security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,511 Commits 1 Branch 57 Tags
e91fc4486e57fc40e30d12253694de4c80a9e4ea
Commit Graph

10511 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Florian Roth b447e6338f rule: Export-PfxCertificate 2021-04-23 09:01:14 +02:00
Scoubi 23791664eb Rename win_Outlook_C2_Macro_Creation.yml to win_Outlook_C2_Registry_Key.yml 
Gave the wrong name to the file, this is the correct one.
 2021-04-21 08:45:15 -04:00
Scoubi 0b7ed7e690 Add a space 
There was a missing space in `-attack` changed for `- attack`
 2021-04-20 20:50:20 -04:00
Scoubi fadb889116 Create win_Outlook_C2_Macro_Creation.yml 
BEC is for Business Email Compromise (this can be changed)
 2021-04-20 20:38:20 -04:00
Scoubi 678ce5d528 Create win_Outlook_C2_Macro_Creation.yml 
Not 100% if this is the best place to put it.
 2021-04-20 20:34:19 -04:00
Bhabesh Rai dd391cd0b9 Added rule for Lazarus activity of Apr 2021 2021-04-20 20:05:51 +05:45
Florian Roth 1fea9a7c41 Merge pull request #1428 from defensivedepth/patch-3 
false positive - added Azure AD Connect
 2021-04-20 15:10:31 +02:00
Josh Brower dfc1218e6a false positive - added Azure AD Connect 2021-04-20 08:24:38 -04:00
Thomas Patzke 35e6e515ba Merge pull request #1414 from herrBez/fix-542-dsl-aggregation-without-aggfield 
Fix es-dsl aggregation generation when aggfield is not given
 2021-04-20 10:35:16 +02:00
Florian Roth 0bf2625393 Merge pull request #1421 from ZikyHD/patch_fireeye_helix_backend 
Fix SyntaxWarning for 'is' on fireeye-helix backend
 2021-04-20 09:07:10 +02:00
Florian Roth 68c59850af Merge pull request #1422 from ZikyHD/fix_lnx_system_info_discovery 
Fix invalid logsource on lnx_system_info_discovery rule
 2021-04-20 09:06:54 +02:00
Florian Roth 20c5356c9e Merge pull request #1424 from ZikyHD/fix_process_creation_dotnet 
Fix typo on CommandLine
 2021-04-20 09:06:38 +02:00
Florian Roth 0b9a7c14f3 Merge pull request #1426 from defensivedepth/patch-2 
Added MS Threat Docs for 4616 to references
 2021-04-20 09:06:23 +02:00
Josh Brower 2486a85a1f Added MS Threat Docs for 4616 to references 2021-04-19 08:15:42 -04:00
Florian Roth 7039209a7a Merge pull request #1425 from SigmaHQ/rule-devel 
refactor: tightened filter
 2021-04-19 11:32:02 +02:00
Florian Roth 53c6a7c54e refactor: tightened filter 2021-04-19 09:30:32 +02:00
Cedric Hien 1d6aec3c25 Fix typo on CommandLine 2021-04-19 08:20:44 +02:00
Cedric Hien bbdbab700d Fix invalid logsource on lnx_system_info_discovery rule 2021-04-17 12:57:30 +02:00
Cedric Hien 2ff27aa980 Fix SyntaxWarning for 'is' on fireeye-helix backend 2021-04-17 12:55:13 +02:00
Florian Roth 941d47bc28 Merge pull request #1416 from sycophantic/master 
Remove extra spaces
 2021-04-15 13:20:49 +02:00
Steven a8d8165541 Yet another syntax fix 2021-04-15 09:25:04 +02:00
Florian Roth e95daa07b0 Merge pull request #1419 from OTRF/master 
HybridConnectionMgr Service Activity
 2021-04-15 08:28:46 +02:00
Steven 8703d9f352 Remove another reference to hardcoded event ID 2021-04-15 03:07:18 +02:00
Steven 9f5e8a02a4 Fix parse errors 2021-04-15 02:46:41 +02:00
Steven 8301b9c221 Fix selection vs selection_1 in rule files 2021-04-15 02:41:04 +02:00
Steven cce8d945a0 Clean rule rules/windows/malware/win_mal_octopus_scanner.yml to use category 2021-04-15 02:30:41 +02:00
Steven a9f2a80b8c - Remove duplicate rule 
- Fix linux rule (categories -> category)
 2021-04-15 02:23:08 +02:00
Steven f57e1a2231 Delete .keep file 2021-04-15 02:17:36 +02:00
Steven 70b106ef52 Fix syntax error 2021-04-15 02:11:13 +02:00
Steven ecbd730dad Fix syntax errors in some rules 2021-04-15 02:07:43 +02:00
Steven d263b937b4 Clean-up service: sysmon as it will be replaced by filling the category 2021-04-15 02:02:25 +02:00
Steven 7b679cc1f7 - Modified rules to use categories instead of hardcoded event IDs 
- Added file_delete category (Sysmon Event ID 23) to the generic translation file
 2021-04-15 01:40:31 +02:00
Steven 850a002840 Merge branch 'master' of https://github.com/SigmaHQ/sigma 2021-04-15 01:25:48 +02:00
Roberto Rodriguez db0e969121 HybridConnectionMgr Service Activity 2021-04-12 16:26:15 -04:00
Florian Roth ce0111aa6a fix: FP with Proxy Execution via Wuauclt 2021-04-12 08:47:29 +02:00
Florian Roth 4abebd98d9 Merge pull request #1418 from SigmaHQ/rule-devel 
Fixing false positives with newest OSCD rules
 2021-04-09 17:26:02 +02:00
Florian Roth 897da252f1 fix: missing new line placeholder escape 2021-04-09 16:45:07 +02:00
Florian Roth 65a11dde52 fix: rules causing too many false positives 2021-04-09 15:55:14 +02:00
Thomas Patzke 08ca62cc88 Merge branch 'master' of https://github.com/SigmaHQ/sigma 2021-04-08 23:27:45 +02:00
Thomas Patzke 3fef2a10b8 Merge branch 'pr-1158' 2021-04-08 23:01:54 +02:00
sycophantic 86b9652086 Remove extra spaces 2021-04-08 13:57:21 -04:00
Thomas Patzke a10db2df89 Fixes&improvements 2021-04-08 01:06:40 +02:00
Florian Roth 00f01ea57f Merge branch 'master' into rule-devel 2021-04-07 21:17:51 +02:00
Florian Roth 99b39bb271 Merge pull request #1415 from vburov/patch-17 
Update win_hack_rubeus.yml
 2021-04-07 14:13:59 +02:00
Vasiliy Burov e73e27e44f Update win_hack_rubeus.yml 
Added commandline parameters for constrained delegation abuse and for hashes calculation
 2021-04-06 20:18:54 +03:00
herrBez 3b30a91185 Fix es-dsl aggregation generation when aggfield is not given 
Related to #542 and #543
 2021-04-06 16:41:46 +02:00
Thomas Patzke 121c833241 Merge pull request #1031 from abhikhnvasara/master 
Update target list in readme page
 2021-04-06 00:58:48 +02:00
Thomas Patzke 21e0fde61b Merge branch 'master' into master 2021-04-06 00:58:13 +02:00
Thomas Patzke 5118be6bf6 Merge pull request #1407 from JohnConnorRF/winlogbeat_config_update 
Update winlogbeat configuration file to support File Product details
 2021-04-06 00:51:27 +02:00
Thomas Patzke 82fd5ca233 Merge pull request #1408 from roysjosh/es-rule-threshold 
Implement Elastic threshold detection rules
 2021-04-06 00:50:50 +02:00