security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
16,016 Commits 1 Branch 57 Tags
feded2fc13daf059c80fcfe43137c8ae1480de41
Commit Graph

141 Commits

Author SHA1 Message Date
github-actions[bot] 16adc03973 Merge PR #4671 from @nasbench - Archive new rule references and update the cache file 
chore: archive new rule references and update the cache file
 2024-01-15 14:49:42 +01:00
github-actions[bot] aaebc73537 chore: archive new rule references and update cache file (#4652) 
Co-authored-by: nasbench <nasbench@users.noreply.github.com>
 2024-01-01 09:01:23 +01:00
github-actions[bot] 426ff8c412 Merge PR #4629 from @nasbench - Archive new rule references and update cache file 
chore: archive new rule references and update cache file
 2023-12-15 12:00:29 +01:00
Nasreddine Bencherchali 64c79b90ec Merge PR #4610 from @nasbench - Update Workflow 
chore: use different branch names in workflows that uses the "create-pr" action to avoid override
 2023-12-01 12:10:41 +01:00
github-actions[bot] af37ad5c4b Merge PR #4608 from @nasbench - Update Archiver Reference List 
chore: archive new rule references and update cache file

Co-authored-by: nasbench <nasbench@users.noreply.github.com>
 2023-12-01 12:06:18 +01:00
Nasreddine Bencherchali 6e4644c2b6 Merge PR #4605 from @nasbench - Revert Greetings Workflow 
chore: revert greetings workflow and update to 1.3.0
 2023-11-30 01:39:10 +01:00
Nasreddine Bencherchali 7b2406e607 Merge PR #4595 from @nasbench - Disable Greetings Workflow 
chore: temporarily disable greetings workflow
 2023-11-27 00:50:05 +01:00
phantinuss 2c24b24cf1 Merge PR #4585 from @phantinuss - Update evtx-baseline to v0.8 and fix FP found in baseline 
chore: update evtx-baseline to v0.8
chore: add file paths that impact the test
chore: split goodlog and QA tests into two separate workflows
fix: File or Folder Permissions Modifications - FPs with partial paths
 2023-11-21 15:16:18 +01:00
phantinuss 01730d0e0e Merge PR #4582 from @phantinuss - cleanup duplicate release entries and enhance manual thanking output
Create Release / Create Release (push) Has been cancelled
Details
2023-11-20 15:16:55 +01:00
phantinuss 130227bc05 Merge PR #4581 from @phantinuss - Remove in changlog, additional attribution, workflow optimization, FP tuning 
chore: run sigma rule repo tests only on specific paths
chore: add manual thanks and list removed rules in changelog
fix: Rundll32 Execution Without DLL File - remove command line restriction bc of numerous FPs

---------

Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2023-11-20 13:45:53 +01:00
frack113 d577872761 Merge PR #4551 from @frack113 - chore: move more tests to pySigma 
chore: Add attacktag and tlptag to pySigma tests
---------

Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2023-11-15 16:40:33 +01:00
github-actions[bot] 0f5f989604 Merge PR #4573 from @nasbench - Update Archived References 
chore: archive new rule references and update cache file

---------

Co-authored-by: nasbench <nasbench@users.noreply.github.com>
 2023-11-15 15:54:47 +01:00
Nasreddine Bencherchali d7a0f0e523 Merge PR #4558 from @nasbench - Update greetings workflow 
chore: update greetings workflow
 2023-11-09 11:20:16 +01:00
phantinuss 2a64bc1f88 Merge PR #4546 from @phantinuss - Update Release Script and Workflow 
chore: use less strict merge messages
chore: add version.txt to release packages
chore: generate release as draft to enable manual reviewing
 2023-11-06 15:40:11 +01:00
Nasreddine Bencherchali 880081931f Merge PR #4535 from @nasbench - Update Release Package Naming Convention 
chore: remove date tag from the release filename
 2023-11-06 13:12:02 +01:00
frack113 f6eca9a262 Merge PR #4541 from @frack113 - Update SIGMA tests 
chore: remove duplicate tests that already covered by pysigma validation
 2023-11-06 13:06:55 +01:00
frack113 271f972468 Merge PR #4538 from @frack113 - Add Sigma CLI Configuration File 
chore: add sigma-cli configuration file
fix: Suspicious Non-Browser Network Communication With Google API - Fix escaped wildcard issue and Update modifiers
fix: Uncommon PowerShell Hosts - Fix escaped wildcard issue
fix: Potential Active Directory Reconnaissance/Enumeration Via LDAP - Update logsource

---------

Co-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>
 2023-11-03 16:59:53 +01:00
github-actions[bot] 52b07b485f Merge PR #4540 from @nasbench - Update Archived Rule References 
chore: archive new rule references and update cache file

