security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 45 Packages Projects Releases Wiki Activity
Files
3fe2695635e16d74a096f9bc901579571e0aaa39
blue-team-tools/rules-threat-hunting/windows
T
History
Swachchhanda Shrawan Poudel a15dbdaa05 Merge PR #5832 from @swachchhanda000 - fix: edr-freeze rules FPs analysed from VT 
fix: Suspicious Loading of Dbgcore/Dbghelp DLLs from Uncommon Location - remove troublesome locations commonly used by installers
fix: HackTool - WSASS Execution - update regex to avoid mismatching on legitimate cli
update: WerFaultSecure Loading DbgCore or DbgHelp - EDR-Freeze - change it into hunting rule
2026-03-19 10:26:30 +01:00
..
builtin
Merge PR #5741 from @swachchhanda000 - Add Splunk Rules for MSIX/AppX
2026-01-24 17:04:41 +01:00
create_remote_thread
chore: ci: bump validator version (#5722)
2025-10-23 15:43:47 +02:00
file
Merge PR #5842 from @swachchhanda000 - chore: update thor.yml with missing file_change category
2026-01-29 09:25:27 +01:00
image_load
Merge PR #5832 from @swachchhanda000 - fix: edr-freeze rules FPs analysed from VT
2026-03-19 10:26:30 +01:00
network_connection
chore: ci: bump validator version (#5722)
2025-10-23 15:43:47 +02:00
pipe_created
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
powershell
Merge PR #5860 from @marcopedrinazzi - Add New Email Forwarding and Hiding Rules
2026-03-01 04:16:06 +01:00
process_access
Merge PR #5473 from @frack113 - chore: add ET and TH tags
2025-06-12 10:21:24 +02:00
process_creation
Merge PR #5674 from @skaynum - Add HTML File Opened From Download Folder
2025-12-05 01:22:04 +01:00
registry
Merge PR #5756 from @phantinuss - add a check for duplicate IDs over all rules that ever existed
2025-11-13 14:22:02 +01:00