security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
13,001 Commits 1 Branch 57 Tags
e9ed7d05e1e925a89fc0c8bcbbbeaca4dcbb88dd
Commit Graph

199 Commits

Author SHA1 Message Date
Florian Roth 14fdf75ab5 fix: FPs noticed with THOR 2022-09-29 13:51:09 +02:00
Florian Roth 5b5c261c98 Merge branch 'master' into aurora-false-positive-fixing 2022-09-29 13:41:25 +02:00
Florian Roth c31fe50f4d fix: FPs noticed in THOR testing 2022-09-29 13:41:20 +02:00
Nasreddine Bencherchali cdd9aff032 Fix FP 2022-09-29 11:20:08 +02:00
frack113 a9dd6f7ff0 Add registry_set_change_winevt_channelaccess (#3505) 2022-09-28 09:53:46 +02:00
phantinuss cc5cda0a22 fix: needs to be contains now 2022-09-21 14:10:50 +02:00
phantinuss b7f20b884c fix: FPs from new evtx-baseline 2022-09-21 13:51:19 +02:00
phantinuss 4f6d4b7c80 fix: FP in testing environment 2022-09-21 13:45:26 +02:00
Nasreddine Bencherchali 59530f49d4 Fix more FP in testing 2022-09-21 11:53:39 +02:00
frack113 90937933dd Merge pull request #3512 from phantinuss/master 
fix: FP found in testing environment
 2022-09-21 06:25:33 +02:00
Nasreddine Bencherchali 2f7a54cc31 Fix FP 2022-09-20 11:20:33 +02:00
phantinuss a36724ffdf fix: FP found in testing environment 2022-09-19 15:28:05 +02:00
Florian Roth 959585fe33 Merge pull request #3511 from SigmaHQ/aurora-false-positive-fixing 
fix: FP with VBScript in registry key rule
 2022-09-19 09:57:23 +02:00
Florian Roth 2a94527714 fix: FP with VBScript in registry key rule 2022-09-19 09:23:15 +02:00
Florian Roth cab32f2be4 Merge pull request #3510 from SigmaHQ/aurora-false-positive-fixing 
Windows 2022 false positive fixing
 2022-09-18 16:50:34 +02:00
Florian Roth b052302ac0 fix: syntax error 2022-09-18 16:24:07 +02:00
Florian Roth bf660b2de2 fix: FPs (testing, and Windows 2022 test system) 2022-09-18 16:21:05 +02:00
phantinuss bde1335005 fix: FP with .NET ngen on test system 2022-09-16 16:40:40 +02:00
Nasreddine Bencherchali fb44c6fa87 Update meta info 2022-09-13 22:14:45 +02:00
Nasreddine Bencherchali 8a504bee9e Add %tmp% env variable 2022-09-13 10:49:14 +02:00
nasreddine.bencherchali@nextron-systems.com 70f9ff61ca Big Update 2022-09-09 15:02:31 +02:00
Nasreddine Bencherchali baf603bb5c Fix FP in testing 2022-09-08 10:24:27 +02:00
frack113 6813043323 Merge pull request #3468 from nasbench/nasbench-rule-devel 
Rule Devel
 2022-09-08 06:29:36 +02:00
Nasreddine Bencherchali dc90e08f3e More updates 2022-09-07 12:02:09 +02:00
phantinuss 513922de9c fix: new FP with Onedrive 2022-09-06 16:53:53 +02:00
Florian Roth cab6ccc18a Merge branch 'master' into aurora-false-positive-fixing 2022-09-05 16:57:10 +02:00
David André 8a595cd3fd Merge branch 'SigmaHQ:master' into add_quotes_to_strings 2022-09-04 10:10:14 +02:00
frack113 fda96b4ea7 Merge pull request #3457 from nasbench/nasbench-rule-devel 
Rule Devel (New+Update)
 2022-09-03 08:18:03 +02:00
Florian Roth 6a6454cda9 fix: Health Service filter 2022-09-02 16:59:54 +02:00
Nasreddine Bencherchali 0bdd7ea35c Update registry_set_sophos_av_tamaper.yml 2022-09-02 13:53:59 +02:00
Nasreddine Bencherchali 3c83e6c51b Update registry_set_sophos_av_tamaper.yml 2022-09-02 12:03:57 +02:00
Nasreddine Bencherchali 37f08c4cbb More updates 2022-09-02 11:52:13 +02:00
phantinuss 48ac804c9e fix: remove part of UNC path 2022-09-02 09:21:48 +02:00
phantinuss dee365f562 fix: FP in testing environment 2022-09-01 17:53:06 +02:00
David ANDRE 0b0190ccb1 Added quotes to strings 2022-09-01 15:22:26 +02:00
Wagga a693e181ff Update registry_set_disable_uac_registry.yml 2022-08-29 20:12:10 +02:00
Wagga 277032b460 Update registry_set_mpnotify_persistence.yml 2022-08-29 20:11:29 +02:00
Wagga 63ea4d7fb6 Update registry_set_fax_dll_persistance.yml 2022-08-29 20:10:25 +02:00
Wagga ec268e0983 Update registry_set_persistence_autodial_dll.yml 2022-08-29 07:48:27 +02:00
Florian Roth d452591331 Update registry_set_treatas_persistence.yml 2022-08-28 11:42:08 +02:00
Florian Roth 155c829d39 Update registry_set_treatas_persistence.yml 2022-08-28 11:41:56 +02:00
frack113 b9a2c720a8 Redcannary 20220828 2022-08-28 11:16:24 +02:00
Nasreddine Bencherchali fcd9236bae Merge branch 'nasbench-rule-devel' of https://github.com/nasbench/sigma into nasbench-rule-devel 2022-08-26 19:02:04 +01:00
phantinuss e80116e704 fix: FPs found in testing environment 2022-08-26 17:29:49 +02:00
Nasreddine Bencherchali 11a322f4f0 New + Update 2022-08-26 15:38:43 +01:00
Florian Roth 0b0dc5a65e Merge pull request #3429 from frack113/clean_reg 
registry_event Clean up
 2022-08-25 08:39:37 +02:00
frack113 f324148291 Merge pull request #3424 from nasbench/nasbench-rule-devel 
Rule Dev - Update + New Rules
 2022-08-24 19:59:08 +02:00
frack113 583155df30 Order 2022-08-24 18:42:56 +02:00
Nasreddine Bencherchali 9f02e37dfa Update 2022-08-24 12:23:00 +01:00
phantinuss 706a4bd0fa fix: many FPs in testing environment 2022-08-24 10:09:48 +02:00