---------

Co-authored-by: nasbench <nasbench@users.noreply.github.com>
Co-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>
 2023-11-03 16:59:06 +01:00
Nasreddine Bencherchali e6cf38b212 Merge PR #4539 from @nasbench - Update Archiver Script & Related Workflow 
chore: update rule archiver script and related workflow
 2023-11-03 15:01:20 +01:00
Nasreddine Bencherchali 9831fa1833 Merge PR #4537 from @nasbench - Fix Workflow related issues 
chore: update archiver script and issues template
 2023-11-02 13:58:37 +01:00
phantinuss 4852ee4648 Merge PR #4500 From @phantinuss
Create Release / Create Release (push) Has been cancelled
Details 
chore: clarify latest release location in release message
 2023-10-23 11:45:45 +02:00
Nasreddine Bencherchali 95793d73bd Merge PR #4482 From @nasbench - Add New Automation Workflows 
chore: update workflows and add quality of life updates and automation to the repository

---------

Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-10-18 11:53:44 +02:00
phantinuss 57176251b0 Merge PR #4469 From @phantinuss - Add Release Packages 
chore: add workflows, scripts and documentation for release packages

---------

Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2023-10-09 00:02:20 +02:00
phantinuss 733de447de Merge PR #4464 from @phantinuss - Update Goodlog Test 
chore: add threat hunting rules to goodlog tests

---------

Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2023-09-29 14:33:55 +02:00
phantinuss 78f323742f Merge PR #4455 from @phantinuss - Update Test Script 
chore: add rules-emerging-threats to goodlog tests
 2023-09-27 10:04:06 +02:00
phantinuss af05a5b969 Merge PR #4391 from @phantinuss - remove listing from changelog in PR template 
chore: remove listing from changelog in PR template
 2023-08-24 13:06:55 +02:00
phantinuss fdc5b6a6db chore: update PULL_REQUEST_TEMPLATE.md - add changelog instead of detailed description (#4386) 2023-08-23 14:21:07 +02:00
phantinuss da8d42fa2b Merge pull request #4385 from @phantinuss - Update Workflow Pipeline 
- fix: Devil Bait Potential C2 Communication Traffic
- chore: update workflow to run on all rules
- chore: unpin the sigma-cli version from the workflow
 2023-08-23 14:18:49 +02:00
Nasreddine Bencherchali d28b15cee2 Update .github/workflows/known-FPs.csv 2023-08-18 15:34:11 +02:00
Nasreddine Bencherchali 41c4a6029e Update .github/workflows/known-FPs.csv 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-08-18 15:21:09 +02:00
Nasreddine Bencherchali be9abb9364 feat: update cl diag script rules 2023-08-17 19:26:21 +02:00
phantinuss 9a1d0932e9 use new path of validate script 2023-08-15 13:15:16 +02:00
Nasreddine Bencherchali 04121f1920 Rename sigma-validation.yaml to sigma-validation.yml 2023-08-15 11:52:05 +02:00
Mostafa Moradian 21d7be9708 Use the latest version of checkout action 2023-08-02 14:29:33 +02:00
Mostafa Moradian e57f5943a4 Add workflow to validate all rules 2023-08-02 11:41:28 +02:00
Nasreddine Bencherchali 1c1aa09d4b Update known-FPs.csv 2023-07-31 10:20:15 +02:00
Nasreddine Bencherchali e1d07780b3 fix: fp 2023-07-24 14:08:45 +02:00
Nasreddine Bencherchali 08e0a297f3 feat: new rules and updates 2023-07-13 17:31:13 +02:00
Nasreddine Bencherchali 827d687fdb fix: add ntlmv1 to known-fps 2023-06-07 10:48:34 +02:00
Nasreddine Bencherchali 715cc0589c Merge pull request #4232 from swachchhanda000/master 
feat: extended coverage of existing defender tampering rules
 2023-06-05 13:26:03 +02:00
Nasreddine Bencherchali 899c2ff23a chore: update defender rules 2023-06-05 11:50:43 +02:00
Technici4n 2b5ba9e4f4 fix: change FP template to use id instead of uuid (#4278) 2023-06-01 11:21:15 +02:00
Nasreddine Bencherchali 6280845d0e Delete bug_report.md 2023-05-30 15:05:27 +02:00
Nasreddine Bencherchali 62caac4708 feat: multiple updates and new rules (#4242) 2023-05-17 17:21:59 +02:00
Thomas Patzke 0e8e5a0bd5 Restored thor.yml and fixed reference to it 2023-04-02 01:22:10 +02:00
Nasreddine Bencherchali ed946a524f Update PULL_REQUEST_TEMPLATE.md 2023-03-17 13:19:07 +01:00
Nasreddine Bencherchali 1a4f76242c Merge branch 'SigmaHQ:master' into nasbench-rule-devel 2023-03-12 23:54:40 +01:00
Nasreddine Bencherchali 40f355eed7 Update PULL_REQUEST_TEMPLATE.md 2023-03-10 01:42:05 +01:00
Nasreddine Bencherchali b36fb603e0 fix: fp found in testing 2023-03-09 22:53:30 +01:00
Nasreddine Bencherchali a09a442136 fix: reduce size of titles in templates 2023-02-22 16:06:28 +01:00