security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7,892 Commits 1 Branch 57 Tags
fefb8564717d69af72ededb4172bc7ec00aac734
Commit Graph

7892 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jonhnathan 784cab1dfe Fix missing logic and Field 2020-11-26 22:46:17 -03:00
Jonhnathan 48f16a0ca8 Update win_susp_net_recon_activity.yml 2020-11-26 22:39:49 -03:00
Florian Roth 3d39d49d65 Merge pull request #1295 from findthebad/fix-winlogbeat-config 
Updated winlogbeat.yml config to include OriginalFileName
 2020-11-26 23:17:45 +01:00
findthebad ad899899ab Updated winlogbeat.yml config to include OriginalFileName 2020-11-26 14:48:14 -05:00
Florian Roth 084cd39505 Merge pull request #1294 from Neo23x0/devel 
Trickbot rules improved
 2020-11-26 10:13:35 +01:00
Florian Roth c6fc9de144 New Trickbot wermgr rule 2020-11-26 09:54:27 +01:00
Florian Roth c111ab3141 Improved Trickbot recon rule 2020-11-26 09:54:13 +01:00
Florian Roth b31ed47ccf Merge branch 'master' into devel 2020-11-26 09:44:56 +01:00
Florian Roth 13354dd7a2 Merge pull request #1293 from hegga/cb-fix-domain-fieldmapping 
Fix field mapping for DestinationHostname
 2020-11-26 09:40:28 +01:00
Helge Aksdal 3a7c114ca3 Fix field mapping for DestinationHostname 2020-11-26 04:17:28 +01:00
Tim I 78d201ad15 Fix value modifier and add a slash 2020-11-24 23:06:21 +03:00
bczyz1 05398ae95e change field newprocessname -> image 2020-11-23 13:43:19 +01:00
toffeebr33k c8c4183678 Update aws_enum_listing.yml 2020-11-22 01:53:58 +08:00
toffeebr33k 3d0e1988c6 Update aws_enum_listing.yml 2020-11-22 01:41:20 +08:00
toffeebr33k 273590b151 Update aws_enum_listing.yml 2020-11-22 01:17:42 +08:00
toffeebr33k 52fca0fe3a Update aws_enum_listing.yml 2020-11-22 01:05:56 +08:00
toffeebr33k e764ca687a Update aws_enum_listing.yml 2020-11-22 00:50:34 +08:00
toffeebr33k 00504ee186 Update aws_update_login_profile.yml 2020-11-22 00:42:25 +08:00
toffeebr33k 3dd1525b98 Update aws_update_login_profile.yml 2020-11-22 00:38:41 +08:00
toffeebr33k 6b65180464 Add files via upload 2020-11-22 00:33:47 +08:00
toffeebr33k cff82ff79a Delete aws_update_login_profile.yml 2020-11-22 00:33:17 +08:00
toffeebr33k 7e1c918b4d Delete aws_enum_listing.yml 2020-11-22 00:32:59 +08:00
toffeebr33k 551764b630 Add files via upload 2020-11-22 00:26:17 +08:00
toffeebr33k 3dd25ddea4 Delete aws_update_login_profile.yml 2020-11-22 00:25:54 +08:00
toffeebr33k fba9c12bb2 Delete aws_enum_listing.yml 2020-11-22 00:25:29 +08:00
toffeebr33k 6c1f3f5969 Update aws_update_login_profile.yml 2020-11-21 23:45:10 +08:00
toffeebr33k 70e725e82e Update aws_enum_listing.yml 2020-11-21 23:44:14 +08:00
toffeebr33k 596d1b6e4c Update aws_update_login_profile.yml 2020-11-21 23:29:49 +08:00
toffeebr33k a786ebd04b Update aws_enum_listing.yml 2020-11-21 23:28:57 +08:00
toffeebr33k 1ca903b168 Update aws_enum_listing.yml 2020-11-21 23:22:07 +08:00
toffeebr33k 7f61591865 Add files via upload 2020-11-21 23:12:50 +08:00
Thomas Patzke 84dc11ca98 Removed ES query tests 2020-11-21 13:33:25 +04:00
Thomas Patzke 0ed54a6cae Merge pull request #1290 from arollyson/helix_backend 
Backend: FireEye Helix
 2020-11-21 00:06:19 +01:00
Lionel 7ca368d1ed fix issue 1285 
https://github.com/Neo23x0/sigma/issues/1285
 2020-11-20 16:42:20 +01:00
Alejandro Ortuno 000c038ede Retrigger tests 2020-11-20 09:30:43 +01:00
Alejandro Ortuno cfcda8d25f Trigger new test execution 2020-11-20 09:29:09 +01:00
bczyz1 193021eff8 Update win_apt_slingshot.yml 
fix condition
 2020-11-20 09:19:03 +01:00
Jonhnathan 31e0cfb13f Update win_susp_covenant.yml 2020-11-20 02:36:20 -03:00
Jonhnathan ec1944e2d7 Update win_susp_copy_system32.yml 2020-11-20 02:31:26 -03:00
Jonhnathan 5d7131bbf2 Update win_susp_compression_params.yml 2020-11-20 02:29:41 -03:00
Jonhnathan 32ed588adb Update detection Logic 2020-11-20 02:27:58 -03:00
Jonhnathan b274be8d4e Update detection Logic 2020-11-20 02:25:32 -03:00
Jonhnathan c31c0d981a Update detection logic 2020-11-20 02:23:18 -03:00
Jonhnathan 23edcc6dc6 Update win_susp_certutil_command.yml 2020-11-20 02:21:55 -03:00
Jonhnathan 8af17dda5b Update win_spn_enum.yml 2020-11-20 02:17:31 -03:00
Jonhnathan d5cb4246c2 Remove additional backlash 2020-11-20 02:16:51 -03:00
Jonhnathan 0606cd3dde Update detection Logic 2020-11-20 02:10:27 -03:00
Jonhnathan ebb4580378 Remove additional backlash 2020-11-20 02:04:28 -03:00
Jonhnathan 2ba146be07 Remove additional backlash 2020-11-20 02:03:06 -03:00
Jonhnathan 493fa3d5ee Update sysmon_susp_mic_cam_access.yml 2020-11-20 02:02:26 -03:00