security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
14,399 Commits 1 Branch 57 Tags
f3171177d81436b00a693a2425d9f799df43ecaa
Commit Graph

230 Commits

Author SHA1 Message Date
Nasreddine Bencherchali 1c340493c6 fix: broken logsource 2023-01-17 01:13:50 +01:00
Nasreddine Bencherchali e5fe4d5f46 feat: update config files 
- Update indentation of config files to 4
- Add new event logs
 2023-01-17 01:00:24 +01:00
frack113 2b0b680775 Merge pull request #3925 from frack113/lsa-server 
Microsoft-Windows-LSA
 2023-01-13 18:24:43 +01:00
Nasreddine Bencherchali c7f1f52b7b fix: apply suggestions from code review 2023-01-13 18:19:32 +01:00
frack113 deeac89f36 Add lsa-server 2023-01-13 17:56:02 +01:00
frack113 2be462d2cf Add UserName for taskscheduler 2023-01-13 13:13:53 +01:00
Nasreddine Bencherchali 8b38e3ac2c fix: assertion logic 2023-01-12 12:36:33 +01:00
Nasreddine Bencherchali dca48fc125 fix: assert function in test 2023-01-12 12:29:38 +01:00
Nasreddine Bencherchali 30c658e2a4 fix: broken logic in test 
- Fix ` test_duplicate_detections` test
- Add new test `test_broken_thor_logsource_config` to test for broken Windows eventlog sources
 2023-01-12 12:21:58 +01:00
Nasreddine Bencherchali debd658aac feat: new rules related to appx packages 2023-01-11 23:04:37 +01:00
frack113 fbae1f3055 Merge pull request #3889 from frack113/iso_evtx 
Add win_vhdmp_mount_iso.yml
 2023-01-11 18:05:50 +01:00
frack113 5cff2d2b3f Update logsource.json 2023-01-10 21:53:35 +01:00
frack113 9b550f6858 Add win_vhdmp_mount_iso 2023-01-09 10:19:41 +01:00
frack113 d6059d801b Filename normalisation 2023-01-07 08:52:11 +01:00
frack113 0c4d6f1d71 Merge pull request #3870 from frack113/check_logsource 
update logsource
 2023-01-04 19:52:41 +01:00
frack113 ed1a91b53f remove duplicate value 2023-01-04 19:42:16 +01:00
frack113 7d5fb8db30 update logsource 2023-01-04 19:36:37 +01:00
Nasreddine Bencherchali be4d99d6dd Merge pull request #3868 from nasbench/nasbench-rule-devel 
feat: updates and enhancements
 2023-01-04 19:29:12 +01:00
frack113 756a248032 update logsource 2023-01-04 18:52:24 +01:00
Nasreddine Bencherchali 46f01f2f88 fix: typo in unknown 2023-01-04 18:46:34 +01:00
Hendrik Baecker 9985905f54 rule_tests: Rule directory relative to test_* file 2023-01-04 16:25:07 +01:00
Hendrik Baecker c998945b34 test-rules: use cti directory relative to test file 
This little change will use 'cti/' relative to the executing
test_*.py file and doesn't care if the testfile is executed
from sigma/ or sigma/tests/.
 2023-01-04 16:02:57 +01:00
Hendrik Baecker 3da07164ce test-rules: Execute get_mitre_data() as part of unittest 
Catching the data as part of the unittest class is more
IDE friendly cause they won't call __main__ but using the
test methods directly.
 2023-01-04 15:58:35 +01:00
Nasreddine Bencherchali 3bd12552bb feat: add bitlocker channel 2023-01-02 22:19:32 +01:00
Nasreddine Bencherchali 15798527e2 fix: typo in message 2023-01-02 21:33:15 +01:00
frack113 c62d624892 Use W3C cs-uri-query 2023-01-02 18:56:34 +01:00
frack113 41c850e00b Use W3C cs-uri-query 2023-01-02 18:45:50 +01:00
frack113 a1a94a0b66 Update W3C field name 2023-01-02 16:39:55 +01:00
frack113 8720356684 Update field name 2023-01-02 15:49:45 +01:00
frack113 014684ddcd add win_dns_analytic_ prefix 2023-01-02 12:16:09 +01:00
frack113 b13a74adc9 Update from review 2023-01-02 12:05:54 +01:00
frack113 0e8d1f9b0d Check field name 2023-01-02 10:59:51 +01:00
frack113 27f3ba9257 Add linux auditd 2023-01-01 13:18:51 +01:00
frack113 6d0b86aae3 Keep only sysmon linux used 2022-12-31 19:14:40 +01:00
frack113 c2ce5d01fc Add sysmon linux v1.0.2 2022-12-31 18:08:11 +01:00
frack113 481ae23c3e Make it more generic 2022-12-30 18:17:31 +01:00
frack113 4a0b571598 add new test 2022-12-30 16:31:41 +01:00
frack113 3c2e1a6a3e add new test 2022-12-30 16:00:42 +01:00
Nasreddine Bencherchali 261bb8758a Merge branch 'SigmaHQ:master' into nasbench-rule-devel 2022-12-30 11:49:08 +01:00
frack113 aee5ca7afc Fix invalid field cast or name (#3841) 2022-12-30 11:46:21 +01:00
Nasreddine Bencherchali 58f47b9875 fix: add known children appvlp 2022-12-30 10:24:25 +01:00
Nasreddine Bencherchali 5e22c69c3c feat: add file_access case in test (#3836) 
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2022-12-29 19:35:21 +01:00
Nasreddine Bencherchali 964da01186 fix: test logic 2022-12-29 18:27:58 +01:00
Nasreddine Bencherchali c2e8283806 fix: add missing try/except 2022-12-29 17:30:26 +01:00
Nasreddine Bencherchali d0920f0931 fix: small error in deletion 2022-12-29 17:23:38 +01:00
Nasreddine Bencherchali e20cb470cc fix: enhance element deletion 
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2022-12-29 17:19:01 +01:00
Nasreddine Bencherchali 123202f112 feat: add file_access case in test 2022-12-29 15:30:57 +01:00
Nasreddine Bencherchali 03cc78e916 feat: filename test enhancements (#3812) 2022-12-23 09:25:16 +01:00
frack113 a27dc6c43a Check for issue 3724 2022-12-22 08:46:25 +01:00
frack113 44a25df15f Check for issue 3724 2022-12-22 08:41:37 +01:00