security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Commit Graph

  • df5c6a6ecc Merge PR #5970 from @ahu-exeon - add Exeon.UEBA to the list of tools supporting Sigma master Andreas Hunkeler 2026-05-05 00:58:33 +02:00
  • cf68547b29 Merge PR #5974 from @nasbench - Archive new rule references and update cache file github-actions[bot] 2026-05-04 12:33:04 +02:00
  • 34c5d66c22 Merge PR #5966 from @nasbench - Update mitre tags to use attack v19 Nasreddine Bencherchali 2026-04-29 01:20:23 +02:00
  • 0e3b749e0d Merge PR #5898 from @FlorianBracq - Set groups in regular expressions as non capturing r2026-04-01 FlorianBracq 2026-04-28 12:23:57 +02:00
  • ad80b4d75f Merge PR #5797 from @frack113 - ci: fix URL for sigma_schema_url frack113 2026-04-28 11:32:48 +02:00
  • 797bcaebfe Merge PR #5900 from @swachchhanda000 - Update Important scheduled task manipulation related rules Swachchhanda Shrawan Poudel 2026-04-28 07:45:16 +05:45
  • fcb2aead3a Merge PR #5941 from @swachchhanda000 - Add RedSun Execution Indicators Swachchhanda Shrawan Poudel 2026-04-28 07:07:30 +05:45
  • fd33ea32e7 Merge PR #5454 from @CheraghiMilad - Add Potential Exploitation of CVE-2025-5054 or CVE-2025-4598 Milad Cheraghi 2026-04-28 04:44:41 +03:30
  • c8f207d390 Merge PR #5409 from @Luke57 - Add New Google Workspace Related Rules Tom Kluter 2026-04-28 02:48:14 +02:00
  • af0d09b2cf Merge PR #5831 from @zendannyy - Add Okta Session Impersonation Granted From Untrusted Domain zendannyy 2026-04-27 17:31:13 -07:00
  • 8f014c6cb7 Merge PR #5904 from @nasbench - archive new rule references and update cache file github-actions[bot] 2026-04-28 02:22:16 +02:00
  • 7cf06feeea Merge PR #5859 from @davidljohnson - Update VBS/A related rules David J 2026-04-27 18:37:10 -05:00
  • 6f4cb70fdc Merge PR #5909 from @EzLucky - Add Cisco Dot1x Disabled EzLucky 2026-04-28 01:16:37 +02:00
  • 2b5715303f Merge PR #5908 from @swachchhanda000 - Fix fps and improve metadata of several Linux rules Swachchhanda Shrawan Poudel 2026-04-28 04:57:30 +05:45
  • 66f7ac9a4d Merge PR #5881 from @Securityinbits - Add Sensitive File Dump Via Print.EXE Ayush Anand 2026-04-28 07:07:54 +08:00
  • 3305d11c89 Merge PR #5942 from @swachchhanda000 - Add Potential CVE-2026-33829 Exploitation - Windows Snipping Tool Remote File Path URI Swachchhanda Shrawan Poudel 2026-04-28 04:43:55 +05:45
  • 30cb0f742a Merge PR #5917 from @marcopedrinazzi - Add Azure Sign-In With Axios User Agent Marco Pedrinazzi 2026-04-28 00:55:15 +02:00
  • 10f7ebbcf9 Merge PR #5893 from @st0pp3r - Update Github Delete Action Invoked st0pp3r 2026-04-28 01:54:21 +03:00
  • c713b5d805 Merge PR #5780 from @marius-benthin - Update New Cron File Created Marius Benthin 2026-04-28 00:53:12 +02:00
  • f0c4235fcb Merge PR #5916 from @uniqu3-us3r - Add Kubernetes Potential Enumeration Activity uniqueuser 2026-04-27 18:43:10 -04:00
  • 96c0fa6176 Merge PR #5846 from @marcopedrinazzi - Add Suspicious Email Delivered In Microsoft 365 Marco Pedrinazzi 2026-04-28 00:33:23 +02:00
  • 8315489a07 Merge PR #5828 from @Zirbo - Update Shell Invocation via Env Command - Linux Zirbo 2026-04-28 00:31:41 +02:00
  • 570200b711 Merge PR #5952 from @Sanskar-bot - Update PowerShell Download Via Net.WebClient - PowerShell Classic Sanskar Phougat 2026-04-28 04:00:25 +05:30
  • 81dce222fd Merge PR #5953 from @Sanskar-bot - Update MITRE Tags for Netcat The Powershell Version Sanskar Phougat 2026-04-28 03:59:22 +05:30
  • cd26c0a799 Merge PR #5815 from @swachchhanda000 - Update and Add Autologger related rules Swachchhanda Shrawan Poudel 2026-04-28 04:02:40 +05:45
