security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
14,399 Commits 1 Branch 57 Tags
f3171177d81436b00a693a2425d9f799df43ecaa
Commit Graph

754 Commits

Author SHA1 Message Date
TheLawsOfChaos 52e40d10ef feat: updates multiple mitre tech/sub-tech/tactics (#3913) 2023-01-12 17:04:38 +01:00
TheLawsOfChaos 8607588a13 11 Files with updates Tactics/techniques/sub-techs (#3904) 2023-01-11 06:30:46 +01:00
frack113 0c3ba418db Merge pull request #3898 from cyb3rjy0t/patch-2 
New rule
 2023-01-10 20:47:48 +01:00
frack113 8e7187e861 Rename azure_ad_risky_sign_ins_with_singlefactorauthencation_from_unknown_devices.yml to azure_ad_risky_sign_ins_with_singlefactorauth_from_unknown_devices.yml 2023-01-10 20:37:56 +01:00
Nasreddine Bencherchali 2820210945 fix: broken title 2023-01-10 19:43:19 +01:00
frack113 4023bf2c83 Remove mitre url 2023-01-10 18:09:04 +01:00
frack113 a6116a5fdc Merge pull request #3894 from TheLawsOfChaos/patch-5 
Update azure_device_or_configuration_modified_or_deleted.yml
 2023-01-10 17:49:12 +01:00
Nasreddine Bencherchali 23278ead62 Merge pull request #3893 from TheLawsOfChaos/patch-4 
Update azure_dns_zone_modified_or_deleted.yml
 2023-01-10 13:50:11 +01:00
Nasreddine Bencherchali 82c2b635a9 fix: yaml syntax 2023-01-10 00:49:44 +01:00
Nasreddine Bencherchali 3b149675b2 Merge pull request #3896 from TheLawsOfChaos/patch-7 
Patch 7
 2023-01-10 00:45:38 +01:00
cyb3rjy0t 907252c00f New rule 
Detecting risky user sign from non AD registered device with single factor authenciation
 2023-01-09 17:07:39 -05:00
Nasreddine Bencherchali 032db9f799 Merge pull request #3897 from TheLawsOfChaos/patch-8 
Update azure_firewall_modified_or_deleted.yml
 2023-01-09 22:39:41 +01:00
Nasreddine Bencherchali f0505a7a22 fix: remove mitre links from ref section 2023-01-09 22:34:13 +01:00
Nasreddine Bencherchali e237aec830 Merge pull request #3895 from TheLawsOfChaos/patch-6 
Update azure_creating_number_of_resources_detection.yml
 2023-01-09 22:33:30 +01:00
Nasreddine Bencherchali 3ec4c3e98b fix: apply suggestions from code review 2023-01-09 22:23:19 +01:00
Nasreddine Bencherchali c8cbdefba5 fix: remove unnecessary spaces 2023-01-09 22:22:40 +01:00
Nasreddine Bencherchali b728332228 fix: remove mitre link from the reference section 2023-01-09 22:21:46 +01:00
Nasreddine Bencherchali 0e06d9e9b9 fix: remove mitre link from the reference section 2023-01-09 22:21:21 +01:00
Nasreddine Bencherchali a3cee700af fix: add missing "t" to mitre tag 2023-01-09 22:20:48 +01:00
Nasreddine Bencherchali 0f75a1d361 fix: remove mitre reference link 2023-01-09 22:19:57 +01:00
TheLawsOfChaos 8caf115e33 Update azure_firewall_modified_or_deleted.yml 
Added sub-tech reference, new tactic, and sub-tech.
 2023-01-09 16:09:18 -05:00
TheLawsOfChaos e97efe445c Update azure_change_to_authentication_method.yml 2023-01-09 15:46:05 -05:00
TheLawsOfChaos 42875d2bba Update azure_change_to_authentication_method.yml 
Updated description, added two tactics and one technique, and added technique reference.
 2023-01-09 15:43:07 -05:00
TheLawsOfChaos 1c0c29f45f Update azure_creating_number_of_resources_detection.yml 
Added tactic and MITRE reference for technique.
 2023-01-09 15:35:00 -05:00
TheLawsOfChaos 57a23e0b41 Update azure_device_or_configuration_modified_or_deleted.yml 
Added technique and sub-tech, along with references.
 2023-01-09 15:32:02 -05:00
TheLawsOfChaos a7208e7f69 Update azure_dns_zone_modified_or_deleted.yml 
Added sub-tech and reference to the page. Didn't modify the date per earlier discussion.
 2023-01-09 15:27:15 -05:00
Nasreddine Bencherchali 8956242b43 fix: rollback modified date 2023-01-09 21:14:42 +01:00
TheLawsOfChaos 8aac18a554 Update azure_application_deleted.yml 
Updated modified date.
 2023-01-09 15:06:39 -05:00
TheLawsOfChaos a992ed6372 Update azure_application_deleted.yml 
Added Tactic impact and t1489. 
https://attack.mitre.org/tactics/TA0040/
https://attack.mitre.org/techniques/T1489

