blue-team-tools

Files

T

Florian Roth 17dcad456f Merge PR #5116 from @Neo23x0 - Add rules and updates related to Cleo exploitation

new: CVE-2024-50623 Exploitation Attempt - Cleo
update: Webshell Detection With Command Line Keywords - Add suspicious powershell commandline keywords
---------

Co-authored-by: Nasreddine Bencherchali <nasreddineb@splunk.com>

2024-12-14 22:44:55 +02:00

builtin

Merge PR #5125 from @randomaccess3 - Update Potential Secure Deletion with SDelete

2024-12-14 21:55:43 +02:00

create_remote_thread

Merge PR #5101 from @nasbench - Promote older rules status from experimental to test

2024-12-01 13:40:32 +01:00

create_stream_hash

Merge PR #5088 from @frack113 - Remove custom dedicated hash fields from sigmac

2024-11-25 09:30:14 +01:00

dns_query

Merge PR #5065 from @nasbench - Promote older rules status from experimental to test

2024-11-01 10:21:04 +01:00

driver_load

Merge PR #5088 from @frack113 - Remove custom dedicated hash fields from sigmac

2024-11-25 09:30:14 +01:00

file

Merge PR #5101 from @nasbench - Promote older rules status from experimental to test

2024-12-01 13:40:32 +01:00

image_load

Merge PR #5101 from @nasbench - Promote older rules status from experimental to test

2024-12-01 13:40:32 +01:00

network_connection

Merge PR #5101 from @nasbench - Promote older rules status from experimental to test

2024-12-01 13:40:32 +01:00

pipe_created

Merge PR #5065 from @nasbench - Promote older rules status from experimental to test

2024-11-01 10:21:04 +01:00

powershell

Merge PR #5065 from @nasbench - Promote older rules status from experimental to test

2024-11-01 10:21:04 +01:00

process_access

Merge PR #5065 from @nasbench - Promote older rules status from experimental to test

2024-11-01 10:21:04 +01:00

process_creation

Merge PR #5116 from @Neo23x0 - Add rules and updates related to Cleo exploitation

2024-12-14 22:44:55 +02:00

process_tampering

Merge PR #5027 from @nasbench - Promote older rules status from experimental to test

2024-10-01 14:56:09 +02:00

raw_access_thread

Merge PR #4950 from @nasbench - Comply With v2 Spec Changes

2024-08-12 12:02:50 +02:00

registry

Merge PR #5126 from @MalGamy12 - Update COM Object Hijacking Via Modification Of Default System CLSID Default Value

2024-12-14 21:09:33 +02:00

sysmon

Merge PR #4950 from @nasbench - Comply With v2 Spec Changes

2024-08-12 12:02:50 +02:00

wmi_event

Merge PR #4950 from @nasbench - Comply With v2 Spec Changes

2024-08-12 12:02:50 +02:00