security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7,892 Commits 1 Branch 57 Tags
fefb8564717d69af72ededb4172bc7ec00aac734
Commit Graph

22 Commits

Author SHA1 Message Date
frack113 cb95582077 Update PowerShell rule 2021-08-21 09:08:38 +02:00
Max Altgelt 6f05e33feb fix: Correct incorrect message / keyword usage 
Correct a number of rules where message or keyword were incorrectly used
as field names in events (typically windows event logs). However, neither
field actually exists and as such these strings could never match.
 2021-08-12 16:28:07 +02:00
Jonhnathan 8cf2596068 Update powershell_malicious_keywords.yml 2020-10-15 17:12:08 -03:00
aw350m3 eb6b9be5a2 added missing ATT&CK v6.3 IDs with comments and removed unnecessary "modified" attributes 2020-08-25 23:51:22 +00:00
aw350m3 c22273d162 fix duplication of key modified in mapping 2020-08-25 00:50:38 +00:00
aw350m3 399f378269 att&ck tags review: windows/powershell, windows/process_access, windows/network_connection 2020-08-24 23:31:26 +00:00
aw350m3 ba2e891433 windows/powershell folder reviewed. Old ID’s marked with comment “an old one”. These ID’s have to be removed in future. 2020-08-24 00:01:50 +00:00
Ivan Kirillov 0fbfcc6ba9 Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
Florian Roth e79e99c4aa fix: fixed missing date fields in remaining files 2020-01-30 16:07:37 +01:00
Thomas Patzke 0592cbb67a Added UUIDs to rules 2019-11-12 23:12:27 +01:00
Karneades aafab2e936 fix: bound keywords to field in multiple PS rules 
Rules changed:
- rules/windows/powershell/powershell_malicious_commandlets.yml
- rules/windows/powershell/powershell_malicious_keywords.yml
- rules/windows/powershell/powershell_suspicious_download.yml
- rules/windows/powershell/powershell_suspicious_invocation_specific.yml
 2019-10-29 19:53:18 +01:00
Tareq AlKhatib 15e2f5df5f fixed typos 2019-06-29 15:35:59 +03:00
Florian Roth 90e8eba530 rule: false positive reduction in PowerShell rules 2019-01-22 16:37:36 +01:00
Sherif Eldeeb 23eddafb39 Replace "logsource: description" with "definition" to match the specs 2018-11-15 09:00:06 +03:00
Florian Roth a2c6f344ba Lower case T 2018-09-26 11:44:12 +02:00
Braz f35308a4d3 Missing Character 
Parsed the MITRE ATT&CK informations from the rules. My script crashed because the identifier "T" was missing.
Thanks for your work Flo & Tom!
 2018-09-26 11:40:24 +02:00
ntim c99dc9f643 Tagged windows powershell, other and malware rules. 2018-07-24 10:56:41 +02:00
Florian Roth fc72bd16af Fixed bugs 2018-06-27 09:20:41 +02:00
SherifEldeeb 48441962cc Change All "str" references to be "list"to mach schema update 2018-01-28 02:24:16 +03:00
SherifEldeeb 112a0939d7 Change "reference" to "references" to match new schema 2018-01-28 02:12:19 +03:00
Florian Roth 055992eb05 Bugfix: PowerShell rules log source inconstency 2017-03-21 10:22:13 +01:00
Florian Roth d397ee9f68 First PowerShell Ruleset 2017-03-05 01:47:25 +01:00