security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7,892 Commits 1 Branch 57 Tags
fefb8564717d69af72ededb4172bc7ec00aac734
Commit Graph

7892 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
bczyz1 4a5b2d642e Fix typo in win_apt_lazarus_session_hijack.yml 2020-11-03 14:46:29 +01:00
Florian Roth 413abf13cd Merge pull request #1270 from Neo23x0/rule-devel 
rule: reworked weblogic CVE-2020-14882 rule
 2020-11-03 10:40:39 +01:00
Florian Roth f848bb912c rule: reworked weblogic CVE-2020-14882 rule 2020-11-03 10:39:40 +01:00
Florian Roth b218264d47 Merge pull request #1268 from Neo23x0/rule-devel 
rule: WebLogic exploit CVE-2020-14882
 2020-11-03 10:35:05 +01:00
GlebSukhodolskiy 5e94a34401 Merge branch 'oscd_reg_test' into oscd_reg 2020-11-03 12:09:07 +03:00
GlebSukhodolskiy 8068487340 test trigger 2020-11-03 12:04:03 +03:00
GlebSukhodolskiy 544876951f fixed duplication v2 2020-11-03 02:34:34 +03:00
GlebSukhodolskiy 48e46c279a fixed duplication 2020-11-03 02:25:22 +03:00
GlebSukhodolskiy cf8c721662 fixed optimization and references 2020-11-03 02:16:13 +03:00
GlebSukhodolskiy b717f69e09 Placeholders add 2020-11-03 01:19:16 +03:00
GlebSukhodolskiy d0827b120c Update sysmon_asep_reg_keys_modification.yml 2020-11-03 01:12:40 +03:00
Thomas Patzke c202feaf87 Merge pull request #1269 from Neo23x0/ci 
Removed ES query tests
 2020-11-02 23:11:05 +01:00
GlebSukhodolskiy 57f24a338b Update sysmon_asep_reg_keys_modification.yml 2020-11-03 01:00:37 +03:00
Thomas Patzke 31241d9bbd Removed ES query tests 2020-11-02 22:57:01 +01:00
GlebSukhodolskiy e2c4af012b Changed to Placeholders Usage 
A query was too big to pass a test, so I changed logic to placeholders usage.
 2020-11-03 00:56:42 +03:00
Florian Roth dd0d1d053c rule: WebLogic exploit CVE-2020-14882 2020-11-02 11:11:37 +01:00
Jonhnathan 9173fb2cb9 Update Makefile 2020-11-01 21:28:26 -03:00
Jonhnathan 83f2646667 Merge branch 'ecs-1' of https://github.com/w0rk3r/sigma into ecs-1 2020-11-01 21:22:48 -03:00
Jonhnathan 21161c82cc Revert "Create win_susp_replace_lolbin.yml" 
This reverts commit e6a6549676.
 2020-11-01 21:21:47 -03:00
Jonhnathan 90e211bad8 Create ecs-suricata.yml 2020-11-01 21:21:04 -03:00
Jonhnathan c84641d332 Revert "Changed the rule to download only and not the copy" 
This reverts commit 1324bc1ad1.
 2020-11-01 20:36:02 -03:00
Jonhnathan 972a04fb60 Revert "Update win_susp_replace_lolbin.yml" 
This reverts commit 6b2c235ab3.
 2020-11-01 20:35:59 -03:00
feedb e93dd7fe61 fix 2020-11-01 15:25:12 +03:00
Vasiliy Burov 903ce08277 Update win_susp_multiple_files_renamed_or_deleted.yml 2020-11-01 14:21:27 +03:00
yugoslavskiy ea71828d34 change syntax a bit to re-run the test 2020-10-31 23:57:13 +01:00
stvetro 8dc8fdc44b Added antifalsepositive condition 
4688 always has non empty cmd
 2020-10-31 12:46:30 +04:00
omkargudhate22 f1bb9726ca updated mitre tag 2020-10-30 13:35:40 +05:30
omkar72 86a849728d ryuk changes 2020-10-30 13:15:11 +05:30
Roberto Rodriguez 972326f761 A few more - 7 Rules 2020-10-29 21:11:41 -04:00
Roberto Rodriguez 25b92d4a2e Merge branch 'master' of https://github.com/Neo23x0/sigma 2020-10-29 21:04:45 -04:00
Vasiliy Burov ab60fdcef4 Update win_susp_multiple_files_renamed_or_deleted.yml 2020-10-29 23:38:22 +03:00
Alejandro Ortuno 5918cc0a3d remove cat 2020-10-29 09:58:58 +01:00
Vasiliy Burov 683824ee46 Update win_susp_multiple_files_renamed_or_deleted.yml 2020-10-29 11:44:45 +03:00
Alejandro Ortuno 0c0c1725fa refactor detections 2020-10-29 09:34:47 +01:00
Vasiliy Burov d743cbbe4b Update win_susp_multiple_files_renamed_or_deleted.yml 2020-10-29 11:14:43 +03:00
yugoslavskiy 167e9745cd Update macos_remote_system_discovery.yml 2020-10-29 02:06:45 +01:00
yugoslavskiy 81f6f24155 Update lnx_remote_system_discovery.yml 2020-10-29 02:06:20 +01:00
Semanur Guneysu 46c52b4347 Update sysmon_abusing_debug_privilege.yml 2020-10-28 20:11:29 +03:00
nsaddler 07f777d1b5 Update powershell_CL_Mutexverifiers_LOLScript_v2.yml 2020-10-28 19:32:18 +03:00
nsaddler 7ee644eac0 Update powershell_CL_Invocation_LOLScript_v2.yml 2020-10-28 19:30:21 +03:00
nsaddler d0a796439b Update powershell_CL_Invocation_LOLScript.yml 2020-10-28 19:25:43 +03:00
Наталья Шорникова a4a3e01f25 Splitting into two rules 2020-10-28 19:13:29 +03:00
Наталья Шорникова 55a7fe6b9d Splitting into two rules 2020-10-28 19:08:23 +03:00
Alejandro Ortuno 80b1a19246 Added the space at the beginning of the IP ranges. 2020-10-28 10:16:29 +01:00
Alejandro Ortuno 3a58c00feb Removing the echo detection 2020-10-28 10:07:59 +01:00
Alejandro Ortuno e31c8f96e9 added the category 2020-10-28 09:56:01 +01:00
Vasiliy Burov d90ec67cce Update win_susp_multiple_files_renamed_or_deleted.yml 2020-10-28 11:44:21 +03:00
Vasiliy Burov 744c637125 Delete win_rdp_session_hijacking.yml 2020-10-28 11:38:39 +03:00
Vasiliy Burov 931ccde3e6 Merge branch 'patch-15' of https://github.com/vburov/sigma into patch-15 2020-10-28 11:27:48 +03:00
Vasiliy Burov eec398ea0e Merge branch 'master' into patch-15 2020-10-28 11:27:28 +03:00