security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
8,406 Commits 1 Branch 57 Tags
f2d9cf0964dbdfba46c2cb1ff0ced73a53a57ff0
Commit Graph

8406 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tim Shelton f2d9cf0964 Initial commmit of hawk analytic score generator 2021-10-18 21:39:49 +00:00
Tim Shelton ae2923bdd8 Initial commmit of hawk analytic score generator 2021-10-18 21:39:49 +00:00
Florian Roth 2984d7d248 Merge pull request #2161 from WojciechLesicki/master 
Description changes acording to merge in sysmon config
 2021-10-18 23:13:00 +02:00
WojciechLesicki 6c86500414 Description changes acording to https://github.com/SwiftOnSecurity/sysmon-config/pull/151 2021-10-18 21:34:05 +02:00
Florian Roth 6cca98704a Merge pull request #2154 from wagga40/master 
Fix a missing var reset in SQLite backend
 2021-10-17 17:24:40 +02:00
Wagga 17d78a5c4c Fix a missing var reset in SQLite backend 2021-10-17 16:21:59 +02:00
frack113 a8a0d546f3 Merge pull request #2113 from austinsonger/process_creation_lolbins_suspicious_driver_install_by_pnputil.yml 
process_creation_lolbins_suspicious_driver_installed_by_pnputil.yml
 2021-10-17 08:10:18 +01:00
frack113 5756888b1b adds the alternative options 2021-10-17 08:33:32 +02:00
frack113 e5b3a1cc14 Merge pull request #2151 from frack113/ps_category 
Powershell category
 2021-10-17 07:15:31 +01:00
frack113 ca4e32c00f Merge pull request #2153 from frack113/fix_yml 
fix  tools/config/splunk-windows.yml
 2021-10-17 07:14:53 +01:00
frack113 7fc6532665 fix yml 2021-10-16 22:49:20 +02:00
Thomas Patzke 76c02a14b2 Merge pull request #1558 from maketsi/splunk-search-ext 
Added ability to define free-text searches in the logsource mapping
 2021-10-16 20:49:14 +02:00
Thomas Patzke 9d8828a0ed Merge pull request #1696 from denny-lclin/lclin/fix-ada-wildcard 
Fix [ALA] Convesion of wildcard not as expected for ada backend #1689
 2021-10-16 20:46:23 +02:00
Thomas Patzke f3c01a3f65 Merge pull request #1948 from zazzzSec/fix_cb_paths 
fixing cb path wildcards that don't work
 2021-10-16 20:44:14 +02:00
Thomas Patzke 4806a88427 Merge pull request #2029 from marcurdy/master 
Correct for proper output to Splunk and CarbonBlack. Add AWS Athena c…
 2021-10-16 20:37:59 +02:00
Thomas Patzke e6881e41a6 Merge pull request #2090 from roysjosh/ala-near 
Implement "near" support for ALA/Sentinel
 2021-10-16 20:34:32 +02:00
Thomas Patzke 00dd72acf2 Merge pull request #2118 from albchen/patch-3 
Add generateAggregation
 2021-10-16 20:33:11 +02:00
frack113 94fe989f11 Merge pull request #2139 from phantinuss/providername 
Introducing the field 'Provider Name' for Windows Eventlog Log Sources
 2021-10-16 18:05:10 +01:00
frack113 fc796df654 add references 2021-10-16 08:37:51 +02:00
frack113 4149fa8632 change to category: ps_classic_* 2021-10-16 08:26:51 +02:00
frack113 690b26fb90 change order to chain sysmon 2021-10-16 08:19:25 +02:00
frack113 f6b0a89161 change to category: ps_script 2021-10-16 08:18:49 +02:00
frack113 0ca16b18f4 Change to category: ps_module 2021-10-16 08:05:15 +02:00
frack113 cb98a63453 Merge pull request #2150 from austinsonger/gcp-cloudsql 
gcp_sql_database_modified_or_deleted.yml
 2021-10-16 06:24:46 +01:00
austinsonger 7fc1c50901 gcp_sql_database_modified_or_deleted.yml 2021-10-15 18:53:45 -05:00
frack113 2930c1624c Merge pull request #2142 from austinsonger/aws 
Aws
 2021-10-15 08:17:24 +01:00
Austin Songer 7ad0887704 Update passed_role_to_glue_development_endpoint.yml 2021-10-14 12:10:48 -05:00
Austin Songer 70b55f2c2d Update aws_lambda_function_created_or_invoked.yml 2021-10-14 12:10:29 -05:00
frack113 87f2326402 Merge pull request #2133 from hieuttmmo/master 
Sigma Rules for Privileged Accounts Activities Monitoring in Azure
 2021-10-14 16:53:53 +01:00
Florian Roth 7e02555e22 refactor: credential dumper level increased 2021-10-14 14:24:56 +02:00
Tran Trung Hieu a7e6eb576c Delete .DS_Store file 2021-10-14 15:55:05 +04:00
frack113 5f5b57504b Merge pull request #2144 from frack113/fix_2140 
fix status in filter
 2021-10-14 08:12:05 +01:00
phantinuss 55f942b526 fix: change error message 2021-10-14 08:53:50 +02:00
frack113 c202d39acd Merge pull request #2138 from frack113/conti_ransomware 
Conti ransomware commandline
 2021-10-14 06:31:36 +01:00
frack113 468cac031d fix status 2021-10-14 07:19:41 +02:00
Austin Songer 40879252a8 Update aws_lambda_function_created_or_invoked.yml 2021-10-13 16:25:28 -05:00
Austin Songer f7dba3fbff Update passed_role_to_glue_development_endpoint.yml 2021-10-13 12:34:16 -05:00
Austin Songer 503a4bc72b Update and rename aws_pass_role_to_lambda_function.yml to aws_lambda_function_created_or_invoked.yml 2021-10-13 12:27:24 -05:00
frack113 1e0fde6975 Merge pull request #2135 from austinsonger/onelogin 
Onelogin Rules
 2021-10-13 16:35:27 +01:00
frack113 a10d100d87 Merge pull request #2137 from austinsonger/powershell_windows_firewall_disabled.yml 
powershell_windows_firewall_profile_disabled.yml
 2021-10-13 16:29:37 +01:00
phantinuss 81b4a0eb98 feat: adapt logsources for field names without spaces 2021-10-13 14:36:10 +02:00
phantinuss 7c8a735882 fix: change modifed date 2021-10-13 14:22:48 +02:00
phantinuss 9ddabe18ed feat: testing for space in field names 2021-10-13 14:21:23 +02:00
phantinuss 5c3cdbe845 fix: replace space with _ 2021-10-13 14:20:26 +02:00
Austin Songer 756d5b5aa6 Update onelogin_user_account_locked.yml 2021-10-13 07:02:01 -05:00
Austin Songer 4e43fce629 Update powershell_windows_firewall_profile_disabled.yml 2021-10-13 07:01:04 -05:00
Austin Songer e08f6333b8 Update aws_pass_role_to_lambda_function.yml 2021-10-13 06:59:13 -05:00
Austin Songer 010b0e2868 Update passed_role_to_glue_development_endpoint.yml 2021-10-13 06:58:57 -05:00
Tran Trung Hieu 15c472ee19 Merge branch 'master' of https://github.com/hieuttmmo/sigma 2021-10-13 15:12:45 +04:00
Tran Trung Hieu 7c01710d9d Change the service to the form service: azure._a_name_ and add falsepositives field 2021-10-13 15:12:36 +04:00