security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7,749 Commits 1 Branch 57 Tags
f00aaf8461f97abec19f81aa4fc0edaa76ff6cf1
Commit Graph

94 Commits

Author SHA1 Message Date
zakibro bba66ca762 Update lnx_auditd_hidden_files_directories.yml 
Updating arguments section
 2021-09-07 07:57:50 +02:00
zakibro e9fa5bde2b Update lnx_auditd_hidden_files_directories.yml 
Correction of tag
 2021-09-06 18:55:58 +02:00
Pawel Mazur 7c2895c73f New Rule - Linux Hidden Files and Directories 2021-09-06 18:43:49 +02:00
Pawel Mazur 59eb7ce032 Merge branch 'master' of https://github.com/zakibro/sigma 2021-09-06 18:41:19 +02:00
Pawel Mazur 9f5f25e480 New Rule - Linux Hidden Files and Directories 2021-09-06 18:40:39 +02:00
zakibro f52860d6ab Merge branch 'SigmaHQ:master' into master 2021-09-06 18:40:02 +02:00
Pawel Mazur 3eb354e34c Merge branch 'master' of https://github.com/zakibro/sigma 2021-09-06 18:37:45 +02:00
Pawel Mazur ef3efd8fd3 New Rule Linux - Hidden Files and Directories 2021-09-06 18:37:02 +02:00
Florian Roth 6b2bacd2cc Merge pull request #1979 from frack113/test_global 
Change ID in global action rule
 2021-09-06 08:44:14 +02:00
zakibro 5042ba65ac Update lnx_auditd_audio_capture.yml 
Added more references about arecord.
 2021-09-05 09:28:53 +02:00
Pawel Mazur caf78b5ea1 New Rule - Linux-Audio-Capture 2021-09-04 22:10:34 +02:00
frack113 769451dc03 Add missing id 2021-09-03 13:42:15 +02:00
frack113 815134df7f Cleanup 2021-09-03 13:30:10 +02:00
zakibro 8bd859f550 Update lnx_auditd_system_info_discovery.yml 2021-09-03 13:07:42 +02:00
Pawel Mazur 864286e206 New Rule - Linux-Auditd-System Information Discovery 2021-09-03 11:33:18 +02:00
frack113 086a15fc45 Update global ID 2021-09-02 20:07:03 +02:00
f.hubaut e66007a43d fix file name case 2021-08-26 11:15:33 +02:00
frack113 5b869a3f42 Update cve tags 2021-08-24 10:50:01 +02:00
Max Altgelt 6f05e33feb fix: Correct incorrect message / keyword usage 
Correct a number of rules where message or keyword were incorrectly used
as field names in events (typically windows event logs). However, neither
field actually exists and as such these strings could never match.
 2021-08-12 16:28:07 +02:00
frack113 f2cdbb5aa7 Rename rule service:auditd 2021-07-07 13:53:51 +02:00
leegengyu 3791ab4b12 Updated ART reference links from .yaml to .md 2021-07-06 17:43:20 +08:00
Anton Kutepov 3f45269296 Merge branch 'oscd' 
B
B
B
B
A
 2021-03-02 22:58:41 +03:00
jaegeral e1f43f17c2 fixed various spelling errors all over rules and source code 2021-02-24 14:43:13 +00:00
Florian Roth 2c48d2b0bb fix: missing global action and sections 2021-02-01 20:00:06 +01:00
Bhabesh Rai 63e2f4bbce Added rule for Sudo CVE-2021-3156 Exploitation Attempt 2021-02-01 23:08:45 +05:45
Jonhnathan 3361b62cc2 Update lnx_auditd_susp_exe_folders.yml 2020-10-15 23:09:06 -03:00
Jonhnathan d655ebf092 Update lnx_auditd_masquerading_crond.yml 2020-10-15 23:08:08 -03:00
Jonhnathan e26e5a1e7e Update lnx_auditd_create_account.yml 2020-10-15 23:07:39 -03:00
Florian Roth d3ee1aba66 docs: MITRE ATT&CK(R) trademark references removed or adjusted 
https://github.com/Neo23x0/sigma/issues/1028
 2020-09-30 08:53:52 +02:00
Mike Wade 8ce73bd8df Fixed issues with tags and missing files 2020-09-15 06:10:57 -06:00
Mike Wade 52ab677798 Fixed my git issue 2020-09-13 22:03:04 -06:00
Timur Zinniatullin 8dba6ceee6 2nd review 2020-08-25 09:31:38 +03:00
Timur Zinniatullin 1244cacfbf Update lnx_auditd_create_account.yml 2020-08-25 09:20:27 +03:00
Timur Zinniatullin 72fdf0da45 Update lnx_auditd_susp_cmds.yml 2020-08-04 20:00:30 +03:00
Timur Zinniatullin 4e688233d7 ATT&CK mapping update suggestions for \linux\ 2020-08-04 19:48:18 +03:00
Ivan Kirillov 0fbfcc6ba9 Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
Florian Roth 8321cc7ee1 Merge pull request #772 from gamma37/suspicious_activities 
Create a rule for "suspicious activities"
 2020-05-23 18:11:32 +02:00
Florian Roth e1a05dfc1c Update lnx_auditd_susp_C2_commands.yml 2020-05-23 16:49:03 +02:00
gamma37 71c507d8a9 remove space bedore colon 2020-05-18 11:34:53 +02:00
gamma37 55eec46932 Create a rule for "suspicious activities" 2020-05-18 11:25:18 +02:00
gamma37 cbf06b1e43 lowercased tag 2020-05-18 10:11:32 +02:00
gamma37 904716771a Create a new rule to detect "Create Account" 2020-05-18 10:03:34 +02:00
Thomas Patzke 373424f145 Rule fixes 
Made tests pass the new CI tests. Added further allowed lower case words
in rule test.
 2020-02-20 23:00:16 +01:00
Thomas Patzke d7bd90cb24 Merge branch 'master' into oscd 2020-02-03 23:13:16 +01:00
Thomas Patzke 593abb1cce OSCD QA wave 3 2020-02-02 12:41:12 +01:00
Florian Roth d42e87edd7 fix: fixed casing and long rule titles 2020-01-30 17:26:09 +01:00
Thomas Patzke 924e1feb54 UUIDs + moved unsupported logic 
* Added UUIDs to all contributed rules
* Moved unsupported logic directory out of rules/ because this breaks CI
  testing.
 2019-12-19 23:56:36 +01:00
yugoslavskiy efc404fbae resolve conflicts with rule IDs; restored and deprecated sysmon_mimikatz_detection_lsass.yml 2019-11-19 02:11:19 +01:00
Thomas Patzke 0592cbb67a Added UUIDs to rules 2019-11-12 23:12:27 +01:00
Thomas Patzke 5f6a4225ec Unified line terminators of rules to Unix 2019-11-12 23:05:36 +01:00