security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
7,749 Commits 1 Branch 57 Tags
f00aaf8461f97abec19f81aa4fc0edaa76ff6cf1
Commit Graph

807 Commits

Author SHA1 Message Date
frack113 d02ee1eddd Update global ID 2021-09-02 21:16:55 +02:00
frack113 f90c7558a7 update global id 2021-09-02 21:03:25 +02:00
frack113 086a15fc45 Update global ID 2021-09-02 20:07:03 +02:00
frack113 a4021842de Fix invalid tags 2021-08-25 09:15:57 +02:00
frack113 c2302a15da fix cve tags 2021-08-24 10:10:45 +02:00
Max Altgelt 6f05e33feb fix: Correct incorrect message / keyword usage 
Correct a number of rules where message or keyword were incorrectly used
as field names in events (typically windows event logs). However, neither
field actually exists and as such these strings could never match.
 2021-08-12 16:28:07 +02:00
frack113 cf8d8d3ed4 fix TargetFilename case error 2021-08-06 08:43:05 +02:00
Sittikorn S d3a1fb8565 Update sysmon_cve_2021_31979_cve_2021_33771_exploits.yml 2021-07-17 06:49:37 +07:00
Sittikorn S 5e84a603d0 Update sysmon_cve_2021_31979_cve_2021_33771_exploits.yml 2021-07-17 01:04:07 +07:00
Sittikorn S a3c4aa5dad Update sysmon_cve_2021_31979_cve_2021_33771_exploits.yml 2021-07-17 01:02:14 +07:00
Sittikorn S eea3675d4e Rename sysmon_cve_2021_31979_cve-2021_33771_exploits.yml to sysmon_cve_2021_31979_cve_2021_33771_exploits.yml 2021-07-17 00:09:04 +07:00
Sittikorn S 90fc50e0a2 Update and rename sysmon_devilstongue_CVE_2021_31979_exploit.yml to sysmon_cve_2021_31979_cve-2021_33771_exploits.yml 
rename sysmon_cve_2021_31979_cve-2021_33771_exploits.yml
 2021-07-17 00:02:15 +07:00
Sittikorn S 9fb589201e Update and rename sysmon_devilstongue_exploit_0day.yml to sysmon_devilstongue_CVE_2021_31979_exploit.yml 
Change Title
 2021-07-16 23:47:14 +07:00
Sittikorn S f2187f05e6 Update and rename sysmon_devilstongue_CVE_2021_31979_CVE_2021_33771.yml to sysmon_devilstongue_exploit_0day.yml 2021-07-16 23:42:05 +07:00
Sittikorn S 91295cff21 Update sysmon_devilstongue_CVE_2021_31979_CVE_2021_33771.yml 2021-07-16 23:35:31 +07:00
Sittikorn S dac72e2750 Update and rename sysmon_exploit_CVE_2021_31979_CVE_2021_33771.yml to sysmon_devilstongue_CVE_2021_31979_CVE_2021_33771.yml 2021-07-16 23:30:05 +07:00
Sittikorn S 10b7b6d640 Update sysmon_exploit_CVE_2021_31979_CVE_2021_33771.yml 2021-07-16 23:11:14 +07:00
Sittikorn S 94ba194b42 Update sysmon_exploit_CVE_2021_31979_CVE_2021_33771.yml 2021-07-16 23:09:51 +07:00
Sittikorn S 477ec060d2 Update and rename sysmon_susp_devilstongue_CVE_2021_31979_CVE_2021_33771.yml to sysmon_exploit_CVE_2021_31979_CVE_2021_33771.yml 2021-07-16 22:47:04 +07:00
Sittikorn S 99e5990416 Update sysmon_susp_devilstongue_CVE_2021_31979_CVE_2021_33771.yml 2021-07-16 22:30:06 +07:00
Sittikorn S dc94c4e51e Update sysmon_susp_devilstongue_CVE_2021_31979_CVE_2021_33771.yml 2021-07-16 22:21:34 +07:00
