security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7,892 Commits 1 Branch 57 Tags
fefb8564717d69af72ededb4172bc7ec00aac734
Commit Graph

468 Commits

Author SHA1 Message Date
Ömer Günal 5c34e69fc9 Update lnx_process_discovery.yml 2020-10-16 10:58:51 +03:00
Ömer Günal 0b30835b7b Update at_command.yml 2020-10-16 10:56:06 +03:00
Ömer Günal 373c637e66 Update lnx_install_root_certificate.yml 2020-10-16 10:55:31 +03:00
Ömer Günal 27dcad8ffe Update lnx_process_discovery.yml 2020-10-16 10:52:54 +03:00
Ömer Günal 68e843f0d3 Update lnx_system_info_discovery.yml 2020-10-16 10:48:36 +03:00
Ömer Günal 38c7cb7406 Update lnx_password_policy_discovery.yml 2020-10-16 10:38:36 +03:00
Ömer Günal f1a6e980e5 added category 2020-10-16 10:33:50 +03:00
Ömer Günal 46e887ef38 Update lnx_clear_logs.yml 2020-10-16 10:32:25 +03:00
Jonhnathan 3361b62cc2 Update lnx_auditd_susp_exe_folders.yml 2020-10-15 23:09:06 -03:00
Jonhnathan d655ebf092 Update lnx_auditd_masquerading_crond.yml 2020-10-15 23:08:08 -03:00
Jonhnathan e26e5a1e7e Update lnx_auditd_create_account.yml 2020-10-15 23:07:39 -03:00
Jonhnathan 8fd768aa66 Update lnx_susp_ssh.yml 2020-10-15 23:05:53 -03:00
Jonhnathan d4284e60f9 Update lnx_susp_named.yml 2020-10-15 23:04:16 -03:00
Jonhnathan 83bad3de98 Update lnx_sudo_cve_2019_14287.yml 2020-10-15 23:03:40 -03:00
Jonhnathan 0ca17e88f6 Update lnx_setgid_setuid.yml 2020-10-15 22:55:41 -03:00
Jonhnathan 68ad66f390 Update lnx_proxy_connection.yml 2020-10-15 22:54:27 -03:00
Jonhnathan 41396636f9 Update lnx_file_copy.yml 2020-10-15 22:53:20 -03:00
Jonhnathan 6185640442 Update lnx_clamav.yml 2020-10-15 22:49:42 -03:00
Yugoslavskiy Daniil d8a6048492 update /macos_create_hidden_account.yml 2020-10-16 02:05:22 +02:00
Alejandro Ortuno 2ef52dbfd8 Initial Sigma Rule 2020-10-14 10:24:59 +02:00
Alejandro Ortuno bf8426d71b Initial commit of sigma rule 2020-10-14 10:14:00 +02:00
Alejandro Ortuno 75a05db446 Add slash to bypass testing 2020-10-14 08:50:15 +02:00
remotephone@gmail.com 8e7fbbd147 fixing UUID and description 2020-10-14 00:54:51 -05:00
remotephone@gmail.com ed22c8e0fe adding macos screencapture rule 2020-10-14 00:51:55 -05:00
remotephone@gmail.com 8bbde90328 adding line at end of file 2020-10-14 00:05:28 -05:00
remotephone@gmail.com 3cddb86b70 updating tags 2020-10-14 00:01:30 -05:00
remotephone@gmail.com 7343936653 adding gui input capture, first iteration 2020-10-13 23:59:53 -05:00
remotephone@gmail.com df20d2a5d2 adding new line at end of file 2020-10-13 22:44:02 -05:00
remotephone@gmail.com 7e002fcb5f updating selections to make query more efficient and less prone to evasion 2020-10-13 22:17:26 -05:00
remotephone@gmail.com 56952ecdd4 updating to select commandline arguments correctly for macos rule, and cleaning up description across both rules 2020-10-13 22:09:37 -05:00
Alejandro Ortuno c03a696762 additional modifications on commands and process names 2020-10-13 11:00:06 +02:00
Alejandro Ortuno 50fde8c13f minor changes on command line 2020-10-13 10:55:29 +02:00
Alejandro Ortuno 30bd626d76 Split command line and do contains all. 2020-10-13 10:51:00 +02:00
Alejandro Ortuno 7459bcd08c Use process_creation for the detection 2020-10-13 10:41:50 +02:00
remotephone@gmail.com a85c19db17 updating files to cover broader network discovery logic, renaming alert, adding recommended changes 2020-10-13 00:39:53 -05:00
remotephone@gmail.com 7d49db3988 updating falsepositives documentation to remove line that's not applicable 2020-10-12 23:19:02 -05:00
remotephone@gmail.com 89c8a589a5 updating search syntax, splitting process name and cmdline and adding category 2020-10-12 22:49:19 -05:00
remotephone@gmail.com 476a3c04d9 Adding t1070_002 2020-10-12 00:01:10 -05:00
remotephone@gmail.com 781c7ce6dc Cleaning up falsepositives section of both rules 2020-10-11 23:52:47 -05:00
remotephone@gmail.com 48edc674bd updating keywords to CommandLine|contains and splitting rule into two 2020-10-11 22:43:28 -05:00
Yugoslavskiy Daniil e52baddda2 improve descriptin 2020-10-11 22:11:03 +02:00
Yugoslavskiy Daniil 7dec19afca add macos_create_hidden_account.yml; part of the oscd initiative task number 63 of the issue #1012 2020-10-11 22:01:05 +02:00
Alejandro Ortuno d17faf8234 Local groups discovery sigma rules 2020-10-11 18:15:53 +02:00
Alejandro Ortuno 3358dd47ea macos local account creation 2020-10-11 17:56:29 +02:00
Alejandro Ortuno 418a9d5a02 Use endswith with processname 2020-10-11 09:37:08 +02:00
Alejandro Ortuno 748dccc289 additional changes to split processname and commandline 2020-10-10 13:11:17 +02:00
Alejandro Ortuno 04f415c80b Added the sigma rules per OS 2020-10-08 13:23:11 +02:00
Alejandro Ortuno c5605ae8b6 Scheduled Cron Task/Job sigma rule 2020-10-08 13:15:02 +02:00
remotephone@gmail.com e967cce211 change new lines to LF instead of CLRF 2020-10-07 23:02:03 -05:00
remotephone@gmail.com 9802704a2b not sure why i'm failing the tests on a line I didn't change. copying format from another file 2020-10-07 22:54:31 -05:00