security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
3dd201d36f694a4e477858bf99e7a118cd3ef5f2
blue-team-tools/rules/network
T
History
Nate Guagenti b255586117 condition fix and add fields 
should be `operation` not `endpoint` for the detection logic.
added various fields useful for investigation
2021-08-23 14:59:06 -04:00
..
cisco/aaa
Second round
2020-09-15 07:02:30 -06:00
zeek
condition fix and add fields
2021-08-23 14:59:06 -04:00
net_apt_equationgroup_c2.yml
Second round
2020-09-15 07:02:30 -06:00
net_dns_c2_detection.yml
Second round
2020-09-15 07:02:30 -06:00
net_high_dns_bytes_out.yml
Second round
2020-09-15 07:02:30 -06:00
net_high_dns_requests_rate.yml
Second round
2020-09-15 07:02:30 -06:00
net_high_null_records_requests_rate.yml
Second round
2020-09-15 07:02:30 -06:00
net_high_txt_records_requests_rate.yml
Second round
2020-09-15 07:02:30 -06:00
net_mal_dns_cobaltstrike.yml
refactor: change level
2021-03-24 12:38:00 +01:00
net_susp_dns_b64_queries.yml
Split PR 1802 fix net rules
2021-08-09 17:23:15 +02:00
net_susp_dns_txt_exec_strings.yml
Update net_susp_dns_txt_exec_strings.yml
2020-10-15 23:11:16 -03:00
net_susp_ipify.yml
Title fixed
2021-07-11 09:25:33 +02:00
net_susp_network_scan.yml
Second round
2020-09-15 07:02:30 -06:00
net_susp_telegram_api.yml
Split PR 1802 fix net rules
2021-08-09 17:23:15 +02:00
net_wannacry_killswitch_domain.yml
fix: duplicate ID
2020-12-13 18:59:04 +01:00