security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3565dee3eb7eb98dbee87ba8b3daa8493fcc5322
blue-team-tools/rules/windows
T
History
Swachchhanda Shrawan Poudel 0a6d929974 Merge PR #5482 from @swachchhanda000 - Update Suspicious Copy From or To System Directory 
update: Suspicious Copy From or To System Directory - Update selection to use regex for better accuracy
update: LOL-Binary Copied From System Directory - Add ie4uinit.exe

---------

Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
Co-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>
2025-11-27 23:44:35 +01:00
..
builtin
Merge PR #5769 from @nasbench - fix keywords rule and remove the fields field
2025-11-24 09:54:29 +01:00
create_remote_thread
chore: ci: bump validator version (#5722)
2025-10-23 15:43:47 +02:00
create_stream_hash
Merge PR #5769 from @nasbench - fix keywords rule and remove the fields field
2025-11-24 09:54:29 +01:00
dns_query
Merge PR #5763 from @swachchhanda000 - Update ClickFix/FileFix related rules
2025-11-27 23:00:25 +01:00
driver_load
chore: ci: bump validator version (#5722)
2025-10-23 15:43:47 +02:00
file
Merge PR #5775 from @swachchhanda000 - Restructure regression testing data directory
2025-11-26 11:08:11 +01:00
image_load
Merge PR #5762 from @HullaBrian - Unsigned .node File Load
2025-11-25 17:48:05 +05:45
network_connection
Merge PR #5763 from @swachchhanda000 - Update ClickFix/FileFix related rules
2025-11-27 23:00:25 +01:00
pipe_created
chore: ci: bump validator version (#5722)
2025-10-23 15:43:47 +02:00
powershell
Merge PR #5769 from @nasbench - fix keywords rule and remove the fields field
2025-11-24 09:54:29 +01:00
process_access
chore: ci: bump validator version (#5722)
2025-10-23 15:43:47 +02:00
process_creation
Merge PR #5482 from @swachchhanda000 - Update Suspicious Copy From or To System Directory
2025-11-27 23:44:35 +01:00
process_tampering
Merge PR #5027 from @nasbench - Promote older rules status from experimental to test
2024-10-01 14:56:09 +02:00
raw_access_thread
Merge PR #5639 from @swachchhanda000 - Fix some more fps found in prod
2025-09-22 11:46:48 +02:00
registry
Merge PR #5763 from @swachchhanda000 - Update ClickFix/FileFix related rules
2025-11-27 23:00:25 +01:00
sysmon
Merge PR #5775 from @swachchhanda000 - Restructure regression testing data directory
2025-11-26 11:08:11 +01:00
wmi_event
Merge PR #5769 from @nasbench - fix keywords rule and remove the fields field
2025-11-24 09:54:29 +01:00