora
 2022-02-21 19:36:30 +01:00