  • ca8e778476 Merge PR #5833 from @swachchhanda000 - Fix Multiple FPs based on VT data Swachchhanda Shrawan Poudel 2026-04-28 03:55:09 +05:45
  • 3a0fbc4bfa Merge PR #5837 from @swachchhanda000 - Add Potential Vcruntime140 DLL Sideloading Swachchhanda Shrawan Poudel 2026-04-28 03:40:25 +05:45
  • 180991bc81 Merge PR #5827 from @swachchhanda000 - Update Wmic Service Tampering Rules Swachchhanda Shrawan Poudel 2026-04-28 02:28:22 +05:45
  • 1a51d53e9f Merge PR #5829 from @swachchhanda000 - Add PUA - Memory Dump Mount Via MemProcFS Swachchhanda Shrawan Poudel 2026-04-28 02:15:50 +05:45
  • ff107c3fe1 Merge PR #5414 from @swachchhanda000 - Add Indirect Command Execution via SFTP ProxyCommand Swachchhanda Shrawan Poudel 2026-04-28 02:11:12 +05:45
  • f627ff2270 Merge PR #5964 from @mostafa - Update Okta Rules to use CamelCase fields Mostafa Moradian 2026-04-27 21:55:40 +02:00
  • cf9759946f Merge PR #5399 from @swachchhanda000 - Update LSA PPL Protection Setting Modification via CommandLine Swachchhanda Shrawan Poudel 2026-04-24 23:33:55 +05:45
  • 5655f590d7 Added VSCode config to .gitignore Thomas Patzke 2026-04-24 09:00:48 +02:00
  • 03412947a2 Merge PR #5922 from @CHIRAG-DAMANI-08 - Hacktool - NetExec Execution Chirag 2026-04-23 18:32:24 +05:30
  • c801be9f3d Merge PR #5899 from @HueCodes - new: Python Base64 Encoded Inline Command Execution HueCodes 2026-04-23 05:37:28 -07:00
  • fc1cf467f4 Merge PR #5905 from @swachchhanda000 - fix: notepad++ gup infrastructure abuse FPs Swachchhanda Shrawan Poudel 2026-04-21 16:18:55 +05:45
  • c58ee2f7f8 Merge PR #5938 from @marcopedrinazzi - Fix file extension from .yaml to .yml for consistency Marco Pedrinazzi 2026-04-20 14:44:21 +02:00
  • 889b07d952 Merge PR #5943 from @swachchhanda000 - Add regression test count mismatch finder Swachchhanda Shrawan Poudel 2026-04-20 18:23:44 +05:45
  • c3ad686ac4 Merge PR #5935 from @swachchhanda000 - Fix Registry Tampering by Potentially Suspicious Processes Swachchhanda Shrawan Poudel 2026-04-14 18:34:20 +05:45
  • d4d12bdd13 Merge PR #5910 from @EzLucky - Update RTLO Related Rules With Additional Coverage EzLucky 2026-04-01 13:57:31 +02:00
  • 7fc53c563e Merge PR #5925 from @Neo23x0 - Add filter for nsswitch and double extension in icons folder Florian Roth 2026-04-01 13:55:12 +02:00
  • 7031934d17 Merge PR #5914 from @netikus - Update Potential Privileged System Service Operation - SeLoadDriverPrivilege netikus 2026-04-01 06:36:52 -05:00
  • 3fe2695635 Merge PR #5921 from @Axel-NTT - Update BPFDoor Abnormal Process ID or Lock File Accessed Axel-NTT 2026-04-01 13:16:52 +02:00
  • 4bb5637b23 Merge PR #5923 from @swachchhanda000 - Add litellm Supply Chain Attack Related Rules Swachchhanda Shrawan Poudel 2026-04-01 16:56:45 +05:45
  • c6d03adc7b Merge PR #5924 from @Neo23x0 - Fix Security Support Provider (SSP) Added to LSA Configuration Florian Roth 2026-04-01 12:35:29 +02:00
  • 858b04b66a Merge PR #5926 from @phantinuss - Update ATT&CK Heatmap Coverage github-actions[bot] 2026-04-01 12:34:21 +02:00
  • 11f1fa4e2c Merge PR #5927 from @nasbench - Update deprecated csv github-actions[bot] 2026-04-01 12:32:09 +02:00
  • 71f1120dc6 Merge PR #5928 from @swachchhanda000 - Add Axios NPM Compromise Indicators Related Rules Swachchhanda Shrawan Poudel 2026-04-01 16:16:31 +05:45
  • 2f84ca2f16 Merge PR #5433 from @swachchhanda000 - Add BadSuccessor dMSA Abuse Related Rules Swachchhanda Shrawan Poudel 2026-03-30 16:12:13 +05:45
