security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,160 Commits 1 Branch 57 Tags
f6ad36f530debdea40afa5ec6e3bbd0ddebe22f2
Commit Graph

1160 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Thomas Patzke f6ad36f530 Fixed rule 2018-11-29 00:00:18 +01:00
Thomas Patzke 1118b80288 Added elastalert backend to CI testing 2018-11-29 00:00:00 +01:00
Thomas Patzke 0a5caae5df Merge branch 'master' of https://github.com/lsoumille/sigma into lsoumille-master 2018-11-28 23:53:15 +01:00
Florian Roth 99e0a4defb fix: SPARK config duplicate identifier 2018-11-27 14:05:13 +01:00
lsoumille 50c74b94bc add elastalert backend support 2018-11-23 20:39:15 +01:00
Florian Roth 7ba1fe4309 Turla PNG Dropper Service Name 2018-11-23 08:46:20 +01:00
Florian Roth e7762c71ce Merge remote-tracking branch 'origin/master' 2018-11-22 19:14:12 +01:00
Florian Roth ec83ab5e13 APT28 Zebrocy rule 
https://app.any.run/tasks/54acca9a-394e-4384-a0c8-91a96d36c81d
 2018-11-22 19:14:07 +01:00
Thomas Patzke aa1a953a65 Moved node dumping code to generic location 2018-11-21 23:22:38 +01:00
Thomas Patzke 26d888aec3 Removed "not null" handling code 
Feature was removed some time ago.
 2018-11-21 22:56:48 +01:00
Thomas Patzke a1940c6eaa Simplified rule 2018-11-21 22:34:04 +01:00
Thomas Patzke 9e28669c33 Backend es-qs return quotes on empty or whitespace-only string 2018-11-21 22:29:12 +01:00
Thomas Patzke 49d464f979 Fixed wildcards in es-qs backend 2018-11-20 23:23:54 +01:00
Florian Roth a31acd6571 fix: fixed procdump rule 2018-11-17 09:10:26 +01:00
Florian Roth fd06cde641 Rule: Detect base64 encoded PowerShell shellcode 
https://twitter.com/cyb3rops/status/1063072865992523776
 2018-11-17 09:10:09 +01:00
Florian Roth b92c032c2d Linux JexBoss back connect shell 2018-11-08 23:21:36 +01:00
Florian Roth fc7a750f0f Added RSA NetWitness to the supported targets 2018-11-07 22:56:51 +01:00
Thomas Patzke 102b56dfe3 Merge branch 'tuckner-master' 2018-11-07 22:53:15 +01:00
Thomas Patzke 396a030ed1 Removed duplicate code 2018-11-07 22:52:12 +01:00
Thomas Patzke 6b8ddd6ac0 Added CI test for NetWitness backend 2018-11-07 22:36:34 +01:00
Thomas Patzke 116a0e9f03 Merge branch 'master' of https://github.com/tuckner/sigma into tuckner-master 2018-11-07 22:27:41 +01:00
Thomas Patzke fe79be894b Merge branch 'master' of https://github.com/Neo23x0/sigma 2018-11-07 14:01:21 +01:00
Thomas Patzke 5053cc4e95 Fixed optimizing of not conditions with subexpressions 
Optimization pass traversal is cut at ConditionNOT nodes.
 2018-11-07 13:54:45 +01:00
Thomas Patzke a88b1e81ec Optimizer debugging code cleanup 
* Removed commented debugging code
* Output to stdin
* Coverage exception for _dumpNode
 2018-11-07 13:49:08 +01:00
Florian Roth 0ee515db47 Merge pull request #192 from neu5ron/patch-2 
Update win_alert_ad_user_backdoors.yml
 2018-11-07 08:34:16 +01:00
Nate Guagenti 9bfdcba400 Update win_alert_ad_user_backdoors.yml 
add another detection rule for delegation via the attack described in harmj0y's blog:
https://www.harmj0y.net/blog/redteaming/another-word-on-delegation/
 2018-11-05 21:08:19 -05:00
tuckner bd5b823725 Removed specific NetWintess config from test 2018-10-31 14:32:13 -05:00
tuckner ca6ba4a85b Added NetWitness backend and tests 2018-10-31 14:24:14 -05:00
tuckner 26f73d60fa Added NetWitness backend and tests 2018-10-31 14:07:59 -05:00
Florian Roth 37294d023f Suspicious svchost.exe executions 2018-10-30 09:37:40 +01:00
Florian Roth 580692aab4 Improved procdump on lsass rule 2018-10-30 09:37:40 +01:00
Thomas Patzke eacfaa7460 Check for forbidden null values in list items in Splunk backend 2018-10-27 01:07:03 +02:00
Thomas Patzke 423a73efd5 Dropped .py suffix 2018-10-22 23:02:05 +02:00
Thomas Patzke 1b1f22c5c2 Added sigma2misp to README 2018-10-22 23:02:05 +02:00
Thomas Patzke b2d6d73034 Added requirements 2018-10-22 22:43:59 +02:00
Thomas Patzke 16e3838a90 Renamed script 2018-10-19 21:23:33 +02:00
Thomas Patzke 6b14930302 Recursive path traversal 2018-10-19 21:21:33 +02:00
Thomas Patzke 67b416379f Improved import of multiple rules 2018-10-19 19:53:00 +02:00
Thomas Patzke 60b6f5d50a Merge branch 'samsson-patch-9' 2018-10-18 16:21:11 +02:00
Thomas Patzke ff98991c80 Fixed rule 2018-10-18 16:20:51 +02:00
Thomas Patzke a2da73053d Merge branch 'patch-9' of https://github.com/samsson/sigma into samsson-patch-9 2018-10-18 16:16:57 +02:00
Thomas Patzke 96d6d520b7 Merge branch 'pivotforensics-master' 2018-10-18 16:14:53 +02:00
Thomas Patzke 0fd8b986fd Added CI tests 2018-10-18 16:14:16 +02:00
Thomas Patzke 0cc8b77307 Merge branch 'master' of https://github.com/pivotforensics/sigma into pivotforensics-master 2018-10-18 15:56:26 +02:00
Thomas Patzke 732de3458f Merge pull request #186 from megan201296/patch-15 
Update sysmon_cmstp_com_object_access.yml
 2018-10-18 15:49:06 +02:00
Thomas Patzke fdd0823e07 Merge pull request #187 from megan201296/patch-16 
Additional MITRE ATT&CK Tagging
 2018-10-18 15:38:11 +02:00
Thomas Patzke 60765d903a Merge branch 'ntim-master' 2018-10-18 15:34:34 +02:00
Thomas Patzke 5609728a8a included XPack Watcher JSON output in CI tests 2018-10-18 14:56:21 +02:00
ntim e501c4a5b9 Added additional output type 'json' to the xpack-watcher backend which prints each watcher as compress json, one watcher per line 2018-10-17 10:38:56 +02:00
Michael H 5b33713ef8 Quick fix for string formatting bug 2018-10-13 20:21:37 -05:00