security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7,892 Commits 1 Branch 57 Tags
fefb8564717d69af72ededb4172bc7ec00aac734
Commit Graph

7892 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
yugoslavskiy a96408b20a add an empty line to re-run the test 2020-10-20 20:11:13 +02:00
yugoslavskiy 5acf550646 remove empty line to re-run the test 2020-10-20 20:09:30 +02:00
S.kiran kumar 7fbaacabb0 Mitre attck tags chages 2020-10-20 23:20:34 +05:30
yugoslavskiy 81acc81d10 updated syntax a bit to re-run the test 2020-10-20 19:06:23 +02:00
yugoslavskiy 27baf472b8 add an empty line to re-run the test 2020-10-20 18:59:25 +02:00
yugoslavskiy fe545e00f6 delete empty line to re-run the test 2020-10-20 18:58:21 +02:00
Vasiliy Burov 3a2c1d213a Update win_susp_multiple_files_renamed.yml 2020-10-20 19:25:31 +03:00
yugoslavskiy 6ec761d27b update syntax a bit to re-run the test 2020-10-20 17:40:53 +02:00
yugoslavskiy 40f6d5e543 update syntax a bit to re-run the test 2020-10-20 17:39:04 +02:00
yugoslavskiy 585770faa3 update syntax a bit to re-run the test 2020-10-20 17:31:00 +02:00
vh f45e45d736 Fix: Import SigmaRegularExpressionModifier in the splunk backend. 2020-10-20 18:13:53 +03:00
yugoslavskiy 462c92e522 changes a syntax a bit to re-run the test 2020-10-20 17:10:20 +02:00
yugoslavskiy 60f71d911d shorten the title to pass the test 2020-10-20 17:08:11 +02:00
Florian Roth e7462be5b9 Merge pull request #1254 from Neo23x0/rule-devel 
Rule devel
 2020-10-20 13:53:30 +02:00
Sven Scharmentke 03ad9e22e1 Backend: uberAgent ESA converter backend 
This commit adds the first version of the uberAgent ESA converter backend for sigma. This backend generates ESA compatible query rules for uberAgent ESA Activity Monitoring.
 2020-10-20 13:23:05 +02:00
Florian Roth ee789a309c fix: FP with expression 2020-10-20 13:11:10 +02:00
Florian Roth 198b292c26 rule: emotet encoded commands 2020-10-20 12:51:58 +02:00
Yugoslavskiy Daniil e95749e190 fix syntax 2020-10-20 05:10:11 +02:00
Yugoslavskiy Daniil 99b40e4a6a chage list of plist to contains modifier. could be easily bypassed with endswith 2020-10-20 05:09:08 +02:00
Yugoslavskiy Daniil cea24c9984 add macos_disable_security_tools.yml, oscd initiative issue #1012, task number 60 2020-10-20 05:06:43 +02:00
Yugoslavskiy Daniil 2890adf093 add macos_xattr_gatekeeper_bypass.yml, oscd initiative issue #1012, task number 55 2020-10-20 04:34:02 +02:00
Yugoslavskiy Daniil 5a8c7cd3f9 add missing falcond 2020-10-20 04:00:16 +02:00
Yugoslavskiy Daniil 6f3ac02cb3 add lnx_security_software_discovery.yml, oscd initiative issue #1011, task number 26 2020-10-20 03:57:41 +02:00
Yugoslavskiy Daniil f0663c8412 add macos_security_software_discovery.yml, oscd initiative issue #1012, task number 41 2020-10-20 03:46:41 +02:00
Yugoslavskiy Daniil 491f9d023c add lnx_file_and_directory_discovery.yml, oscd initiative issue #1011, task number 18 2020-10-20 03:05:32 +02:00
Yugoslavskiy Daniil 7c50729388 add macos_file_and_directory_discovery.yml, oscd initiative issue #1012, task number 28 2020-10-20 02:58:08 +02:00
Yugoslavskiy Daniil 34591f9f64 add lnx_system_network_connections_discovery.yml, oscd initiative issue #1011, task number 8 2020-10-20 01:17:06 +02:00
Yugoslavskiy Daniil 941fbebcdc add macos_system_network_connections_discovery.yml, oscd initiative issue #1012, task number 14 2020-10-20 01:14:56 +02:00
Yugoslavskiy Daniil 272fbcc378 fix title 2020-10-20 00:47:02 +02:00
Yugoslavskiy Daniil f0060dec67 fix title 2020-10-20 00:44:23 +02:00
Yugoslavskiy Daniil 1ecb2c1932 add lnx_base64_decode.yml, oscd initiative issue #1011, task number 4 2020-10-20 00:39:06 +02:00
Yugoslavskiy Daniil 8b01062d17 add lnx_base64_decode.yml, oscd initiative issue #1011, task number 4 2020-10-20 00:37:53 +02:00
Yugoslavskiy Daniil cc3ef973c0 add macos_base64_decode.yml, oscd initiative issue #1012, task number 3 2020-10-20 00:36:21 +02:00
Tim I 0323e50011 Detect credential access for macOS via Keychain 2020-10-19 23:37:46 +03:00
stvetro 6bc483d287 Added mitre tags 2020-10-19 19:28:52 +04:00
stvetro 43707c9023 Added mitre tags 2020-10-19 19:20:52 +04:00
Mikhail Larin f75654a3f5 fix indentation 2020-10-19 18:19:38 +03:00
Mikhail Larin fe6459d07e commit to restart checker 2020-10-19 17:20:43 +03:00
Mikhail Larin ddc2d2635d fix wrong tactic 2020-10-19 17:16:22 +03:00
Mikhail Larin 42cc1dc552 fix non-present binary 2020-10-19 17:01:23 +03:00
Mikhail Larin e0e81b5c25 fix newlines 2020-10-19 16:45:42 +03:00
Mikhail Larin a64a70f7ed fix nelwines 2020-10-19 16:44:18 +03:00
Mikhail Larin 85adbc3137 fix newlines 2020-10-19 16:42:43 +03:00
Mikhail Larin 008260b0e4 fix newlines 2020-10-19 16:41:24 +03:00
Mikhail Larin 058c77f6a6 fix newlines 2020-10-19 16:39:41 +03:00
Mikhail Larin dc320e5be2 t1552.001 for lin/macOS 2020-10-19 16:34:13 +03:00
Mikhail Larin c460dcf5de t1552.001 for lin/macos 2020-10-19 16:32:01 +03:00
Mikhail Larin d7e8a802bd t1552.001 for Lin/macOS 2020-10-19 16:28:43 +03:00
Mikhail Larin d9fba92adf t1030 for lin/macos 2020-10-19 16:25:31 +03:00
Mikhail Larin c9ca0a79b6 t1070.006 for lin/macos 2020-10-19 16:17:04 +03:00