blue-team-tools

Author	SHA1	Message	Date
Nasreddine Bencherchali	143d70a959	Renamed CVE rule 5	2022-06-14 22:06:07 +01:00
Nasreddine Bencherchali	5bf7b49671	Renamed More Rules	2022-06-14 19:28:27 +01:00
Florian Roth	21c363cec9	Merge pull request #3102 from securepeacock/patch-25 Create proc_creation_lnx_nohup.yml	2022-06-07 10:47:34 +02:00
Florian Roth	cc67d69360	Merge pull request #3100 from hazedav/dd-endswith fix(rule): lnx_dd_file_overwrite /bin symlinks	2022-06-07 10:45:56 +02:00
Florian Roth	9d4822b400	Update proc_creation_lnx_nohup.yml	2022-06-07 10:35:08 +02:00
securepeacock	e7b47c9069	Create proc_creation_lnx_nohup.yml	2022-06-06 23:22:50 -04:00
David Hazekamp	bc26970596	fix(rule): lnx_dd_file_overwrite /bin symlinks This rule is subject to false negatives for *nix distros which alias /bin to /usr/bin. By using endswith we can catch dd usage for either /bin or /usr/bin.	2022-06-06 09:27:27 -05:00
securepeacock	1641eddaeb	Create proc_creation_lnx_susp_chmod_directories.yml	2022-06-03 19:24:02 -04:00
phantinuss	c2c1a2dcb7	Merge pull request #3090 from frack113/refractor_condition Refactor condition	2022-06-03 17:02:31 +02:00
$frack113$ frack113	8de0027ca3	refactor condition	2022-06-03 15:35:24 +02:00
phantinuss	8bdd2562fb	fix: avoid regex, not actually needed	2022-06-03 14:55:09 +02:00
phantinuss	1cb985487c	windows and linux python pty spawning	2022-06-03 12:17:33 +02:00
phantinuss	984b0e553c	chore: reduce rule level	2022-06-03 12:17:33 +02:00
Nasreddine Bencherchali	777b123ad0	Update proc_creation_lnx_atlassian_confluence_cve_2022_26134.yml	2022-06-03 08:38:24 +01:00
Nasreddine Bencherchali	b2b070b516	Quick Update	2022-06-03 08:31:53 +01:00
Nasreddine Bencherchali	66e0c405c8	Update proc_creation_lnx_atlassian_confluence_cve_2022_26134.yml	2022-06-03 08:09:14 +01:00
Nasreddine Bencherchali	bb41bb6905	Update proc_creation_lnx_atlassian_confluence_cve_2022_26134.yml	2022-06-03 01:25:59 +01:00
Nasreddine Bencherchali	8f947693ec	Update proc_creation_lnx_atlassian_confluence_cve_2022_26134.yml	2022-06-03 01:24:09 +01:00
Nasreddine Bencherchali	0a0418615c	Create proc_creation_lnx_atlassian_confluence_cve_2022_26134.yml	2022-06-03 01:13:40 +01:00
$frack113$ frack113	b9a0c7e437	Mitre Update	2022-05-26 18:39:42 +02:00
zakibro	7a33aac1ed	Update lnx_auditd_keylogging_with_pam_d.yml adding missing uuid	2022-05-24 17:15:54 +02:00
zakibro	89d88288d6	New detection - Linux Keylogging	2022-05-24 17:05:38 +02:00
phantinuss	112b715dd6	chore: test rules: reactivate single value list check	2022-05-10 17:13:04 +02:00
phantinuss	b4fdb13e8a	chore: test rules: check for unused selections	2022-05-10 11:07:40 +02:00
phantinuss	b991a5be52	chore: test rules: warn on errors or invalid FP reasons also adapted the existing rules to pass the tests	2022-05-09 16:07:55 +02:00
$frack113$ frack113	a305a0be45	Merge pull request #2983 from d4rk-d4nph3/master Added rule for Nimbuspwn exploitation	2022-05-05 20:41:30 +02:00
Bhabesh	a70e96355c	Beautify the rule	2022-05-05 23:48:41 +05:45
Bhabesh	7f2ad6df89	Fix for error	2022-05-05 11:24:20 +05:45
Bhabesh	46827e2655	Added rule for Nimbuspwn exploitation	2022-05-04 20:30:40 +05:45
zakibro	0bb96b323d	Update lnx_crontab_file_modification.yml	2022-04-19 19:47:12 +02:00
zakibro	4212e24424	Update lnx_crontab_file_modification.yml fixing title	2022-04-16 17:44:43 +02:00
Pawel Mazur	c1db0b4fed	Adding Linxu crontab rule	2022-04-16 17:36:11 +02:00
Florian Roth	3114433944	fix: product unix > linux	2022-03-24 11:40:51 +01:00
Florian Roth	fb7d0b5469	refactor: move macos rules to separate dir	2022-03-24 09:17:05 +01:00
phantinuss	043747822f	fix: more falsepositives harmonization	2022-03-16 14:57:06 +01:00
phantinuss	6ae28b7a1c	fix: legitimate --> Legitimate	2022-03-16 14:35:19 +01:00
phantinuss	8d3f8acb60	fix: none --> Unknown	2022-03-16 14:19:21 +01:00
phantinuss	b23eee6ebf	fix: unknown --> Unknown	2022-03-16 13:43:54 +01:00
Florian Roth	9beafefe52	rules: suspicious linux patterns	2022-03-14 12:01:52 +01:00
$frack113$ frack113	7fb8272f94	Name Normalization Name Normalization	2022-02-27 10:58:14 +01:00
$frack113$ frack113	ec7319be21	Name Normalization Name Normalization	2022-02-27 07:39:46 +01:00
Florian Roth	86892c8f89	Merge pull request #2726 from rafaelszt/master Adds root folder monitoring for bash configs	2022-02-22 17:33:21 +01:00
Rafael Teixeira	09aa506059	Updated modified date	2022-02-22 12:48:41 -03:00
$frack113$ frack113	8bb3379b68	Normalization of rule names	2022-02-22 11:16:31 +01:00
Rafael Teixeira	6ff13ddf68	Added root user files	2022-02-21 10:15:48 -03:00
Andreas Hunkeler	c8fa678a9b	rule: add tag execution to new bpftrace rule	2022-02-11 14:14:22 +01:00
Andreas Hunkeler	66b9d35ee9	rule: add new bpftrace unsafe option rule	2022-02-11 12:08:53 +01:00
$frack113$ frack113	ff9ecf395f	Fix detection	2022-02-06 19:16:27 +01:00
zakibro	d5257f9a05	Update lnx_auditd_systemd_service_creation.yml fixing logic	2022-02-04 12:15:36 +01:00
Pawel Mazur	fede3b1183	Auditd rule - Systemd Service Creation	2022-02-03 20:31:07 +01:00

1 2 3 4 5 ...

616 Commits