security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,718 Commits 1 Branch 57 Tags
fb73dfca88643ffca2f27af4a5f93025a36f0c3e
Commit Graph

8957 Commits

Author SHA1 Message Date
Nasreddine Bencherchali fb73dfca88 Merge branch 'master' of https://github.com/nasbench/sigma 2022-07-11 14:11:59 +01:00
Nasreddine Bencherchali 238e0ecd7d Update Ref+Selection 2022-07-11 14:11:53 +01:00
Florian Roth e7f5b07f2d Merge pull request #3213 from SigmaHQ/rule-devel 
refactor: another Follina process pattern observed ITW
 2022-07-11 13:00:51 +02:00
Florian Roth 5b8f7d977f Merge branch 'rule-devel' of https://github.com/SigmaHQ/sigma into rule-devel 2022-07-11 12:52:08 +02:00
Florian Roth a17364104b refactor: Follina patterns 2022-07-11 12:52:06 +02:00
Nasreddine Bencherchali d2f08cca5d New Rules 2022-07-11 10:22:45 +01:00
frack113 792fde6466 Merge pull request #3206 from baileybercik/baileybercik 
Create azure_app_highly_privileged_permissions.yml
 2022-07-10 07:59:01 +02:00
frack113 0f1c8183a1 fix references 2022-07-09 08:51:45 +02:00
frack113 b923260be4 Update azure_app_highly_privileged_permissions.yml 2022-07-09 08:42:54 +02:00
Florian Roth 9daef055ae Merge pull request #3211 from SigmaHQ/rule-devel 
fix: FPs with notepad as parent
 2022-07-08 20:40:49 +02:00
Florian Roth 079a41b087 Merge branch 'rule-devel' of https://github.com/SigmaHQ/sigma into rule-devel 2022-07-08 19:28:46 +02:00
Florian Roth 0640695258 fix: FPs with notepad.exe as parent 
Closing https://github.com/SigmaHQ/sigma/issues/3208
 2022-07-08 19:28:43 +02:00
frack113 4f21febbb4 Fix detection 2022-07-08 18:20:37 +02:00
Florian Roth d15f3d738b Merge pull request #3207 from SigmaHQ/rule-devel 
fix: missing Windows Defender source, rule: Proxy UA Base64
 2022-07-08 11:14:00 +02:00
Florian Roth 9b47c868bc fix: list and add base64 encoded Mozilla keyword 2022-07-08 10:50:52 +02:00
Florian Roth 578c838277 Merge pull request #3203 from nasbench/master 
Reference Update [Batch 1]
 2022-07-08 10:47:50 +02:00
Florian Roth 6fc782958a rule: Proxy UA Base64 value 2022-07-08 10:40:35 +02:00
Nasreddine Bencherchali 8b9307de30 Update selections 2022-07-07 20:55:19 +01:00
Nasreddine Bencherchali 68c27b56d4 Update proc_creation_win_exploit_cve_2020_1048.yml 2022-07-07 20:16:30 +01:00
Nasreddine Bencherchali aec95b6d65 Update selections and indentation 2022-07-07 20:13:45 +01:00
Nasreddine Bencherchali 49e389db5c Add More paths 2022-07-07 19:13:22 +01:00
Nasreddine Bencherchali b26c28972d Add missing definition fields and references 2022-07-07 19:13:01 +01:00
Florian Roth 21d2bbdba4 fix: filter expressions missing in condition 2022-07-07 18:42:05 +02:00
Florian Roth c7eb123bc3 Merge branch 'master' into aurora-false-positive-fixing 2022-07-07 18:21:16 +02:00
Florian Roth b58c797c61 fix: FPs with Visual Studio 2022-07-07 18:20:10 +02:00
Florian Roth a70b4e5e9d fix: FPs 2022-07-07 17:47:43 +02:00
Nasreddine Bencherchali 7e25625976 Update 2 2022-07-07 15:46:49 +01:00
Nasreddine Bencherchali 851d55a41f Update 2022-07-07 15:37:28 +01:00
Nasreddine Bencherchali 5b352ee34c Update proxy_cobalt_amazon.yml 2022-07-07 15:29:46 +01:00
Nasreddine Bencherchali 8fc9209250 Update proc_creation_macos_system_network_discovery.yml 2022-07-07 15:28:45 +01:00
Nasreddine Bencherchali d03f6df250 Reference Update [Batch 1] 2022-07-07 15:24:15 +01:00
phantinuss 15513ce15c fix: FP with IIS installation 2022-07-07 14:29:20 +02:00
Florian Roth beec664249 Merge pull request #3189 from redsand/fp_encoded_powershell_minor_indicator_due_to_devops 
reducing level due to low indicator, per devops processes
 2022-07-06 18:34:27 +02:00
Florian Roth d4781fa63c refactor: split up rule into one low & one medium 2022-07-06 18:24:59 +02:00
Florian Roth 611ad5f22f Merge pull request #3201 from phantinuss/master 
FPs found in Testing
 2022-07-06 18:18:13 +02:00
Florian Roth d0e51c8cf0 Merge pull request #3202 from redsand/fp_svchost_write_spoolsv_download_update 
False positive when detecting svchost unpack and deploy updates suchs…
 2022-07-06 18:17:15 +02:00
Tim Shelton 745e4ef491 False positive when detecting svchost unpack and deploy updates suchs spoolsv.exe 2022-07-06 14:38:25 +00:00
phantinuss a919490811 fix: FP found in testing 2022-07-06 15:38:32 +02:00
phantinuss ce1710a031 fix: FPs found in testing 2022-07-06 15:38:31 +02:00
Florian Roth a5b00c6911 Merge pull request #3198 from nasbench/tripleCross-detection 
Triple Cross Rules
 2022-07-06 09:29:51 +02:00
Nasreddine Bencherchali 6cd83a232d Update file_create_lnx_persistence_sudoers_files.yml 2022-07-05 19:43:58 +01:00
Nasreddine Bencherchali d89b20d06e Switch links to permalinks 2022-07-05 19:43:07 +01:00
Nasreddine Bencherchali 83387d2ca9 Update and Fix 2022-07-05 19:28:28 +01:00
Nasreddine Bencherchali 9024f223e7 Update file_create_lnx_triple_cross_rootkit_persistence.yml 2022-07-05 16:06:49 +01:00
Nasreddine Bencherchali 498cc55a86 Triple Cross Rules 2022-07-05 15:58:22 +01:00
Florian Roth 6f23d569b8 Merge pull request #3197 from SigmaHQ/rule-devel 
refactor: mshta service rule, new ampersand rule
 2022-07-05 16:25:00 +02:00
frack113 88a6ec96e7 Update proc_creation_win_powershell_cmdline_specific_comb_methods.yml 2022-07-05 16:04:00 +02:00
Florian Roth e366cc15b5 rule: new services with two ampersands 2022-07-05 16:02:06 +02:00
frack113 b3595c2605 Update proc_creation_win_powershell_cmdline_specific_comb_methods.yml 2022-07-05 16:01:57 +02:00
Florian Roth 280d416e16 Merge branch 'rule-devel' of https://github.com/SigmaHQ/sigma into rule-devel 2022-07-05 16:01:49 +02:00