security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7,892 Commits 1 Branch 57 Tags
fefb8564717d69af72ededb4172bc7ec00aac734
Commit Graph

468 Commits

Author SHA1 Message Date
yugoslavskiy e1cd98c97d restore original rule 2020-11-30 01:31:00 +01:00
yugoslavskiy 69de4598fd restore the original file 2020-11-29 21:32:46 +01:00
yugoslavskiy 871f965109 Update lnx_susp_named.yml 2020-11-29 21:31:54 +01:00
yugoslavskiy 769ef23ccf restore the original file 2020-11-29 21:30:50 +01:00
yugoslavskiy 8c2f884504 restore the rule 2020-11-28 18:53:13 +01:00
yugoslavskiy 5afb445b8b restored the rule 2020-11-28 18:52:43 +01:00
Florian Roth c17c034cb5 Changed selections and condition 
see manpage for security tool on macOS
https://gist.github.com/Capybara/6228955
 2020-11-27 19:23:31 +01:00
Tim I 78d201ad15 Fix value modifier and add a slash 2020-11-24 23:06:21 +03:00
Alejandro Ortuno 000c038ede Retrigger tests 2020-11-20 09:30:43 +01:00
Alejandro Ortuno cfcda8d25f Trigger new test execution 2020-11-20 09:29:09 +01:00
Ömer Günal 1582c5230a Update lnx_process_discovery.yml 2020-11-18 23:25:15 +03:00
Thomas Patzke 199a897f75 Fix rule indent 2020-11-17 10:12:55 +01:00
yugoslavskiy 2939b33ab5 Update lnx_network_service_scanning.yml 2020-11-16 01:00:09 +01:00
Ömer Günal edc416a1d8 Update lnx_system_info_discovery.yml 2020-11-14 19:24:23 +03:00
Ömer Günal 821bdf8ab4 Update lnx_install_root_certificate.yml 2020-11-14 19:19:28 +03:00
Ömer Günal 19cad11a4a Update lnx_system_info_discovery.yml 2020-11-10 20:11:49 +03:00
Ömer Günal ab959394ab Update lnx_install_root_certificate.yml 2020-11-10 20:09:46 +03:00
Ömer Günal f41accab33 Update lnx_install_root_certificate.yml 2020-11-10 20:09:03 +03:00
Alejandro Ortuno ad031d97ee Filter out listening mode on nc 2020-11-09 10:32:56 +01:00
Ömer Günal 577165b7f7 Update lnx_system_info_discovery.yml 2020-11-08 11:09:27 +03:00
Ömer Günal 0e4a5baf1a Update lnx_install_root_certificate.yml 2020-11-08 11:08:30 +03:00
Ömer Günal 499a8f85b0 Update lnx_install_root_certificate.yml 2020-11-08 11:06:11 +03:00
Ömer Günal 5dc3472af0 Update lnx_system_info_discovery.yml 2020-11-07 11:51:53 +03:00
Ömer Günal 89a24d4bfa Update lnx_install_root_certificate.yml 2020-11-07 11:50:30 +03:00
yugoslavskiy c17e8574d0 change the syntax a bit and removed .service suffix as it is 
[redundant](https://www.freedesktop.org/software/systemd/man/systemctl.html]:

```
Unit commands listed above take either a single unit name (designated as UNIT), or multiple unit specifications (designated as PATTERN…). In the first case, the unit name with or without a suffix must be given. If the suffix is not specified (unit name is "abbreviated"), systemctl will append a suitable suffix, ".service" by default, and a type-specific suffix in case of commands which operate only on specific unit types. For example,

# systemctl start sshd
and
# systemctl start sshd.service

are equivalent
```
 2020-11-06 20:56:08 +01:00
Alejandro Ortuno 7c5067ade4 Making it a global rule 2020-11-06 10:25:59 +01:00
Alejandro Ortuno a9a90e024c make it global rule 2020-11-06 09:56:49 +01:00
Alejandro Ortuno 5918cc0a3d remove cat 2020-10-29 09:58:58 +01:00
Alejandro Ortuno 0c0c1725fa refactor detections 2020-10-29 09:34:47 +01:00
yugoslavskiy 167e9745cd Update macos_remote_system_discovery.yml 2020-10-29 02:06:45 +01:00
yugoslavskiy 81f6f24155 Update lnx_remote_system_discovery.yml 2020-10-29 02:06:20 +01:00
Alejandro Ortuno 80b1a19246 Added the space at the beginning of the IP ranges. 2020-10-28 10:16:29 +01:00
Alejandro Ortuno 3a58c00feb Removing the echo detection 2020-10-28 10:07:59 +01:00
Alejandro Ortuno e31c8f96e9 added the category 2020-10-28 09:56:01 +01:00
Alejandro Ortuno c83d5a3d65 Added some minor tuning of ip ranges 2020-10-26 09:45:13 +01:00
Alejandro Ortuno 11df6c2566 Sigma rule 2020-10-23 10:16:59 +02:00
Alejandro Ortuno 638fd7eeab Remote system discovery sigma rules for macos and linux 2020-10-22 10:37:29 +02:00
Alejandro Ortuno 5d37c0ee1e Added some modifications to firewall disabling 2020-10-22 10:22:00 +02:00
Ömer Günal afe97c000c Update lnx_system_info_discovery.yml 2020-10-21 21:48:43 +03:00
Ömer Günal 9f7244f019 Update lnx_system_info_discovery.yml 2020-10-21 21:45:23 +03:00
Ömer Günal a2a1b20335 Update lnx_process_discovery.yml 2020-10-21 21:40:46 +03:00
Mikhail Larin c938d917f1 additional processname fix 2020-10-21 18:32:50 +03:00
Mikhail Larin 13d84ac27b rule logic fix 2020-10-21 18:32:02 +03:00
Mikhail Larin c744a1cb47 fix rule logic 2020-10-21 18:29:06 +03:00
Mikhail Larin 7227ed0721 fix rule logic 2020-10-21 18:25:22 +03:00
Alejandro Ortuno 5e5576a91b Fix product 2020-10-21 10:13:28 +02:00
Alejandro Ortuno aa416090e1 Initial sigma rule 2020-10-21 10:09:00 +02:00
Alejandro Ortuno cdabf8e0e8 Sigma rules for network service scanning. 2020-10-21 09:41:40 +02:00
yugoslavskiy 81acc81d10 updated syntax a bit to re-run the test 2020-10-20 19:06:23 +02:00
yugoslavskiy 585770faa3 update syntax a bit to re-run the test 2020-10-20 17:31:00 +02:00