security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
830 Commits 1 Branch 57 Tags
fc080770861fed5894e22d5fcb18eedec99ab0a4
Commit Graph

830 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Florian Roth fc08077086 Merge pull request #116 from suleymanozarslan/master 
ATT&CK tagging of Suspicious Certutil Command rule
 2018-07-19 08:25:50 -06:00
Suleyman Ozarslan 05b91847cd ATT&CK tagging of Suspicious Certutil Command rule 2018-07-19 16:42:39 +03:00
Florian Roth cea2dcbd89 docs: Info Graphic version 0.1 LQ / HQ 2018-07-17 19:25:37 -06:00
Florian Roth 9767f22756 docs: Info Graphic version 0.1 - fix 2018-07-17 19:14:40 -06:00
Florian Roth f27252bfaa docs: Info Graphic version 0.1 2018-07-17 19:12:56 -06:00
Thomas Patzke bdea097b80 ATT&CK tagging 2018-07-17 23:58:11 +02:00
Thomas Patzke 926dc7d56b Updated backends in README 2018-07-17 23:34:53 +02:00
Thomas Patzke a9257c32c6 Sigma tools release 0.6 0.6 2018-07-17 23:12:23 +02:00
Thomas Patzke 63f9093896 Merge of SOC Prime QRadar backend 2018-07-17 22:57:54 +02:00
Thomas Patzke 52e4910ab6 Added QRadar backend to CI testing 2018-07-17 22:56:31 +02:00
Thomas Patzke 5bd898ed1d Merge branch 'master' of https://github.com/socprime/sigma 2018-07-17 22:45:21 +02:00
Florian Roth 9e92b97661 Merge pull request #111 from nikseetharaman/cmstp_execution 
Add sysmon_cmstp_execution
 2018-07-17 14:39:56 -06:00
nikotin 88a1e2a365 Merge remote-tracking branch 'origin/master' 2018-07-17 15:25:27 +03:00
nikotin b5f27d75be Added Qradar backend 2018-07-17 15:25:06 +03:00
Florian Roth 3f0040b983 Removed duplicate status field 2018-07-16 15:55:31 -06:00
Florian Roth 429474b6d6 Merge pull request #113 from megan201296/patch-9 
fixed typo
 2018-07-16 15:38:52 -06:00
Florian Roth e184f3f5b9 Merge pull request #112 from megan201296/patch-8 
fixed typo
 2018-07-16 15:38:19 -06:00
megan201296 02ea2cf923 fixed typo 2018-07-16 16:20:33 -05:00
megan201296 60310e94c6 fixed typo 2018-07-16 16:13:24 -05:00
socprime eee5a1b1df Merge pull request #2 from Neo23x0/master 
Pull updates
 2018-07-16 18:49:16 +03:00
Nik Seetharaman 3630386230 Add sysmon_cmstp_execution 2018-07-16 02:53:41 +03:00
Florian Roth 7a031709bb Merge pull request #108 from megan201296/patch-5 
fixed typo
 2018-07-14 18:31:40 -06:00
Florian Roth 70ab83eb65 Merge pull request #109 from megan201296/patch-6 
Fixed typo
 2018-07-14 18:31:21 -06:00
Florian Roth be77c893c2 Merge pull request #110 from megan201296/patch-7 
typo fix
 2018-07-14 18:31:07 -06:00
megan201296 be7a3b0774 Update sysmon_susp_mmc_source.yml 2018-07-13 18:49:08 -05:00
megan201296 a6455cc612 typo fix 2018-07-13 18:48:36 -05:00
megan201296 8944be1efd Update sysmon_susp_driver_load.yml 2018-07-13 18:36:12 -05:00
megan201296 a169723005 fixed typo 2018-07-13 13:53:21 -05:00
socprime 86cbab5190 Merge pull request #1 from Neo23x0/master 
Pull updates
 2018-07-11 15:01:43 +03:00
Thomas Patzke 2dc5295abf Removed redundant attribute from rule 2018-07-10 22:50:02 +02:00
Thomas Patzke d064d24fbe Sigmac WDATP backend: renamed action types 2018-07-10 22:49:38 +02:00
Florian Roth 57727d2397 Merge pull request #107 from megan201296/typo-fixes 
Typo fixes
 2018-07-10 10:29:10 -06:00
megan201296 24d2d0b258 Fixed typo 2018-07-10 09:14:37 -05:00
megan201296 d6ea0a49fc Fixed typoes 2018-07-10 09:14:07 -05:00
megan201296 3ec67393cd Fixed typo 2018-07-10 09:13:41 -05:00
Florian Roth 66481c27a9 Merge pull request #106 from megan201296/patch-4 
Fixed typo
 2018-07-09 12:43:39 -06:00
megan201296 b0bc3b66ed Fixed typo 2018-07-09 13:32:16 -05:00
Florian Roth a030db2c94 Merge pull request #105 from megan201296/patch-3 
removed duplicates
 2018-07-09 12:18:32 -06:00
megan201296 120479abb7 removed duplicates 2018-07-09 12:32:41 -05:00
Florian Roth aed6939411 Merge pull request #104 from megan201296/patch-2 
Fixed typo
 2018-07-09 11:07:48 -06:00
megan201296 c4bd267151 Fixed typo 2018-07-09 12:02:42 -05:00
Florian Roth 1574f1ea47 Merge pull request #103 from megan201296/patch-1 
Fixed spelling mistake
 2018-07-09 08:32:09 -06:00
megan201296 a7ccfcb50d Fixed spelling mistake 2018-07-09 09:13:31 -05:00
Florian Roth c8fef4d093 fix: removed unnecessary lists 2018-07-07 15:43:56 -06:00
Florian Roth dea019f89d fix: some threat levels adjusted 2018-07-07 13:00:23 -06:00
Florian Roth 9ce8630a27 Merge pull request #102 from yt0ng/patch-4 
MSHTA spwaned by SVCHOST as seen in LethalHTA
 2018-07-07 12:59:00 -06:00
yt0ng 6a014a3dc8 MSHTA spwaned by SVCHOST as seen in LethalHTA 
"Furthermore it can be detected by an mshta.exe process spawned by svchost.exe."
 2018-07-06 19:52:58 +02:00
Florian Roth ed470feb21 Merge pull request #99 from yt0ng/master 
Detects ImageLoad by uncommon Image
 2018-07-06 10:11:02 -06:00
yt0ng b21afc3bc8 user subTee was removed from Twitter 2018-07-04 17:29:05 +02:00
yt0ng f84c33d005 Known powershell scripts names for exploitation 
Detects the creation of known powershell scripts for exploitation
 2018-07-04 17:24:18 +02:00