security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,629 Commits 1 Branch 57 Tags
f2cc5c8ce7ddeb6727e0c76f3364735dfd6dfdce
Commit Graph

11629 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nasreddine Bencherchali f2cc5c8ce7 Add more processes 2022-07-04 13:38:18 +01:00
Nasreddine Bencherchali 8afa3ed1b6 Renamed + Update 2022-07-04 13:38:08 +01:00
Nasreddine Bencherchali 75117927f0 Fix field name 2022-07-03 20:24:10 +01:00
Nasreddine Bencherchali 6eaafa7b92 Update proc_creation_win_uac_bypass_idiagnostic_profile.yml 2022-07-03 20:16:43 +01:00
Nasreddine Bencherchali 30baccb49c Update proc_creation_win_uac_bypass_idiagnostic_profile.yml 2022-07-03 19:54:11 +01:00
Nasreddine Bencherchali ab4242b8f5 Update proc_creation_win_uac_bypass_idiagnostic_profile.yml 2022-07-03 19:47:11 +01:00
Nasreddine Bencherchali 78f039311a Fix error 2022-07-03 19:45:18 +01:00
Nasreddine Bencherchali 5770b3190c Update proc_creation_win_uac_bypass_idiagnostic_profile.yml 2022-07-03 19:43:24 +01:00
Nasreddine Bencherchali f9d6f468c3 Update 2022-07-03 19:43:03 +01:00
Nasreddine Bencherchali da370f8ce3 Update proc_creation_win_cmstp_com_object_access.yml 2022-07-03 19:26:47 +01:00
Florian Roth c4021267ec Merge pull request #3193 from SigmaHQ/rule-devel 
Multiple changes, new rule, some docs
 2022-07-03 16:30:36 +02:00
Florian Roth 881890177b rule: suspicious network connections no cmdline 2022-07-03 15:58:54 +02:00
Florian Roth a75a8ce526 docs: add reference 2022-07-03 15:58:44 +02:00
Florian Roth b4751520c5 refactor: more domains 2022-07-03 15:58:36 +02:00
Florian Roth 0f17609232 Merge pull request #3191 from nasbench/master 
New Rules
 2022-07-01 21:42:31 +02:00
Nasreddine Bencherchali 8b876bb737 Update proc_creation_win_lolbin_presentationhost.yml 2022-07-01 20:18:15 +01:00
Nasreddine Bencherchali 5c17ff1d0c Update proc_creation_win_lolbin_presentationhost.yml 2022-07-01 16:59:48 +01:00
Nasreddine Bencherchali c95df56222 New Rules 2022-07-01 16:56:45 +01:00
frack113 8109af3ea3 Merge pull request #3170 from mepples21/miepping-dev3 
Create azure_ad_device_registration_policy_changes.yml
 2022-07-01 15:49:02 +02:00
frack113 2f19daed62 Merge pull request #3163 from d4rk-d4nph3/master 
Rule for HandleKatz
 2022-07-01 14:29:45 +02:00
frack113 a2c10bcade Update azure_ad_device_registration_policy_changes.yml 2022-07-01 14:17:21 +02:00
Florian Roth f29c01e1d9 fix: wrong field selection 2022-07-01 12:29:23 +02:00
Florian Roth 070df75cf4 Merge pull request #3190 from phantinuss/master 
fix: FP found in testing
 2022-07-01 12:07:30 +02:00
phantinuss 15cd71403a fix: FP found in testing 2022-07-01 11:11:08 +02:00
Florian Roth 21ab44acbf Merge pull request #3188 from redsand/fp_powershell_long_entries_not_high_indicator_cite_devops_behavior 
Reducing level due to it being a minor indicator and not strong enoug…
 2022-07-01 08:25:07 +02:00
Tim Shelton 98227206e0 Reducing level due to it being a minor indicator and not strong enough to warrant an investigation on its own. 2022-07-01 01:43:42 +00:00
