blue-team-tools

Files

T

Nate Guagenti 1819e4b02b improve rule

- improve rule logic
- match zeek fields for fields section
- add false positive information
- change rule name to match the logic of the original rule.. Rule said "first" seen, however, no logic that matches that (ie: rare, stacking, etc..)

2021-08-23 14:12:50 -04:00

cisco/aaa

Second round

2020-09-15 07:02:30 -06:00

zeek

improve rule

2021-08-23 14:12:50 -04:00

net_apt_equationgroup_c2.yml

Second round

2020-09-15 07:02:30 -06:00

net_dns_c2_detection.yml

Second round

2020-09-15 07:02:30 -06:00

net_high_dns_bytes_out.yml

Second round

2020-09-15 07:02:30 -06:00

net_high_dns_requests_rate.yml

Second round

2020-09-15 07:02:30 -06:00

net_high_null_records_requests_rate.yml

Second round

2020-09-15 07:02:30 -06:00

net_high_txt_records_requests_rate.yml

Second round

2020-09-15 07:02:30 -06:00

net_mal_dns_cobaltstrike.yml

refactor: change level

2021-03-24 12:38:00 +01:00

net_susp_dns_b64_queries.yml

Split PR 1802 fix net rules

2021-08-09 17:23:15 +02:00

net_susp_dns_txt_exec_strings.yml

Update net_susp_dns_txt_exec_strings.yml

2020-10-15 23:11:16 -03:00

net_susp_ipify.yml

Title fixed

2021-07-11 09:25:33 +02:00

net_susp_network_scan.yml

Second round

2020-09-15 07:02:30 -06:00

net_susp_telegram_api.yml

Split PR 1802 fix net rules

2021-08-09 17:23:15 +02:00

net_wannacry_killswitch_domain.yml

fix: duplicate ID

2020-12-13 18:59:04 +01:00