  • 56a58e1ee6 Merge PR #5772 from @swachchhanda000 - Add Shai-Hulud: The Second Coming Rules Swachchhanda Shrawan Poudel 2026-03-29 18:43:59 +05:45
  • a15dbdaa05 Merge PR #5832 from @swachchhanda000 - fix: edr-freeze rules FPs analysed from VT Swachchhanda Shrawan Poudel 2026-03-19 15:11:30 +05:45
  • c2ba39f94b Merge PR #5901 from @phantinuss - bump evtx-baseline version to 0.8.4 phantinuss 2026-03-13 15:04:24 +01:00
  • 3c2407864e Merge PR #5857 from @swachchhanda000 - chore: add missing json logs Swachchhanda Shrawan Poudel 2026-03-03 16:46:07 +05:45
  • 37fe8969ae Merge PR #5890 from @nasbench - chore: archive new rule references and update cache file github-actions[bot] 2026-03-02 13:42:54 +01:00
  • 1aae4b0603 Merge PR #5889 from @phantinuss - Update ATT&CK Heatmap Coverage github-actions[bot] 2026-03-02 13:38:30 +01:00
  • b596e1a7d0 Merge PR #5860 from @marcopedrinazzi - Add New Email Forwarding and Hiding Rules Marco Pedrinazzi 2026-03-01 04:16:06 +01:00
  • 084204d06a Merge PR #5845 from @marcopedrinazzi - Add System Language Discovery via Reg.Exe Marco Pedrinazzi 2026-03-01 03:55:40 +01:00
  • 5f5e72cff7 Merge PR #5885 from @djlukic - Add New FP Filters Djordje Lukic 2026-03-01 03:47:59 +01:00
  • 3fb14d9544 Merge PR #5844 from @marcopedrinazzi - Add Inbox Rules Creation Or Update Activity in O365 Marco Pedrinazzi 2026-02-28 14:32:33 +01:00
  • 41c8116d0e Merge PR #5856 from @swachchhanda000 - Add CPL sideloading and Fsquirt entries Swachchhanda Shrawan Poudel 2026-02-28 19:06:29 +05:45
  • 6db81c99bd Merge PR #5716 from @tsale - Add detection rules for abuse of OpenEDR's response feature Kostas 2026-02-28 05:12:49 -08:00
  • 086a362b0f Merge PR #5875 from @Neo23x0 - Fix BloodHound Collection Files Florian Roth 2026-02-28 14:06:13 +01:00
  • dc3880459d Merge PR #5863 from @swachchhanda000 - Add finger.exe to related rules Swachchhanda Shrawan Poudel 2026-02-16 17:35:13 +05:45
  • 14d11fdda7 Merge PR from @swachchhanda000 - SolarWinds WebHelpDesk RCE Vulnerabilites Exploitation Swachchhanda Shrawan Poudel 2026-02-13 07:21:03 +05:45
  • 1df103ce6d Merge PR #5852 from @nasbench - Open Archive New Rule References github-actions[bot] 2026-02-10 14:48:39 +05:45
  • 02f6d3716d Merge #5851 from @nasbench - Update deprecated csv github-actions[bot] 2026-02-10 14:44:07 +05:45
  • 76f4a42ebb Merge PR #5854 from @swachchhanda000 - Add Notepad++ Infrastructure Abuse Rules Swachchhanda Shrawan Poudel 2026-02-04 16:53:03 +05:45
  • fb37712ca7 Merge PR #5850 from @phantinuss - Update ATT&CK Heatmap Coverage github-actions[bot] 2026-02-03 11:33:49 +01:00
  • 478120e7d2 Merge PR #5814 from @swachchhanda000 - Add New Credential Guard Tampering Rules r2026-01-01 Swachchhanda Shrawan Poudel 2026-01-29 17:37:08 +05:45
  • c6a32d96cf Merge PR #5813 from @swachchhanda000 - Add New AMSI Tampering Rules Swachchhanda Shrawan Poudel 2026-01-29 17:23:48 +05:45
  • 2022e3b420 Merge PR #5802 from @swachchhanda000 - Update Bitsadmin Rules With Regresstion Data Swachchhanda Shrawan Poudel 2026-01-29 17:22:55 +05:45
  • e77233ab2f Merge PR #5824 from @swachchhanda000 - Update User Shell Folders Registry Modification Rules Swachchhanda Shrawan Poudel 2026-01-29 17:08:46 +05:45
  • a4ddc7a414 Merge PR #5842 from @swachchhanda000 - chore: update thor.yml with missing file_change category Swachchhanda Shrawan Poudel 2026-01-29 14:10:27 +05:45
  • 3d8c650ba2 Merge PR #5811 from @swachchhanda000 - Add New Vulnerable Driver Blocklist and HVCI Tampering Based Rules Swachchhanda Shrawan Poudel 2026-01-27 04:38:42 +05:45