Deleting an application absolutely is part of Impact, and Stop/Disable a service if that application was running it.
 2023-01-09 14:58:16 -05:00
TheLawsOfChaos ea26adb55a Update azure_ad_only_single_factor_auth_required.yml 
.004 is for valid cloud accounts
 2023-01-09 14:00:09 -05:00
Nasreddine Bencherchali e08358de3b fix: add related field 2023-01-07 13:13:48 +01:00
frack113 d73fe7ecfe Update rules/cloud/aws/aws_enum_buckets.yml 2023-01-07 12:39:50 +01:00
securepeacock 4c3e79cccb Create aws_enum_buckets.yml 2023-01-06 17:36:08 -05:00
frack113 7d5fb8db30 update logsource 2023-01-04 19:36:37 +01:00
frack113 756a248032 update logsource 2023-01-04 18:52:24 +01:00
BlueTeamOps 05135ec828 Further improved several AWS rules (#3827) 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-28 19:46:36 +01:00
frack113 7060db3d47 Promotion rules (#3821) 
* Promotion rules

* fix missing null

* fix: modified date

Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-27 12:29:10 +01:00
Nasreddine Bencherchali a1b2e0ee81 Merge pull request #3781 from blueteam0ps/aws_det 
Multiple AWS detection rules
 2022-12-23 12:41:15 +01:00
frack113 32b7ef47df Add count condition 2022-12-23 12:32:05 +01:00
Nasreddine Bencherchali a3f897606f fix: enhance metadata information 2022-12-23 11:01:57 +01:00
BlueTeamOps 426dc04fd1 Added timeframe 2022-12-22 07:56:14 +11:00
BlueTeamOps 855ca77253 Added a timeframe 2022-12-22 07:49:26 +11:00
BlueTeamOps 3b4bf47d59 Added timeframe 2022-12-22 07:40:48 +11:00
frack113 646351808e Refractor (#3794) 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-18 21:00:14 +01:00
Nasreddine Bencherchali 97c43eaa73 fix: duplicate id 2022-12-16 10:32:18 +01:00
frack113 066ab2680d Change to LF 2022-12-16 09:24:19 +01:00
BlueTeamOps 02fdcf037e fixed the eventNames to be inline 2022-12-16 18:56:15 +11:00
BlueTeamOps 5563195c77 fixed up eventName 2022-12-16 18:55:09 +11:00
BlueTeamOps f1c53264b2 Multiple AWS rules 
Multiple AWS rules based on https://unit42.paloaltonetworks.com/compromised-cloud-compute-credentials/
 2022-12-13 22:30:28 +11:00
BlueTeamOps 2958fc35e5 Delete aws_delete_identity.yml 2022-12-13 22:29:16 +11:00