security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7,892 Commits 1 Branch 57 Tags
fefb8564717d69af72ededb4172bc7ec00aac734
Commit Graph

7892 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
frack113 b25fbbea54 Merge pull request #1957 from d4rk-d4nph3/master 
Added new malwarebytes reference for Cab File Expansion rule
 2021-08-31 09:54:47 +02:00
Bhabesh Rai 911c45201a Added -F option support 2021-08-31 13:02:53 +05:45
frack113 89e21c69ef fix detection 2021-08-31 09:07:54 +02:00
Bhabesh Rai e2bfaea10f Added new malwarebytes reference for Cab File Expansion rule 2021-08-31 11:35:54 +05:45
Cyb3rEng e913032865 Add files via upload 2021-08-30 21:50:16 -06:00
Cyb3rEng 6c9b2a2f37 Add files via upload 2021-08-30 21:48:03 -06:00
Cyb3rEng 5508ff45b6 Add files via upload 2021-08-30 21:47:36 -06:00
neu5ron 96c7e180fe Merge branch 'master' of https://github.com/SigmaHQ/sigma into qoutes_and_wildcards 
Signed-off-by: neu5ron <neu5ron@users.noreply.github.com>
 2021-08-30 16:33:33 -04:00
neu5ron 61897fa2e0 Merge branch 'master' of https://github.com/SigmaHQ/sigma into qoutes_and_wildcards 
Signed-off-by: neu5ron <neu5ron@users.noreply.github.com>
 2021-08-30 16:06:58 -04:00
frack113 acf59f9795 Fix some errors 2021-08-30 19:49:44 +02:00
Florian Roth a5c6bbe04d Merge pull request #1946 from SigmaHQ/rule-devel 
rule: ProxyToken CVE-2021-33766 Exchange
 2021-08-30 17:39:37 +02:00
Florian Roth af9392ba0f refactor: add 500 status code in selection2 
to avoid FPs with exploitation attempts
 2021-08-30 16:12:42 +02:00
Florian Roth 36a227796a Merge pull request #1945 from SigmaHQ/rule-devel 
rules: cobalt strike rules refactored
 2021-08-30 15:48:01 +02:00
Florian Roth 4a4966af77 rule: ProxyToken CVE-2021-33766 Exchange 2021-08-30 15:47:53 +02:00
Florian Roth 98de92ceaf refactor: global rule match on system and security 2021-08-30 15:17:53 +02:00
Florian Roth 1ded4eb913 rules: cobalt strike rules refactored 2021-08-30 15:10:30 +02:00
frack113 26bf8e1690 Merge pull request #1943 from frack113/update_test 
Update test
 2021-08-30 12:22:51 +02:00
frack113 6daaab7bc3 Merge pull request #1942 from frack113/update_help 
Update help message
 2021-08-30 12:22:19 +02:00
Nico 00dec96245 Add support for subtechniques 2021-08-30 08:45:21 +02:00
Nico 5f271bf334 add author field to elastic rule 2021-08-30 08:29:07 +02:00
frack113 8ad2c722d6 add uberagent COVERAGE 2021-08-29 12:19:49 +02:00
frack113 2e79998cc7 add devo COVERAGE 2021-08-29 11:47:47 +02:00
frack113 83e2f3640c add lacework backend 2021-08-29 09:24:43 +02:00
frack113 772fe06e10 fix Backend does not support map values of type <class 'bool'> (57) 2021-08-29 09:10:30 +02:00
frack113 5ad29cf0c2 fix Base backend doesn't support multiple conditions (29) 2021-08-29 09:03:50 +02:00
frack113 718b44c38a fix List values must be strings or numbers (46) 2021-08-29 08:57:25 +02:00
frack113 4c414b2e8b fix Base backend doesn't support multiple conditions (33) 2021-08-29 08:52:54 +02:00
frack113 970dfa2f92 Merge pull request #1938 from EvanYu0816/upstream-fixes 
Fix Pass the Hash and NotPetya Ransomware rule
 2021-08-28 21:02:04 +02:00
frack113 a7456d4d6c Merge pull request #1940 from frack113/fix_ps_fp 
Powershell correction
 2021-08-28 20:48:07 +02:00
frack113 3e355c64db Merge pull request #1939 from SigmaHQ/rule-devel 
rule: UAC bypass by mocking dirs
 2021-08-28 20:47:27 +02:00
frack113 5f1143247b Update "sigmac -l" message 2021-08-28 08:51:58 +02:00
frack113 6aae623f45 Remove duplicate file 2021-08-28 08:42:02 +02:00
frack113 68237dffc4 fix HostApplication 2021-08-28 08:18:47 +02:00
frack113 ef6e0c5a4c Fix error and FP 2021-08-28 08:02:16 +02:00
Florian Roth f78225c394 rule: UAC bypass by mocking dirs 2021-08-27 18:12:21 +02:00
Evan Yu 178d82e9cd Fix NotPetya Ransomware rule 2021-08-27 11:53:50 -04:00
Evan Yu 8bdd3e3987 Simplify Pass the Pash rule 2021-08-27 11:53:28 -04:00
frack113 ff37a49dc0 Merge pull request #1930 from SigmaHQ/rule-devel 
fix: FPs with whoami rule and 4688 event IDs without parent info
 2021-08-27 06:27:30 +02:00
frack113 0de795b0a2 Merge pull request #1936 from austinsonger/gworkspace_application_remove.yml 
add gworkspace_application_remove.yml
 2021-08-27 06:25:15 +02:00
frack113 00cceb7be8 Merge pull request #1935 from austinsonger/gworkspace_mfa_disabled.yml 
add gworkspace_mfa_disabled.yml
 2021-08-27 06:24:26 +02:00
frack113 b10629f4d8 Merge pull request #1934 from OTRF/feature/AADHealth-Agent-HybridADFSServices 
Feature/aad health agent hybrid adfs services
 2021-08-27 06:22:18 +02:00
frack113 1baa678df0 Merge pull request #1933 from hazedav/lacework 
new lacework backend
 2021-08-27 06:15:09 +02:00
Austin Songer 72485a5619 Update gworkspace_application_removed.yml 2021-08-26 21:16:21 -05:00
Austin Songer 62cefcc028 Rename gworkspace_application_remove.dyml to gworkspace_application_removed.yml 2021-08-26 21:15:56 -05:00
Austin Songer bc246ff59d Rename gworkspace_application_remove.yml to gworkspace_application_remove.dyml 2021-08-26 20:58:22 -05:00
Austin Songer 55f5ff3d89 Application Removed 2021-08-26 20:55:07 -05:00
Austin Songer 1fffb7a3f5 Gworkspace MFA disabled. 2021-08-26 20:28:35 -05:00
Roberto Rodriguez f05cf20b12 Merge branch 'master' into feature/AADHealth-Agent-HybridADFSServices 2021-08-26 16:12:38 -04:00
Roberto Rodriguez f98970ef06 adding basic rules to detect behavior around AAD health agents and AAD Hybrid Health AD FS services in Azure 2021-08-26 16:10:42 -04:00
David Hazekamp cc6e4381b2 feat(backend): introducing lacework backend 
Adding authors
Removing todo
 2021-08-26 14:12:47 -05:00