Florian Roth e1fc02e7d2 Merge pull request #3186 from redsand/fp_scm_db_mgmt_by_services.exe 
False positive filtering out of behavior by services.exe which is exp…
 2022-06-30 23:29:07 +02:00
Florian Roth 952d244a19 Merge pull request #3187 from SigmaHQ/aurora-false-positive-fixing 
Aurora false positive fixing
 2022-06-30 22:15:23 +02:00
Florian Roth d059d34fab fix: wrong field selection 
don't use PE header field, but the source image
 2022-06-30 21:33:23 +02:00
Florian Roth 3754075ae6 fix: FP with git.exe 2022-06-30 18:25:31 +02:00
Tim Shelton 38335b6303 False positive filtering out of behavior by services.exe which is expected 2022-06-30 16:22:42 +00:00
Florian Roth 33afe1f6a2 Merge pull request #3183 from pH-T/master 
fix: FP fix
 2022-06-30 18:18:01 +02:00
Florian Roth cb33e5cc8a Merge pull request #3185 from frack113/fix_issue_2579 
fix issue 2579
 2022-06-30 18:17:51 +02:00
Florian Roth d09544c358 refactor: remove now unnecessary filters 2022-06-30 17:36:49 +02:00
Florian Roth f44c0e6fb3 Merge pull request #3184 from phantinuss/master 
fix: FPs found in testing environment
 2022-06-30 17:21:37 +02:00
phantinuss 58dc1da663 fix: FPs found in testing environment 2022-06-30 16:40:05 +02:00
Paul Hager 9044998428 fix: FP fix 2022-06-30 15:18:39 +02:00
frack113 38761cbdb0 fix issue 2022-06-30 08:48:31 +02:00
Florian Roth efd48e2bc2 Merge pull request #3180 from frack113/issue_2088 
More generic registry_event_cve_2021_31979_cve_2021_33771_exploits
 2022-06-29 20:18:34 +02:00
Florian Roth e516fd74cb Merge pull request #3172 from mepples21/miepping-dev5 
Create azure_ad_bitlocker_key_retrieval.yml
 2022-06-29 19:40:36 +02:00
Florian Roth 218e7f1491 Update azure_ad_device_registration_policy_changes.yml 2022-06-29 19:39:34 +02:00
Florian Roth 4fee43361c Merge pull request #3171 from mepples21/miepping-dev4 
Create azure_ad_sign_ins_from_unknown_devices.yml
 2022-06-29 19:37:13 +02:00
Florian Roth 7c1c510f71 Merge pull request #3179 from securepeacock/patch-27 
Update lnx_auditd_hidden_files_directories.yml
 2022-06-29 19:36:29 +02:00
frack113 c64ece9f68 More generic 2022-06-29 19:33:50 +02:00
securepeacock ecdd32c462 Update lnx_auditd_hidden_files_directories.yml 
Fixing typo.
 2022-06-29 13:24:24 -04:00
Florian Roth 96e424bd4e Merge pull request #3178 from phantinuss/master 
fix: technically filter THOR checking for BlueKeep vuln
 2022-06-29 17:42:21 +02:00
Florian Roth e07b2f115b Merge pull request #3173 from nasbench/master 
Update + New Rules
 2022-06-29 17:22:02 +02:00
phantinuss b4bce46c65 fix: technically filter THOR checking for BlueKeep vuln 2022-06-29 17:07:04 +02:00
Florian Roth 6709a2dbaf Merge pull request #3177 from redsand/level_reduce_suspicious_failed_logins 
Reducing the level of Account Tampering - Suspicious Failed Logon Reasons
 2022-06-29 16:50:44 +02:00
Florian Roth 71edfa3550 Merge pull request #3176 from redsand/fp_reorder_system_ignore_all 
False positive whre system needs to be filtered first against any wri…
 2022-06-29 16:50:25 +02:00