security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
13,444 Commits 1 Branch 57 Tags
fc8eeb7b1e95cfac0ef6afcfdc8655e7eaddaaa3
Commit Graph

3958 Commits

Author SHA1 Message Date
Nasreddine Bencherchali fc8eeb7b1e Fix FP 2022-11-07 12:11:30 +01:00
Florian Roth 9bf023ceba Merge pull request #3670 from nasbench/fix-false-positives 
Aurora - Fix FP Found In Testing
 2022-11-04 17:56:32 +01:00
Florian Roth be9bda1d54 Merge pull request #3673 from SigmaHQ/rule-devel 
fix: Adfind rule, rework: Racoon stealer UA, rule: ngrok tunneling
 2022-11-04 17:55:21 +01:00
Nasreddine Bencherchali 117d400c49 Deprecate 82a19e3a-2bfe-4a91-8c0d-5d4c98fbb719 2022-11-03 13:42:45 +01:00
Nasreddine Bencherchali d86c05643b Deprecate dca91cfd-d7ab-4c66-8da7-ee57d487b35b 2022-11-03 13:41:40 +01:00
Nasreddine Bencherchali 3b4f41d588 Update proc_creation_win_susp_run_folder.yml 2022-11-03 11:16:03 +01:00
Florian Roth 1d37ec5f74 Merge pull request #3667 from nasbench/kes-rules 
KES Rule
 2022-11-02 08:17:47 +01:00
Nasreddine Bencherchali e423c92d3f Update proc_creation_win_lolbin_kavremover.yml 2022-11-01 19:01:40 +01:00
Florian Roth 5e9083261a Merge pull request #3665 from nasbench/nasbench-rule-devel 
Rule Dev
 2022-11-01 18:57:31 +01:00
phantinuss c8a4638c15 Merge pull request #3663 from SigmaHQ/aurora-false-positive-fixing 
Aurora false positive fixing
 2022-11-01 16:23:48 +01:00
Florian Roth b00966d79d fix: dysfunctional renamed adfind rule 2022-11-01 14:58:02 +01:00
Nasreddine Bencherchali 0fbbd96c41 Create proc_creation_win_lolbin_kavremover.yml 2022-11-01 11:23:57 +01:00
Nasreddine Bencherchali 7dbc88385c Update rules/windows/process_creation/proc_creation_win_susp_regsvr32_image.yml 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2022-11-01 10:31:50 +01:00
Nasreddine Bencherchali 137608773b Update proc_creation_win_susp_guid_task_name.yml 2022-11-01 10:22:26 +01:00
Florian Roth d209219192 Update proc_creation_win_susp_rundll32_by_ordinal.yml 2022-11-01 09:55:44 +01:00
phantinuss efbe16afe3 fix: use all filter selections 2022-11-01 09:08:25 +01:00
Nasreddine Bencherchali 0aff47946d Fix FP 2022-11-01 01:05:42 +01:00
Florian Roth 850d0edf80 Update proc_creation_win_susp_rundll32_by_ordinal.yml 2022-11-01 00:16:17 +01:00
Nasreddine Bencherchali a936332a1c Update proc_creation_win_susp_regsvr32_image.yml 2022-10-31 21:06:15 +01:00
Nasreddine Bencherchali 96b7303a31 New Rules 2022-10-31 20:59:33 +01:00
Nasreddine Bencherchali 97d927a637 Add more lolbins 2022-10-31 20:57:57 +01:00
Nasreddine Bencherchali a6445a9051 Update proc_creation_win_susp_regsvr32_image.yml 2022-10-31 20:56:44 +01:00
Nasreddine Bencherchali 36b9716b27 Update proc_creation_win_esentutl_webcache.yml 2022-10-31 20:56:29 +01:00
Florian Roth ce750aba9c fix: wrong condition 2022-10-31 17:38:04 +01:00
Florian Roth b17777751e Merge branch 'master' into aurora-false-positive-fixing 2022-10-31 15:53:53 +01:00
phantinuss 743ebf08f7 Merge pull request #3660 from qasimqlf/patch-10 
Title Fix
 2022-10-31 11:53:46 +01:00
Florian Roth 711844ea93 fix: Visual Studio Builds 2022-10-31 11:48:24 +01:00
phantinuss 0d63c5a4ff fix: modified should change on title changes 
https://github.com/SigmaHQ/sigma/wiki/Rule-Creation-Guide#date
 2022-10-31 11:44:16 +01:00
phantinuss 1f9a833b9b fix: no modified date for changes on meta data 2022-10-31 11:34:08 +01:00
phantinuss 2788fba40d fix: FPs found with Aurora 2022-10-31 11:31:30 +01:00
Qasim Qlf b3c0301bde Title Fix 2022-10-31 15:23:05 +05:00
frack113 095bc89545 Update proc_creation_win_susp_vslsagent_agentextensionpath_load.yml 
change to LF
 2022-10-31 08:49:16 +01:00
frack113 5c416e94cf Update proc_creation_win_susp_vslsagent_agentextensionpath_load.yml 2022-10-31 08:20:41 +01:00
bohops c0e98d352a Add vsls-agent lolbin rule 2022-10-30 17:06:37 -04:00
Nasreddine Bencherchali ff3d576a1a Fix small typos 2022-10-28 23:51:43 +02:00
Nasreddine Bencherchali fd256717b0 Update proc_creation_win_msiexec_install_quiet.yml 2022-10-28 18:03:47 +02:00
Nasreddine Bencherchali 012e10a8be Update proc_creation_win_raspberry_robin_single_dot_ending_file.yml 2022-10-28 17:51:46 +02:00
Nasreddine Bencherchali ae2f3ea66d Add examples 2022-10-28 17:51:26 +02:00
Nasreddine Bencherchali d6e076658d Update after merge 2022-10-28 17:42:57 +02:00
Nasreddine Bencherchali c21524b249 Merge branch 'nasbench-rule-devel' of https://github.com/nasbench/sigma into nasbench-rule-devel 2022-10-28 17:37:54 +02:00
Nasreddine Bencherchali 3cb577ddfc Raspberry Robin Related Rules 2022-10-28 17:25:25 +02:00
frack113 1f8e37351e order yaml 2022-10-28 15:06:36 +02:00
Nasreddine Bencherchali 9d8cc243eb Update description 2022-10-28 13:16:38 +02:00
Nasreddine Bencherchali 66b251604a Add related field to new rule 2022-10-28 13:15:10 +02:00
phantinuss f004d27efe fix: FP from testing environment 2022-10-28 11:39:53 +02:00
Gude5 a3e6856764 new rules: Sigma rules based on Elastic rules (#3632) 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-10-28 10:13:44 +02:00
frack113 625f05df3c Merge pull request #3646 from nasbench/nasbench-rule-devel 
Rule Dev
 2022-10-28 06:34:48 +02:00
phantinuss 152f22ba01 fix: FPs in testing environment 2022-10-27 09:46:05 +02:00
Nasreddine Bencherchali 4be6af3c08 Add/Update PAExec Rules 2022-10-26 23:27:17 +02:00
Nasreddine Bencherchali efe0cf5871 Add/Update Exchange/Mailbox Rules 2022-10-26 23:17:54 +02:00