security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
14,511 Commits 1 Branch 57 Tags
f42eb77f299f400ca7527ecd91ef653b68d15a31
Commit Graph

739 Commits

Author SHA1 Message Date
Nasreddine Bencherchali f42eb77f29 fix: rule logic 2023-01-25 12:03:11 +01:00
Nasreddine Bencherchali d47215d469 fix: single element selection 2023-01-25 01:35:47 +01:00
Nasreddine Bencherchali 7d2b70cb91 feat: add bpf related rules 2023-01-25 01:14:49 +01:00
Nasreddine Bencherchali 1c0bf6e262 feat: update windows firewall rules 2023-01-17 19:01:37 +01:00
Nasreddine Bencherchali 85fb255bc9 feat: new rules and updates 2023-01-17 01:00:44 +01:00
frack113 e886902374 Update proc_creation_lnx_system_network_connections_discovery.yml 2023-01-13 10:12:10 +01:00
Veramine d91a1d0903 filter some legitimate activity 
Filter landscape-sysinfo tool calling who
 2023-01-13 00:47:40 -08:00
Nasreddine Bencherchali 15757c2b7d fix: remove tactic links 2023-01-10 19:20:31 +01:00
frack113 4023bf2c83 Remove mitre url 2023-01-10 18:09:04 +01:00
frack113 d6059d801b Filename normalisation 2023-01-07 08:52:11 +01:00
Nasreddine Bencherchali ea4b844c8e fix: broken selections 2023-01-06 17:28:29 +01:00
Nasreddine Bencherchali 7e73028c5e feat: updates and enhancements 2023-01-06 16:35:34 +01:00
frack113 39d4b577a1 Merge pull request #3872 from frack113/linux_order 
order linux file
 2023-01-05 10:18:53 +01:00
frack113 379fa4f3df Update modified 2023-01-05 09:11:49 +01:00
xFFninja a499c7076d fix Image field 
On Linux git has no .exe extension
 2023-01-05 09:47:11 +02:00
frack113 01e7adeb30 order linux file 2023-01-05 08:14:19 +01:00
Nasreddine Bencherchali d8b8cf04bd fix: wrong fp 2023-01-04 18:38:04 +01:00
Nasreddine Bencherchali 2b04519923 fix: unique item list 2023-01-04 18:26:59 +01:00
Nasreddine Bencherchali 711ba956e3 feat: updates and enhancements 2023-01-04 17:49:32 +01:00
frack113 b6426ab3f9 Fix file name 2022-12-31 18:23:37 +01:00
frack113 c2ce5d01fc Add sysmon linux v1.0.2 2022-12-31 18:08:11 +01:00
frack113 ddb5cd0ead Add sysmon linux v1.0.2 2022-12-31 18:04:21 +01:00
signalblur 73f56c2f0e Hidden Linux Binary Execution (#3108) 
Co-authored-by: Florian Roth <venom14@gmail.com>
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2022-12-31 08:27:32 +01:00
Nasreddine Bencherchali 425c29cf1c feat: add new linux rules 2022-12-29 11:17:42 +01:00
Nasreddine Bencherchali 85aa0220d0 Merge pull request #3819 from blueteam0ps/master 
lnx_auditd_debugfs_usage.yml
 2022-12-27 16:57:22 +01:00
Nasreddine Bencherchali 0d2ddb4a9b fix: small selection fix for clarity 2022-12-27 16:23:09 +01:00
Nasreddine Bencherchali 256d6a839e fix: update condition 
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2022-12-27 16:13:56 +01:00
Nasreddine Bencherchali 281dc11fc5 fix: remove correlation 2022-12-27 15:31:51 +01:00
frack113 7060db3d47 Promotion rules (#3821) 
* Promotion rules

* fix missing null

* fix: modified date

Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-27 12:29:10 +01:00
tuan 2d759cad94 Add rule delete group or user (#3822) 
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-27 11:21:14 +01:00
BlueTeamOps 1d8256fa69 Update lnx_auditd_debugfs_usage.yml 2022-12-25 09:47:19 +11:00
BlueTeamOps 81d8d1a5a7 replaced timeframe with timespan 2022-12-25 08:10:03 +11:00
BlueTeamOps 976d994cee Updated to include additional tools 
Expanded the list of Linux tools that may be used to obtain volume meta info and also included the auditd.
Removed specific switches for tools as those tools and debugfs exec within that time period will be rare.
 2022-12-25 07:57:18 +11:00
BlueTeamOps de84fbcd62 lnx_auditd_debugfs_usage.yml 2022-12-24 23:41:20 +11:00
Nasreddine Bencherchali 57e51cca2a fix: typo in near operator 2022-12-22 16:08:21 +01:00
Nasreddine Bencherchali e71d45b007 Merge branch 'SigmaHQ:master' into nasbench-rule-devel 2022-12-21 21:39:37 +01:00
Nasreddine Bencherchali 9d4bbec633 Merge pull request #3805 from zakibro/master 
Create lnx_privileged_user_creation.yml
 2022-12-21 21:35:59 +01:00
Nasreddine Bencherchali 4c7db89847 fix: improve overall structure 2022-12-21 20:40:29 +01:00
Nasreddine Bencherchali b9ae5303f1 Merge pull request #2801 from tuanhxh1/master 
add rules related to usage of "usermod"
 2022-12-21 20:33:04 +01:00
zakibro a0c07b2fba Update rules/linux/builtin/lnx_privileged_user_creation.yml 
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2022-12-21 19:31:34 +01:00
zakibro 14f006382a Update rules/linux/builtin/lnx_privileged_user_creation.yml 
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2022-12-21 19:31:24 +01:00
Nasreddine Bencherchali d51ff694a4 fix: rule status 2022-12-21 19:23:23 +01:00
zakibro 0fa4f8a454 Create lnx_privileged_user_creation.yml 
Adding new use case for tracking of Creation of privileged user in linux
 2022-12-21 18:16:20 +01:00
Nasreddine Bencherchali c97463e774 fix: update linux rules 2022-12-21 17:59:46 +01:00
Nasreddine Bencherchali 120196b2fc fix: resolve #2613 2022-12-21 10:33:31 +01:00
Nasreddine Bencherchali c36acb333f fix: typo in comment 2022-12-20 22:28:49 +01:00
Nasreddine Bencherchali e72bc1dcaf fix: add reference 2022-12-20 22:14:46 +01:00
Nasreddine Bencherchali 592e0062a1 fix: update condition and add new ref 2022-12-20 22:14:14 +01:00
zakibro 1a117d38e7 Update rules/linux/auditd/lnx_auditd_create_account.yml 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-20 19:30:26 +01:00
zakibro 59e4dc3e1c Modifying Creation Of An User Account 
Added additional test for record type of ADD_USER which should be generated whether you have created auditd rule or not.
 2022-12-20 15:51:40 +01:00