blue-team-tools

Author	SHA1	Message	Date
Nasreddine Bencherchali	ec2c559365	fix: typo in field name	2023-05-19 02:42:17 +02:00
Nasreddine Bencherchali	7b662b7c3d	feat: add new rules related to small sieve	2023-05-19 02:34:01 +02:00
Josh	1cd3005159	fix: add new edge case to test_logsource.py (#4247 ) Improve the condition of the log source test to check for "NULL" values	2023-05-18 22:36:01 +02:00
Adam	4038141e13	fix: typo in ET Snake malware rule filter (#4248 )	2023-05-18 22:21:54 +02:00
Nasreddine Bencherchali	62caac4708	feat: multiple updates and new rules (#4242 )	2023-05-17 17:21:59 +02:00
BlueTeamOps	7b90c00a45	feat: add new rules related to cloudflared usage (#4243 )	2023-05-17 17:21:23 +02:00
Nasreddine Bencherchali	7f3eff58e1	Merge pull request #4240 from phantinuss/master fix: FP with CheckPoint SmartConsole	2023-05-16 15:44:43 +02:00
phantinuss	06ec405ce7	fix: specify image and loaded image	2023-05-16 15:37:13 +02:00
phantinuss	9da42e4b52	fix: FP with CheckPoint SmartConsole	2023-05-16 09:38:53 +02:00
Mohamed Ashraf	37bba95e4a	feat: new rule related to `roboform` dll sideloading (#4230 )	2023-05-15 16:36:53 +02:00
Nasreddine Bencherchali	0cb01970e7	feat: new rules, updates and goofy guineapig stuff (#4229 )	2023-05-15 15:53:39 +02:00
Nasreddine Bencherchali	86bfb35958	Merge pull request #4231 from nasbench/snake-operation-rules feat: new rules related to snake malware	2023-05-12 13:15:58 +02:00
Nasreddine Bencherchali	e51b548938	fix: apply suggestions from code review Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2023-05-12 10:33:05 +02:00
Nasreddine Bencherchali	2aa5b1be43	fix: move rule to correct folder	2023-05-11 21:38:39 +02:00
Nasreddine Bencherchali	5d3bc1142d	fix: rename file	2023-05-11 21:37:47 +02:00
Nasreddine Bencherchali	ee9bda1634	fix: add missing selection	2023-05-11 21:13:33 +02:00
Nasreddine Bencherchali	cab7dcc9f4	fix: unused selection and increase filename size	2023-05-11 20:51:33 +02:00
Nasreddine Bencherchali	77ba152b7f	feat: more snake malware related rules	2023-05-11 19:54:11 +02:00
Nasreddine Bencherchali	d6f6f2d3de	fix: title and description	2023-05-10 19:18:10 +02:00
Nasreddine Bencherchali	40df0d4890	fix: typo in field	2023-05-10 18:59:59 +02:00
Nasreddine Bencherchali	5b828d5022	feat: new rules related to snake malware	2023-05-10 14:48:08 +02:00
phantinuss	c834b6dfcb	Merge pull request #4225 from austinsonger/Okta_fastpass_phishing_detection Create okta_fastpass_phishing_detection.yml	2023-05-10 09:31:02 +02:00
phantinuss	54dc2dcdb8	Merge pull request #4217 from m4nbat/NotionC2-detection-gk Create net_connection_win_notion.yml	2023-05-10 08:30:15 +02:00
Austin Songer	b72e7fc6eb	Update rules/cloud/okta/okta_fastpass_phishing_detection.yml Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>	2023-05-10 01:18:00 -05:00
Nasreddine Bencherchali	231c2eccab	fix: filter names and title	2023-05-09 20:54:55 +02:00
Nasreddine Bencherchali	e0a2d52671	Merge pull request #4218 from nasbench/fin7-rules feat: updates and new rules related to fin7	2023-05-09 16:14:26 +02:00
Nasreddine Bencherchali	bbf1e54510	fix: apply suggestions from code review Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2023-05-09 16:04:24 +02:00
phantinuss	b8c08bc8a8	Merge pull request #4222 from X-Junior/solidpdfcreator-dll-sideload-rule feat: new rule related to possible solidpdfcreator.dll sideloading	2023-05-09 11:35:21 +02:00
phantinuss	bdea78c18a	Merge pull request #4227 from frack113/review_web_logsource Review Web logsource	2023-05-09 11:33:29 +02:00
Gavin Knapp	2a2a4d9cd0	Merge branch 'SigmaHQ:master' into NotionC2-detection-gk	2023-05-09 09:20:59 +01:00
Nasreddine Bencherchali	91daec6d37	fix: single list element	2023-05-09 01:40:54 +02:00
Nasreddine Bencherchali	3767682f19	fix: metadata update	2023-05-09 01:38:28 +02:00
Micah Babinski	7906d999ab	feat: add new rule for Potential Homoglyph Attack (#4223 )	2023-05-09 01:35:52 +02:00
Nasreddine Bencherchali	7b3186d274	fix: small update	2023-05-09 01:33:13 +02:00
Austin Songer	3e9cfc3e7c	Update okta_fastpass_phishing_detection.yml	2023-05-08 11:26:21 -05:00
Austin Songer	8dc803df95	Update okta_fastpass_phishing_detection.yml	2023-05-08 10:35:19 -05:00
$frack113$ frack113	c1a9712558	Review Web logsource	2023-05-08 11:04:16 +02:00
Austin Songer	df04652768	Update okta_fastpass_phishing_detection.yml	2023-05-07 20:16:54 -05:00
Austin Songer	616bf2a819	Update okta_fastpass_phishing_detection.yml	2023-05-07 20:06:23 -05:00
Austin Songer	ce62346e4f	Create okta_fastpass_phishing_detection.yml	2023-05-07 19:43:39 -05:00
Mohamed Ashraf (X__Junior)	0092ba7e47	Create image_load_side_load_solidpdfcreator.yml	2023-05-07 14:27:53 +03:00
Nasreddine Bencherchali	f3104f748f	Merge pull request #4211 from fukusuket/refactor-use-all-modifier-without-field-instead-of-all-of chore: refactor use `'\|all'` instead of using `all of` for a single selector.	2023-05-05 18:44:35 +02:00
Nasreddine Bencherchali	21f6554ccd	Merge pull request #4221 from SigmaHQ/proc-expl-drv-drop feat: new rules related to procexp and procmon drivers	2023-05-05 18:33:09 +02:00
Nasreddine Bencherchali	72d003ea24	feat: update author and selection	2023-05-05 18:25:07 +02:00
Nasreddine Bencherchali	55bdf17dc3	Merge pull request #4220 from SigmaHQ/rule-devel feat: add more backstab imphashes	2023-05-05 18:19:57 +02:00
Nasreddine Bencherchali	a9b5a3b3e8	feat: small fix and add procmon	2023-05-05 18:19:05 +02:00
Nasreddine Bencherchali	f1cd74e303	feat: more updates	2023-05-05 17:52:47 +02:00
Florian Roth	92981d2671	New rule: process explorer driver drop	2023-05-05 13:58:14 +02:00
Florian Roth	dee38387c5	more backstab hashes	2023-05-05 13:17:01 +02:00
Nasreddine Bencherchali	bd0a9e2bae	fix: missing modifier	2023-05-05 12:34:29 +02:00

1 2 3 4 5 ...

15376 Commits