Sittikorn S 0954163e9d Update sysmon_susp_devilstongue_CVE_2021_31979_CVE_2021_33771.yml 2021-07-16 22:19:07 +07:00
Sittikorn S e094c76098 Update sysmon_susp_devilstongue_CVE_2021_31979_CVE_2021_33771.yml 2021-07-16 22:14:22 +07:00
Sittikorn S 0506e10697 Create sysmon_susp_devilstongue_CVE_2021_31979_CVE_2021_33771.yml 2021-07-16 22:09:07 +07:00
frack113 0ef3dc2082 escape / in regex 2021-07-15 08:13:49 +02:00
Florian Roth 382d5b2adb Merge pull request #1674 from frack113/fix_small_errors 
Fix some typo error
 2021-07-12 15:23:55 +02:00
frack113 af140ebf84 fix some typo error 2021-07-12 09:40:18 +02:00
mlp1515 29a6a2d5fb Merge branch 'SigmaHQ:master' into master 2021-07-07 08:25:04 +02:00
wagga40 11df697cdc Updated rules with modifiers instead of '*' and remove trailing '\\' 2021-06-27 14:51:29 +02:00
mlp1515 53632d4def Update sysmon_config_modification.yml 2021-06-16 15:34:23 +02:00
Florian Roth e5cd850640 Merge pull request #1556 from frack113/PR_617_V2 
Fix all the rules to pass the test
 2021-06-16 08:22:51 +02:00
frack113 558bcd5ceb Fix all the rules to pass the test 2021-06-14 07:33:26 +02:00
frack113 fb2d0092f1 forget to add modified 2021-06-10 17:27:15 +02:00
frack113 4e516414c9 Split to Convert eventID to correct category 2021-06-10 16:58:45 +02:00
frack113 a0aed54f7d Convert eventID 22 to category dns_query 2021-06-10 16:43:33 +02:00
frack113 7cb10b5475 convert eventID to category 2021-06-10 16:36:14 +02:00
frack113 169f948ac2 Get a new error after another Atomic Test 2021-06-04 13:20:10 +02:00
frack113 3d9fe490ab Detect modification of sysmon configuration by sysmon 2021-06-04 11:27:15 +02:00
Florian Roth adbdb5b22f Merge branch 'master' into falsepositives_NOT_a_list 2021-05-27 10:23:19 +02:00
frack113 104a004b3d fix typo of tags 2021-05-24 10:41:17 +02:00
frack113 45190c3874 Fix falsepositives list 2021-05-21 11:13:27 +02:00
Florian Roth 615a284de3 Merge pull request #1461 from d4rk-d4nph3/master 
Added rule for Pingback backdoor
 2021-05-05 12:42:27 +02:00
Bhabesh Rai 4529fbd1f3 Fixed too many spaces after hyphen error 2021-05-05 12:48:29 +05:45
Bhabesh Rai 1352f0b0a6 Added rule for Pingback backdoor 2021-05-05 12:37:50 +05:45
Florian Roth c7ce9154d1 Merge pull request #1030 from stevengoossensB/master 
Updated sysmon config and rewrite rules to use categories
 2021-04-23 16:52:25 +02:00
Steven f57e1a2231 Delete .keep file 2021-04-15 02:17:36 +02:00
Steven 7b679cc1f7 - Modified rules to use categories instead of hardcoded event IDs 
- Added file_delete category (Sysmon Event ID 23) to the generic translation file
 2021-04-15 01:40:31 +02:00
Steven 850a002840 Merge branch 'master' of https://github.com/SigmaHQ/sigma 2021-04-15 01:25:48 +02:00
Roberto Rodriguez db0e969121 HybridConnectionMgr Service Activity 2021-04-12 16:26:15 -04:00
Thomas Patzke 3fef2a10b8 Merge branch 'pr-1158' 2021-04-08 23:01:54 +02:00