security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,629 Commits 1 Branch 57 Tags
f2cc5c8ce7ddeb6727e0c76f3364735dfd6dfdce
Commit Graph

11629 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Florian Roth fef851a918 fix: FPs with Aurora 2022-06-20 12:01:25 +02:00
frack113 477e8fc180 Merge pull request #3149 from redsand/fp_sentinel_one 
False positive from SentinelOne Ranger Agent
 2022-06-19 22:25:19 +02:00
Tim Shelton 80ee980b1d False positive from SentinelOne Ranger Agent 2022-06-19 14:31:10 +00:00
Florian Roth 10e39e41f7 Merge pull request #3143 from SigmaHQ/rule-devel 
Rule level refactoring: critical > high
 2022-06-19 15:04:46 +02:00
Florian Roth f4ef4fcdc4 Merge pull request #3147 from frack113/fix_issue_3067 
Fix ServiceName
 2022-06-19 15:03:43 +02:00
frack113 55f1f6dd1e Fix ServiceName 2022-06-19 11:59:48 +02:00
frack113 2219910c43 Add registry_set_timeproviders_dllname 2022-06-19 11:20:35 +02:00
frack113 87bad74ab1 Add proc_creation_win_chrome_load_extension 2022-06-19 09:34:07 +02:00
frack113 5b38168340 Merge pull request #3144 from alexmcdonald1124/mdatp-escape 
Adding a mapping check to escape slashes in KQL
 2022-06-19 08:37:51 +02:00
frack113 272c29caea Merge pull request #3138 from Yochana-H/Yochana-H 
create azure_blocked_account_attempt.yml
 2022-06-19 08:36:30 +02:00
Florian Roth 37ed5f4bc5 Update azure_blocked_account_attempt.yml 2022-06-18 18:22:43 +02:00
Florian Roth 6caeb2fff6 docs: added link 2022-06-18 18:19:55 +02:00
Florian Roth f728893364 refactor: rule level adjustments - critical to high 2022-06-18 17:43:22 +02:00
Alexander McDonald 1249675bcd Adding a mapping check to escape slashes in KQL 2022-06-18 09:02:21 -04:00
Florian Roth 7425a73203 Merge pull request #3142 from SigmaHQ/aurora-false-positive-fixing 
fix: FPs with Browser Credential Store Access
 2022-06-18 09:45:51 +02:00
Florian Roth 2105b8ecf6 fix: FPs with Browser Credential Store Access 2022-06-18 09:10:17 +02:00
Florian Roth f3a08b5691 Merge pull request #3141 from SigmaHQ/rule-devel 
Rule adjustments based on hayabusa noisy rules
 2022-06-18 08:45:08 +02:00
Florian Roth c9f45cf528 Merge branch 'rule-devel' of https://github.com/SigmaHQ/sigma into rule-devel 2022-06-18 08:39:04 +02:00
Florian Roth db55be82b6 refactor: rule adjustments based on hayabusa 
https://github.com/Yamato-Security/hayabusa-rules/blob/deb6026fcf452600829c52852f6283d2c808bc69/config/noisy_rules.txt
 2022-06-18 08:39:02 +02:00
frack113 e3ea9f7b42 Update azure_blocked_account_attempt.yml 2022-06-17 20:43:07 +02:00
frack113 5b2fac3739 Merge pull request #3135 from nasbench/master 
Small Updates and New Rules
 2022-06-17 20:41:10 +02:00
Thomas Patzke fcb7597ea8 Merge pull request #3133 from chiyang1010/deep-copy 
using deepcopy to clone previous rule
 2022-06-17 19:12:44 +02:00
Florian Roth 186f10fb21 Merge pull request #3136 from greg-workspace/master 
Rule: Follina and DogWalk exploit msdt.exe loading sdiageng.dll
 2022-06-17 18:52:31 +02:00
