security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7,892 Commits 1 Branch 57 Tags
fefb8564717d69af72ededb4172bc7ec00aac734
Commit Graph

7892 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Austin Songer 0445be8d01 Update azure_kubernetes_events_deleted.yml 2021-07-24 10:28:21 -05:00
Austin Songer ef64e2a02f Update azure_kubernetes_events_deleted.yml 2021-07-24 10:28:09 -05:00
Austin Songer 5fc36eb8d6 Rename azure_kubernetes_pods_delete.yml to azure_kubernetes_pods_deleted.yml 2021-07-24 10:25:51 -05:00
Austin Songer c366ae4b2a Update azure_kubernetes_pods_delete.yml 2021-07-24 10:25:37 -05:00
Austin Songer 0460536444 Create azure_kubernetes_pods_delete.yml 2021-07-24 10:24:29 -05:00
Austin Songer 7c6b13936d Create azure_kubernetes_events_deleted.yml 2021-07-24 10:20:11 -05:00
Florian Roth 7cacc57313 Merge pull request #1733 from SigmaHQ/rule-devel 
New hive file pattern for C# version of HiveNightmare
 2021-07-24 16:41:51 +02:00
Austin Songer 55a2af475b Update aws_elasticache_security_group_modified_or_deleted.yml 2021-07-24 09:35:05 -05:00
Austin Songer 5d3b687ce4 Update aws_elasticache_security_group_created.yml 2021-07-24 09:34:08 -05:00
Austin Songer 8816cb3345 Create aws_elasticache_security_group_modified_or_deleted.yml 2021-07-24 09:23:25 -05:00
Austin Songer e5edd03ff3 Create aws_elasticache_security_group_created.yml 2021-07-24 09:16:11 -05:00
Florian Roth 9771943116 refactor: new file pattern SeriousSAM 2021-07-24 16:13:36 +02:00
Florian Roth ae80f747ae fix: adding experimental status 2021-07-24 12:34:33 +02:00
Florian Roth a090feecf5 Merge pull request #1732 from SigmaHQ/rule-devel 
Relay attack tools and impacket binaries
 2021-07-24 12:33:48 +02:00
Florian Roth c0bc51e849 Merge pull request #1731 from frack113/more_check 
Update test_rules.py
 2021-07-24 11:10:00 +02:00
Florian Roth 3eb37c014c rule: Impacket tools and Relay attack tools 2021-07-24 11:08:35 +02:00
Florian Roth 07223baaeb fix: typo in date value 2021-07-24 10:22:07 +02:00
Florian Roth ce58012608 Merge pull request #1584 from frack113/multi_output 
Update output arg options
 2021-07-24 10:07:10 +02:00
frack113 ffcd3a2112 Add test_optional_related test_optional_fields test_optional_falsepositives 2021-07-24 09:41:04 +02:00
Austin Songer ed04992905 Update aws_route_53_domain_transferred_lock_disabled.yml 2021-07-23 13:40:50 -05:00
Florian Roth 772cf4f5e4 Merge pull request #1730 from SigmaHQ/rule-devel 
fix: avoid false positives with MSF psexec rule
 2021-07-23 19:49:45 +02:00
Florian Roth 880a87ce91 fix: avoid false positives with MSF psexec rule 2021-07-23 18:33:38 +02:00
Austin Songer ada79fe05f Update aws_route_53_domain_transferred_to_another_account.yml 2021-07-23 08:36:39 -05:00
Austin Songer 9d00702797 Update aws_route_53_domain_transferred_lock_disabled.yml 2021-07-23 07:57:55 -05:00
Austin Songer 943d78f363 Update aws_route_53_domain_transferred_lock_disabled.yml 2021-07-23 07:57:37 -05:00
Austin Songer de6d48289c Update aws_route_53_domain_transferred_lock_disabled.yml 2021-07-23 07:56:56 -05:00
Austin Songer 844c08f26a Update aws_route_53_domain_transferred_lock_disabled.yml 2021-07-23 07:56:18 -05:00
Florian Roth 7ede42f78d Merge pull request #1729 from SigmaHQ/rule-devel 
add additional filename pattern to HiveNightmare rule
 2021-07-23 10:40:33 +02:00
Florian Roth c0138d5ced add additional filename pattern to HiveNightmare rule 2021-07-23 10:39:41 +02:00
Florian Roth fa344987c0 Merge pull request #1703 from hieuttmmo/master 
Suspicious behaviours related to  SOURGUM
 2021-07-23 10:32:25 +02:00
Florian Roth 7c42a9d6cb Merge pull request #1728 from SigmaHQ/rule-devel 
HiveNightmare file creation, other rule improvements
 2021-07-23 10:21:35 +02:00
Tran Trung Hieu 77b4a37916 Update the references 2021-07-23 14:58:51 +07:00
Florian Roth 38b9e942c1 Merge pull request #1724 from austinsonger/master 
sysmon_dns_over_https_enabled.yml
 2021-07-23 09:52:24 +02:00
Florian Roth 5b95ef0872 Merge pull request #1725 from frack113/add_new_test 
Add check for status and level
 2021-07-23 09:51:37 +02:00
Florian Roth cc8899ea62 Merge pull request #1717 from frack113/netcat 
[OSCD] sysmon_netcat_execution.yml T1095
 2021-07-23 09:51:23 +02:00
Florian Roth d00ca03cb6 increased level to high 2021-07-23 09:51:00 +02:00
Florian Roth 5955efa750 adjusted timestamp 2021-07-23 09:45:50 +02:00
Florian Roth d9dc442f4e rule: HiveNightmare 2021-07-23 09:41:00 +02:00
Austin Songer a4b78ef4f0 Delete sysmon_dns_over_https_enabled.yml 2021-07-22 21:48:28 -05:00
Austin Songer cdfe0e7662 Delete sysmon_dns_over_https_enabled.yml 2021-07-22 21:48:23 -05:00
Austin Songer 82419ff8dd Create aws_route_53_domain_transferred_lock_disabled.yml 2021-07-22 21:46:13 -05:00
Austin Songer 1ec329f562 Create aws_route_53_domain_transferred_to_another_account.yml 2021-07-22 21:41:59 -05:00
Austin Songer 41f41b4c7b Delete aws_route_53_domain_transferred_to_another_account.yml 2021-07-22 21:41:08 -05:00
Austin Songer 831a4909d2 Update aws_route_53_domain_transferred_to_another_account.yml 2021-07-22 21:40:28 -05:00
Austin Songer 019764f83f Update aws_route_53_domain_transferred_to_another_account.yml 2021-07-22 21:40:05 -05:00
Austin Songer 3f6e700547 Create aws_route_53_domain_transferred_to_another_account.yml 2021-07-22 21:39:33 -05:00
Austin Songer d7783ea9d7 Update sysmon_dns_over_https_enabled.yml 2021-07-22 12:42:53 -05:00
frack113 aff5264096 Add check for status and level 2021-07-22 19:25:51 +02:00
Austin Songer 2929f8915e Update sysmon_dns_over_https_enabled.yml 2021-07-22 11:27:41 -05:00
Austin Songer 44630b215e Update sysmon_dns_over_https_enabled.yml 2021-07-22 11:22:56 -05:00