  • 092b852af3 Merge PR #5767 from @vl43den - Add Cmd Launched with Hidden Start Flags to Suspicious Targets Vladan Sekulic 2026-01-26 20:02:52 +01:00
  • d5188c36a1 Merge PR #5487 from @swachchhanda000 - Update Registry Shell Open Related Rules Swachchhanda Shrawan Poudel 2026-01-24 23:39:59 +05:45
  • 77f4b0b2ec Merge PR #5741 from @swachchhanda000 - Add Splunk Rules for MSIX/AppX Swachchhanda Shrawan Poudel 2026-01-24 21:49:41 +05:45
  • c0af81c9d2 Merge PR #5823 from @darses - Update DNS Query to External Service Interaction Domains Chris 2026-01-24 12:37:27 +01:00
  • 30aebbb65c Merge PR #5834 from @MATTANDERS0N - Add Devcon and KDU Execution Rules Matt Anderson 2026-01-24 05:36:29 -06:00
  • 01b23770b8 Merge PR #5826 from @marcopedrinazzi - Add New OpenCanary Rules Marco Pedrinazzi 2026-01-24 12:32:10 +01:00
  • ad3a650641 Merge PR #5476 from @swachchhanda000 - Update SquiblyTwo Related Rules Swachchhanda Shrawan Poudel 2026-01-24 17:10:13 +05:45
  • 222a2e2992 Merge PR #5749 from @swachchhanda000 - Update Phantom DLL hijacking Rules Swachchhanda Shrawan Poudel 2026-01-24 16:49:15 +05:45
  • 076da17939 Merge PR #5771 from @EzLucky - Add and Update Setcap Related Rules EzLucky 2026-01-24 11:51:42 +01:00
  • e443d5cbf8 Merge PR #5839 from @nasbench - Archive new rule references and update cache file github-actions[bot] 2026-01-17 13:03:58 +01:00
  • 6fe7343bf7 Merge PR #5822 from @EzLucky - fix: spelling errors in description and filename EzLucky 2026-01-05 08:16:17 +01:00
  • c5e6d0ecd5 Merge PR #5820 from @nasbench - Update deprecated csv github-actions[bot] 2026-01-01 12:23:20 +01:00
  • 8afdcc4321 Merge PR #5821 from @nasbench - Archive new rule references and update cache file github-actions[bot] 2026-01-01 12:22:51 +01:00
  • 1cfdf4f82e Merge PR #5819 from @phantinuss - Update ATT&CK Heatmap Coverage github-actions[bot] 2026-01-01 12:00:53 +01:00
  • c8b1a0ff67 Merge PR #5805 from @swachchhanda000 - Add regression tests for curl-related rules Swachchhanda Shrawan Poudel 2025-12-25 20:50:48 +05:45
  • b61d83beef Merge PR #5790 from @nasbench - Metadata Updates Nasreddine Bencherchali 2025-12-24 17:50:21 +01:00
  • 2952d630a4 Merge PR #5774 from @mbabinski - Added rules related to ArcGIS Server Object Extension abuse Micah Babinski 2025-12-21 09:07:30 -08:00
  • da971a6f28 Merge PR #5809 from @phantinuss - bump evtx-baseline version to 0.8.3 phantinuss 2025-12-21 18:02:45 +01:00
  • 6d581764e7 Merge PR #5806 from @nasbench - Archive New Rule References github-actions[bot] 2025-12-15 16:42:14 +01:00
  • 685194383b Merge PR #5804 from @swachchhanda000 - enhance rules related with file download from file sharing websites Swachchhanda Shrawan Poudel 2025-12-12 08:04:27 +05:45
  • c5b881019a Merge PR #5777 from @swachchhanda000 - feat: more edrfreeze rules Swachchhanda Shrawan Poudel 2025-12-10 20:14:38 +05:45
  • cce4545c10 Merge PR #5801 from @toheeb-orelope - add Invoke-DNSExfiltrator Toheeb Ajala Husain 2025-12-10 14:15:19 +00:00
  • 6af6ad8ef7 Merge PR #5803 from @swachchhanda000 - chore: ci: regression test id consistency check Swachchhanda Shrawan Poudel 2025-12-10 14:42:22 +05:45
  • 13aae8c1ea Merge PR #5795 from @swachchhanda000 - Add new rules for CVE-2025-55182 / React2Shell Swachchhanda Shrawan Poudel 2025-12-10 07:58:14 +05:45
  • cf3cbf8089 Merge PR #5799 from @nasbench - Update logic to use errorCode instead for better mapping and accuracy Nasreddine Bencherchali 2025-12-09 10:17:50 +01:00
  • f05a8c4d94 Merge PR #5788 from @swachchhanda000 - Recon via RDP Logging Event Swachchhanda Shrawan Poudel 2025-12-09 08:48:59 +05:45