security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7,892 Commits 1 Branch 57 Tags
fefb8564717d69af72ededb4172bc7ec00aac734
Commit Graph

138 Commits

Author SHA1 Message Date
Thomas Patzke a10db2df89 Fixes&improvements 2021-04-08 01:06:40 +02:00
Florian Roth 00f01ea57f Merge branch 'master' into rule-devel 2021-04-07 21:17:51 +02:00
Florian Roth 6b0f66e876 refactor: change level 2021-03-24 12:38:00 +01:00
Florian Roth 6d9fc65585 fix: FPs with www6 2021-03-24 12:37:35 +01:00
Florian Roth a465f2722f refactor: CobaltStrike beacon rule 2021-03-24 11:29:05 +01:00
Anton Kutepov 3f45269296 Merge branch 'oscd' 
B
B
B
B
A
 2021-03-02 22:58:41 +03:00
Florian Roth 5197f21ed1 fix: duplicate ID 2020-12-13 18:59:04 +01:00
yugoslavskiy e97c4b0ac5 Update zeek_smb_converted_win_susp_psexec.yml 2020-11-28 19:05:22 +01:00
yugoslavskiy 68a62a5428 Update zeek_smb_converted_win_impacket_secretdump.yml 2020-11-28 19:02:53 +01:00
Jonhnathan 05e0dd1ae6 Update zeek_susp_kerberos_rc4.yml 2020-10-15 23:15:23 -03:00
Jonhnathan f04394467b Update zeek_smb_converted_win_susp_raccess_sensitive_fext.yml 2020-10-15 23:14:34 -03:00
Jonhnathan de29d778a5 Update zeek_smb_converted_win_susp_psexec.yml 2020-10-15 23:14:15 -03:00
Jonhnathan 3e600dab82 Update zeek_smb_converted_win_impacket_secretdump.yml 2020-10-15 23:13:47 -03:00
Jonhnathan 50abab7f11 Update zeek_http_executable_download_from_webdav.yml 2020-10-15 23:13:20 -03:00
Jonhnathan aeb3218dfb Update net_susp_dns_txt_exec_strings.yml 2020-10-15 23:11:16 -03:00
Jonhnathan 4b8a47e35f Update net_susp_dns_b64_queries.yml 2020-10-15 23:10:57 -03:00
Jonhnathan 28cfda7676 Update net_mal_dns_cobaltstrike.yml 2020-10-15 23:10:42 -03:00
Roberto Rodriguez 2cb540f95e 13 Rules from THP - Backlog Rules (old) 2020-10-13 03:33:55 -04:00
cyb3rward0g 55d6bd8089 Update - Adding description to zeek exfiltration compressed files 2020-10-12 23:32:10 -04:00
cyb3rward0g 189e3c2605 update - GitHub Action / Test Sigma 2020-10-12 22:43:36 -04:00
cyb3rward0g 644f222079 update - GitHub Action / Test Sigma 2020-10-12 21:58:02 -04:00
cyb3rward0g 491049b92a Updated - GitHub Action / Test Sigma 2020-10-12 21:34:07 -04:00
cyb3rward0g 21f41eaad9 16 rules from DH APT29 day 1 - contributing soon 2020-10-12 18:13:13 -04:00
Florian Roth d3ee1aba66 docs: MITRE ATT&CK(R) trademark references removed or adjusted 
https://github.com/Neo23x0/sigma/issues/1028
 2020-09-30 08:53:52 +02:00
Mike Wade f76f80db80 Killswitch domain 2020-09-16 20:32:31 -06:00
Mike Wade 1ddba05eb2 Second round 2020-09-15 07:02:30 -06:00
Alexey Lednyov 1eb675f693 att&ck tags review: web, network/zeek 2020-09-03 17:06:37 +03:00
Yugoslavskiy Daniil 71fec94417 review network/cisco/aaa 2020-09-03 00:34:41 +02:00
Alexey Lednyov 880b10cce1 att&ck tags review: windows/process_creation part 1, network 2020-08-27 20:43:47 +03:00
Josh Brower 4c4b8db7cf Zeek RDP rule 2020-08-23 13:16:42 -04:00
Florian Roth 80f4b4ec71 fix: rules with duplicate tags 2020-07-27 11:44:47 +02:00
Florian Roth 58b68758b4 fix: wrong MITRE ATT&CK ids used in the beta version 2020-07-14 17:53:32 +02:00
Florian Roth 781667ef22 fix: zeek rule references isn't a list 2020-07-14 00:33:47 +02:00
Florian Roth c3ffa0b9d3 fix: duplicate IDs 2020-06-24 17:04:04 +02:00
Ivan Kirillov 0fbfcc6ba9 Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
neu5ron 7c3dea22b8 small T, big T 2020-05-19 05:13:48 -04:00
neu5ron 602c8917ef domain user enumeration via zeek rpc (dce_rpc) log. 2020-05-19 05:08:26 -04:00
neu5ron 858ebcd3d3 author typo update 2020-05-19 04:35:47 -04:00
neu5ron 2fc8d513d6 zeek, swap path and name 2020-05-19 04:35:30 -04:00
neu5ron a01a85cf9b CI/CD check fixes (missing ID's) 2020-05-04 15:22:18 -04:00
neu5ron a61b1da47a fixed yaml space causing condition to not be found 2020-05-04 15:17:43 -04:00
neu5ron d300027848 on behalf of @socprime [SOC Prime Inc.](https://my.socprime.com/en/tdm/) 
add rules for Zeek. This includes Windows Event Channel Security EventID:5145 that have same fields as Zeek SMB
Also, converted some of (MITRE ATT&CK BZAR)[https://github.com/mitre-attack/bzar] which are Zeek (sensor) scripts.
 2020-05-02 07:27:51 -04:00
neu5ron c66540c029 on behalf of @socprime [SOC Prime Inc.](https://my.socprime.com/en/tdm/) 
create `zeek` folder to store Zeek rules
 2020-05-02 07:25:21 -04:00
Florian Roth 35e43db7a7 fix: converted CRLF line break to LF 2020-03-25 14:36:34 +01:00
Thomas Patzke 48d95f027c Merge branch 'oscd' 2020-02-20 23:11:57 +01:00
Thomas Patzke 373424f145 Rule fixes 
Made tests pass the new CI tests. Added further allowed lower case words
in rule test.
 2020-02-20 23:00:16 +01:00
Florian Roth 94bb7dd77f fix: issues 2020-02-13 09:17:21 +01:00
james dickenson 21e4aa33dc rule modification: fixed filter condition on zeek suspicious rc4 traffic 2020-02-12 21:27:36 -08:00
james dickenson 93367d725d rule: zeek suspicious kerberos RC4 traffic 2020-02-12 21:21:46 -08:00
Thomas Patzke d7bd90cb24 Merge branch 'master' into oscd 2020-02-03 23:13:16 +01:00