Florian Roth fda9c753e2 Update image_load_msdt_sdiageng.yml 2022-06-17 18:46:14 +02:00
Florian Roth e4493d945f Merge pull request #3139 from redsand/fp_direct_syscall_amazonssmagentsetup 
False positive: ignore amazon ssm agent setup
 2022-06-17 18:45:49 +02:00
Tim Shelton e56dab0016 False positive: ignore amazon ssm agent setup 2022-06-17 16:33:47 +00:00
Yochana-H d659088d4b Merge branch 'Yochana-H' of https://github.com/Yochana-H/sigma into Yochana-H 2022-06-17 15:44:51 +01:00
Yochana-H 6dc3c1d4dd Create azure_blocked_account_attempt.yml 2022-06-17 15:44:40 +01:00
Nasreddine Bencherchali f84c1436a3 Add missing "contains" modifier 2022-06-17 14:06:14 +01:00
Nasreddine Bencherchali 7ada37a364 Update file_event_win_winword_cve_2021_40444.yml 2022-06-17 12:17:28 +01:00
Nasreddine Bencherchali 9e0ef7251b Update file_event_win_winword_cve_2021_40444.yml 2022-06-17 11:59:17 +01:00
Nasreddine Bencherchali cde97e7168 Update file_event_win_winword_cve_2021_40444.yml 2022-06-17 11:55:13 +01:00
Nasreddine Bencherchali d5146fe0d4 Update file_event_win_winword_cve_2021_40444.yml 2022-06-17 11:53:17 +01:00
Florian Roth 725cadc902 Update image_load_msdt_sdiageng.yml 2022-06-17 08:49:17 +02:00
eiger 764dbc4e3c Fix: Sigma title error 2022-06-17 14:40:01 +08:00
eiger e4ab54d60f Rule: Follina and DogWalk exploit msdt.exe loading sdiageng.dll 2022-06-17 09:41:08 +08:00
eiger 7444869de3 Rule: Follina and DogWalk exploit msdt.exe loading sdiageng.dll 2022-06-17 09:29:20 +08:00
eiger 21edcafa36 Rule: Follina or DogWalk exploit sdiageng.dll 2022-06-17 09:21:57 +08:00
Nasreddine Bencherchali 32c772d0df Update proc_creation_win_lolbin_openconsole.yml 2022-06-16 23:41:57 +01:00
Nasreddine Bencherchali 2ab106ddee Small Update and New Rule 2022-06-16 23:37:50 +01:00
frack113 4b17d2df48 Merge pull request #3134 from leegengyu/patch-1 
Update Description in proc_creation_win_sysinternals_eula_accepted.yml
 2022-06-16 17:14:31 +02:00
G Y 1eb02a0025 Update proc_creation_win_sysinternals_eula_accepted.yml 
Description changed (original description was taken from registry_add_sysinternals_eula_accepted.yml).
 2022-06-16 14:49:17 +08:00
ChiYang Tsai 32b4a836b8 using deepcopy to clone previous rule 2022-06-16 12:19:14 +08:00
frack113 b95470333e Merge pull request #3131 from securepeacock/patch-26 
Create registry_set_enabling_turn_off_check.yml
 2022-06-15 19:19:25 +02:00
securepeacock aa01c73f72 Update registry_set_enabling_turnoffcheck.yml 2022-06-15 11:49:38 -04:00
securepeacock bd6f9936a5 Rename registry_set_enabling_turn_off_check.yml to registry_set_enabling_turnoffcheck.yml 2022-06-15 11:07:55 -04:00
securepeacock 35c6084ef7 Update registry_set_enabling_turn_off_check.yml 2022-06-15 10:55:15 -04:00
securepeacock 1f279f633a Update registry_set_enabling_turn_off_check.yml 2022-06-15 10:54:23 -04:00
securepeacock cfabbc4bdf Update registry_set_enabling_turn_off_check.yml 2022-06-15 10:51:15 -04:00
securepeacock c0f01c84b3 Create registry_set_enabling_turn_off_check.yml 2022-06-15 10:49:19 -04:00