security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
13,001 Commits 1 Branch 57 Tags
e9ed7d05e1e925a89fc0c8bcbbbeaca4dcbb88dd
Commit Graph

393 Commits

Author SHA1 Message Date
Florian Roth 27ca37ce8f refactor: add extension 2022-10-04 12:29:48 +02:00
Florian Roth 6088654ec9 docs: added ATT&CK tags 2022-10-04 11:50:45 +02:00
Florian Roth 53aa6295c2 rule: suspicious file drop by Exchange 2022-10-04 11:45:39 +02:00
Florian Roth 626a362e8f fix: missing condition 2022-10-01 16:09:53 +02:00
Florian Roth 65f531fb30 rule: Exchange Exploitation 2022-10-01 16:08:27 +02:00
Florian Roth ea25382110 increased level 2022-09-28 13:26:23 +02:00
Nasreddine Bencherchali b71644d0c8 New rules + small mitre update 2022-09-28 11:52:07 +02:00
nasreddine.bencherchali@nextron-systems.com 27d08a2eb9 Merge branch 'nasbench-rule-devel' of https://github.com/nasbench/sigma into nasbench-rule-devel 2022-09-27 12:09:37 +02:00
Florian Roth be265d06ed fix: casing of field 2022-09-27 11:51:48 +02:00
Florian Roth 43d9f3a13b Merge branch 'master' into rule-devel 2022-09-27 10:29:03 +02:00
nasreddine.bencherchali@nextron-systems.com a66ba61712 Fix small typos 2022-09-27 10:27:21 +02:00
Florian Roth df60f30cc1 Update file_event_win_cred_dump_tools_dropped_files.yml 2022-09-27 00:21:09 +02:00
phantinuss b7f20b884c fix: FPs from new evtx-baseline 2022-09-21 13:51:19 +02:00
Nasreddine Bencherchali 59530f49d4 Fix more FP in testing 2022-09-21 11:53:39 +02:00
Nasreddine Bencherchali 2f7a54cc31 Fix FP 2022-09-20 11:20:33 +02:00
Florian Roth cab32f2be4 Merge pull request #3510 from SigmaHQ/aurora-false-positive-fixing 
Windows 2022 false positive fixing
 2022-09-18 16:50:34 +02:00
Florian Roth 6161fb91b3 fix: typo in modifier 2022-09-18 16:33:49 +02:00
Florian Roth bf660b2de2 fix: FPs (testing, and Windows 2022 test system) 2022-09-18 16:21:05 +02:00
tr0mb1r 8b60317e2e Microsoft Teams Suspicious ObjectAccess events (#3500) 2022-09-17 08:47:35 +02:00
Florian Roth 9f62270aff refactor: add dumpy tool 2022-09-13 13:38:44 +02:00
Florian Roth 9ed14ce571 tightened the regular expression 2022-09-10 09:34:16 +02:00
Nasreddine Bencherchali dd67c4fd73 Dev 2022-09-08 22:50:57 +02:00
Nasreddine Bencherchali 15713918cd Rename 2022-09-08 10:26:23 +02:00
frack113 6813043323 Merge pull request #3468 from nasbench/nasbench-rule-devel 
Rule Devel
 2022-09-08 06:29:36 +02:00
Nasreddine Bencherchali c6dc31fb48 Remove duplicate casing 
Removed cased names as SIGMA is case insensitive and the logs should searched case insensitively
 2022-09-07 14:07:04 +02:00
Florian Roth d8d5ec09f2 Merge pull request #3463 from frack113/folder_exe 
Add file_event_win_susp_executable_creation
 2022-09-06 10:35:41 +02:00
Florian Roth 65cc3b2dc8 Update file_event_win_susp_executable_creation.yml 2022-09-06 09:17:35 +02:00
frack113 26923f2d83 Add file_event_win_susp_executable_creation 2022-09-05 18:48:40 +02:00
David ANDRE 0b0190ccb1 Added quotes to strings 2022-09-01 15:22:26 +02:00
Wagga 9db9d25b68 Update file_event_win_susp_winword_startup.yml 2022-08-29 20:16:41 +02:00
Wagga 6c42bfb64b Update file_event_win_powershell_startup_shortcuts.yml 2022-08-29 20:15:54 +02:00
Wagga 8dbeedf728 Update file_event_win_powershell_startup_shortcuts.yml 2022-08-29 20:14:47 +02:00
Florian Roth 61657f50e6 Update file_event_win_msdt_autorun.yml 2022-08-25 08:38:43 +02:00
Vadim Varganov 4a8d4041ee Update file_event_win_msdt_autorun.yml 2022-08-25 09:25:30 +03:00
vadim 1c536e0698 Add new rules for detection msdt.exe create file to autorun 2022-08-24 22:18:13 +03:00
frack113 f324148291 Merge pull request #3424 from nasbench/nasbench-rule-devel 
Rule Dev - Update + New Rules
 2022-08-24 19:59:08 +02:00
Nasreddine Bencherchali 728a7ccb66 Fix after review 2022-08-24 18:35:23 +01:00
Tim Shelton e310bda6ad FP: sentinel one performs this 2022-08-24 15:34:36 +00:00
Nasreddine Bencherchali be2ec96dc2 Update file_event_win_susp_vscode_powershell_profile.yml 2022-08-24 12:29:54 +01:00
Nasreddine Bencherchali 918cf94c1b Add + Rename 2022-08-24 12:29:35 +01:00
Nasreddine Bencherchali 10c5b51c5f Update file_event_win_susp_powershell_profile_create.yml 2022-08-24 12:23:20 +01:00
Nasreddine Bencherchali 9f02e37dfa Update 2022-08-24 12:23:00 +01:00
frack113 7248c4e6b7 Merge pull request #3415 from nasbench/nasbench-rule-devel 
Rule Dev (Update + New Rules)
 2022-08-23 06:28:51 +02:00
Florian Roth 4f815501fd fix: UUIDs 2022-08-22 20:30:15 +02:00
Florian Roth 40a802889b fix: typo 2022-08-22 20:22:31 +02:00
Florian Roth 9f38bce2ca refactor: refactored to 3 rules 2022-08-22 20:20:57 +02:00
Florian Roth 60512d7749 Update file_event_proxy_dropping_executable.yml 2022-08-22 20:13:37 +02:00
Florian Roth 848162172a Update file_event_proxy_dropping_executable.yml 2022-08-22 19:49:17 +02:00
Florian Roth bb7539ea56 Update file_event_proxy_dropping_executable.yml 2022-08-22 19:48:52 +02:00
Florian Roth 69f6993ed7 Update file_event_proxy_dropping_executable.yml 2022-08-22 19:48:14 +02:00