security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7,892 Commits 1 Branch 57 Tags
fefb8564717d69af72ededb4172bc7ec00aac734
Commit Graph

7892 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Yugoslavskiy Daniil 50623544a2 remove possible duplicate filter 2020-11-29 22:03:19 +01:00
Thomas Patzke 578d2f0585 Merge pull request #1283 from 404d/mdatp-fixes 
mdatp: Mapping and generic event changes, case insensitive search
 2020-11-29 21:56:17 +01:00
yugoslavskiy 69de4598fd restore the original file 2020-11-29 21:32:46 +01:00
yugoslavskiy 871f965109 Update lnx_susp_named.yml 2020-11-29 21:31:54 +01:00
yugoslavskiy 769ef23ccf restore the original file 2020-11-29 21:30:50 +01:00
OG 70fb078a56 Update sysmon_office_test_regadd.yml 2020-11-29 18:02:37 +05:30
OG 8e801ede32 Update win_susp_psexec_eula.yml 2020-11-29 17:45:29 +05:30
yugoslavskiy 02ea91ec8b Update proxy_ursnif_malware.yml 2020-11-28 19:09:07 +01:00
yugoslavskiy e932eda645 Update proxy_cobalt_onedrive.yml 2020-11-28 19:07:07 +01:00
yugoslavskiy ffaad33acd Update zeek_smb_converted_win_susp_psexec.yml 2020-11-28 19:05:30 +01:00
yugoslavskiy e97c4b0ac5 Update zeek_smb_converted_win_susp_psexec.yml 2020-11-28 19:05:22 +01:00
yugoslavskiy 68a62a5428 Update zeek_smb_converted_win_impacket_secretdump.yml 2020-11-28 19:02:53 +01:00
yugoslavskiy 207623d2d7 Update proxy_susp_flash_download_loc.yml 2020-11-28 18:59:00 +01:00
yugoslavskiy 8c2f884504 restore the rule 2020-11-28 18:53:13 +01:00
yugoslavskiy 5afb445b8b restored the rule 2020-11-28 18:52:43 +01:00
Jonhnathan a9fde0117b Merge branch 'oscd' into oscd_rules_improvement 2020-11-28 14:52:31 -03:00
yugoslavskiy 7dc5233dd9 Update win_susp_commands_recon_activity.yml 2020-11-28 18:43:04 +01:00
yugoslavskiy 5196926d60 Update sysmon_stickykey_like_backdoor.yml 2020-11-28 18:33:21 +01:00
yugoslavskiy 39c2258848 Update sysmon_registry_persistence_search_order.yml 2020-11-28 18:30:41 +01:00
yugoslavskiy 9f8ef95571 Update win_webshell_detection.yml 2020-11-28 18:25:09 +01:00
yugoslavskiy c761d05a17 Update win_system_exe_anomaly.yml 2020-11-28 18:03:19 +01:00
yugoslavskiy 1fec90e8f3 Update win_susp_wmi_execution.yml 2020-11-28 18:01:16 +01:00
yugoslavskiy 258334d6d1 Update win_susp_wmi_execution.yml 2020-11-28 18:01:06 +01:00
Jonhnathan 95eb7424aa Update sysmon_susp_run_key_img_folder.yml 2020-11-28 13:54:59 -03:00
Jonhnathan f504ccc33f Update sysmon_susp_reg_persist_explorer_run.yml 2020-11-28 13:52:36 -03:00
Jonhnathan 986800056c Update sysmon_stickykey_like_backdoor.yml 2020-11-28 13:50:13 -03:00
yugoslavskiy c0c74a05df Update win_susp_sysvol_access.yml 2020-11-28 17:49:21 +01:00
Jonhnathan ef34c94e6a Update sysmon_registry_persistence_search_order.yml 2020-11-28 13:49:18 -03:00
yugoslavskiy 3c75bc922a Update win_susp_squirrel_lolbin.yml 2020-11-28 17:47:16 +01:00
Jonhnathan 06cc5049a4 Update sysmon_dns_serverlevelplugindll.yml 2020-11-28 13:46:02 -03:00
yugoslavskiy 42f27a41cb Update win_susp_rundll32_by_ordinal.yml 2020-11-28 17:44:30 +01:00
yugoslavskiy ca0a6547fb Update win_susp_run_locations.yml 2020-11-28 17:42:47 +01:00
Jonhnathan f1455e0c38 Update win_win10_sched_task_0day.yml 2020-11-28 13:42:30 -03:00
Jonhnathan fe3ed329ef Update win_webshell_recon_detection.yml 2020-11-28 13:41:11 -03:00
yugoslavskiy ea550cf551 Update win_susp_regsvr32_anomalies.yml 2020-11-28 17:40:40 +01:00
Jonhnathan f0bf3d13b5 Update win_webshell_detection.yml 2020-11-28 13:38:34 -03:00
Jonhnathan 9f4bbb7e65 Update win_webshell_detection.yml 2020-11-28 13:35:50 -03:00
yugoslavskiy bcf62fba72 Update win_susp_ps_appdata.yml 2020-11-28 17:34:34 +01:00
yugoslavskiy 2ed4b26291 Update win_susp_procdump.yml 2020-11-28 17:33:02 +01:00
Jonhnathan 0d0f58c830 Update win_system_exe_anomaly.yml 2020-11-28 13:32:44 -03:00
yugoslavskiy a3e436363e Update win_susp_powershell_parent_combo.yml 2020-11-28 17:31:37 +01:00
Jonhnathan c9b5ba10f8 Update win_susp_wmi_execution.yml 2020-11-28 13:30:34 -03:00
yugoslavskiy c01c05b826 Update win_susp_powershell_enc_cmd.yml 2020-11-28 17:29:15 +01:00
Jonhnathan f6117eebc7 Update win_susp_sysvol_access.yml 2020-11-28 13:27:28 -03:00
Jonhnathan 88b4d4c4e5 Update win_susp_sysvol_access.yml 2020-11-28 13:26:22 -03:00
yugoslavskiy 66a504078b Update win_susp_ping_hex_ip.yml 2020-11-28 17:25:52 +01:00
Jonhnathan 7aa831eac3 Remove additional backslash 2020-11-28 13:25:28 -03:00
Jonhnathan 0357472635 Update win_susp_squirrel_lolbin.yml 2020-11-28 13:24:38 -03:00
Jonhnathan f70bd415a3 Update win_susp_run_locations.yml 2020-11-28 13:21:04 -03:00
Jonhnathan 5cbefe3737 Update win_susp_regsvr32_anomalies.yml 2020-11-28 13:18:38 -03:00