security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
14,399 Commits 1 Branch 57 Tags
f3171177d81436b00a693a2425d9f799df43ecaa
Commit Graph

14399 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nasreddine Bencherchali f3171177d8 fix: apply suggestions from code review 
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-01-18 10:24:04 +01:00
Nasreddine Bencherchali 4682f3fb7a fix: broken title 2023-01-17 19:14:32 +01:00
Nasreddine Bencherchali fbeb32e24f fix: broken winlogbeat bitlocker config 2023-01-17 19:13:33 +01:00
Nasreddine Bencherchali 8f46f2f061 fix: fp in firewall rule 2023-01-17 19:07:30 +01:00
Nasreddine Bencherchali 1c0bf6e262 feat: update windows firewall rules 2023-01-17 19:01:37 +01:00
Nasreddine Bencherchali 1c340493c6 fix: broken logsource 2023-01-17 01:13:50 +01:00
Nasreddine Bencherchali 459ba25cce Merge branch 'nasbench-rule-devel' of https://github.com/nasbench/sigma into nasbench-rule-devel 2023-01-17 01:01:38 +01:00
Nasreddine Bencherchali b6e4c45ef0 Merge branch 'SigmaHQ:master' into nasbench-rule-devel 2023-01-17 01:01:23 +01:00
Nasreddine Bencherchali 85fb255bc9 feat: new rules and updates 2023-01-17 01:00:44 +01:00
Nasreddine Bencherchali e5fe4d5f46 feat: update config files 
- Update indentation of config files to 4
- Add new event logs
 2023-01-17 01:00:24 +01:00
Thomas Patzke f5da775995 Merge pull request #3927 from ruppde/master 
add -i to grep parameters to make it case insensitive as sigma
 2023-01-16 22:38:43 +01:00
Florian Roth cd165ac313 Merge pull request #3929 from phantinuss/master 
fix: FP found in testing
 2023-01-16 17:20:25 +01:00
Nasreddine Bencherchali 3d77511102 fix: improve fp description slightly 2023-01-16 16:30:08 +01:00
phantinuss 99c5c46397 fix: FP found in testing 2023-01-16 15:38:52 +01:00
Arnim Rupp 505961609b Merge branch 'SigmaHQ:master' into master 2023-01-16 14:29:07 +01:00
frack113 0625ceca36 Merge pull request #3926 from frack113/redcannary_20230115 
Add redcannary rules
 2023-01-16 12:26:27 +01:00
Nasreddine Bencherchali 679207b6c4 fix: update metadata 2023-01-16 11:15:45 +01:00
Nasreddine Bencherchali 592ec21129 Merge pull request #3928 from jkb-s/patch-2 
Fix `filepath` parameter
 2023-01-16 11:10:01 +01:00
Nasreddine Bencherchali 09731e8547 fix: update modified date 2023-01-16 10:50:23 +01:00
jkb 391173c153 Correcting filepath parameter 
According to Microsoft documentation, the parameter is -Filepath not -File-path. See: https://learn.microsoft.com/en-us/powershell/module/pki/import-certificate?view=windowsserver2022-ps
 2023-01-16 10:46:02 +01:00
Nasreddine Bencherchali fd823045a9 fix: fp in msiexec rule 2023-01-16 10:28:15 +01:00
Arnim Rupp ffa01ef035 add -i to grep parameters to make it case insensitive as sigma 2023-01-16 10:14:51 +01:00
frack113 c3f285d945 Add redcannary rules 2023-01-15 12:01:11 +01:00
frack113 2b0b680775 Merge pull request #3925 from frack113/lsa-server 
Microsoft-Windows-LSA
 2023-01-13 18:24:43 +01:00
Nasreddine Bencherchali c7f1f52b7b fix: apply suggestions from code review 2023-01-13 18:19:32 +01:00
Nasreddine Bencherchali 9783297262 Merge pull request #3922 from frack113/redcannary_20230113 
New rules based on Redcannary AtomicRedTeam 2023-01-13
 2023-01-13 18:18:32 +01:00
Nasreddine Bencherchali 432710c47b fix: description 2023-01-13 18:01:10 +01:00
Nasreddine Bencherchali 6134e25ba9 Merge pull request #3924 from ruppde/master 
several improvements in to antivirus rules
 2023-01-13 17:59:01 +01:00
frack113 c6942cba65 Add lsa-server 2023-01-13 17:58:40 +01:00
frack113 deeac89f36 Add lsa-server 2023-01-13 17:56:02 +01:00
Arnim Rupp d0443c35eb fix2 2023-01-13 17:51:37 +01:00
Arnim Rupp 92b0ce1857 fix falsepositives 2023-01-13 17:44:55 +01:00
Arnim Rupp f58358b037 Fix rule using list with only 1 element 2023-01-13 17:36:38 +01:00
Nasreddine Bencherchali c798375a56 Merge branch 'master' into master 2023-01-13 17:23:22 +01:00
Nasreddine Bencherchali 8707345be7 fix: add related metadata 2023-01-13 17:21:21 +01:00
Florian Roth da52178377 Merge pull request #3923 from SigmaHQ/rule-devel 
docs: changes to status in AV rules
 2023-01-13 17:19:57 +01:00
Arnim Rupp d0234a7f5d several improvements in rules/category/antivirus/* 2023-01-13 17:16:59 +01:00
Nasreddine Bencherchali 055f33a386 fix: add missing modified date 2023-01-13 17:13:17 +01:00
frack113 2be462d2cf Add UserName for taskscheduler 2023-01-13 13:13:53 +01:00
frack113 5d0b0f6663 Add more TaskName 2023-01-13 13:06:02 +01:00
frack113 80be90c331 Merge branch 'redcannary_20230113' of github.com:frack113/sigma into redcannary_20230113 2023-01-13 13:03:52 +01:00
frack113 a0cc836d0a Add filter 2023-01-13 13:03:30 +01:00
Florian Roth d088dc447d docs: changes to status in AV rules 2023-01-13 12:39:49 +01:00
frack113 23620bc8aa Update proc_creation_win_lsa_disablerestrictedadmin.yml 2023-01-13 12:31:28 +01:00
frack113 1b11e29fef Move rules 2023-01-13 12:15:08 +01:00
frack113 e0434a3f2c Add redcannary rules 2023-01-13 12:11:38 +01:00
frack113 4c76e10383 Merge pull request #3921 from veramine/patch-3 
filter some legitimate activity
 2023-01-13 10:18:13 +01:00
frack113 e886902374 Update proc_creation_lnx_system_network_connections_discovery.yml 2023-01-13 10:12:10 +01:00
Veramine d91a1d0903 filter some legitimate activity 
Filter landscape-sysinfo tool calling who
 2023-01-13 00:47:40 -08:00
Nasreddine Bencherchali 49a2873c7a Merge pull request #3919 from ruppde/master 
Add more ransomware strings
 2023-01-13 00:37:54 +01:00