blue-team-tools/rules/windows/builtin at 4ba778f030cbb83341aa16d1815abe2bca3728ff - blue-team-tools - GreySec Git

security-tools/blue-team-tools

Files

T

History

Swachchhanda Shrawan Poudel b7f52495c6 Merge PR #5520 from @swachchhanda000 - Fix Logic in some rules that were causing FPs and FNs

fix: Transferring Files with Credential Data via Network Shares - Made the string matching little more specific to avoid FPs
fix: Removal of Potential COM Hijacking Registry Keys - Added Msedge update filter
fix: COM Hijacking via TreatAs - Add filter for integrator.exe
fix: Suspicious Volume Shadow Copy VSS_PS.dll Load - add vssadmin filter
update: System File Execution Location Anomaly - add taskhostw

---------

Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>

2025-07-14 12:04:39 +02:00

..

Merge PR #5477 from @phantinuss - chore: update MITRE tag t1219 to t1219.002

2025-06-13 10:00:52 +02:00

Merge PR #4950 from @nasbench - Comply With v2 Spec Changes

2024-08-12 12:02:50 +02:00

appmodel_runtime

Merge PR #4950 from @nasbench - Comply With v2 Spec Changes

2024-08-12 12:02:50 +02:00

appxdeployment_server

Merge PR #5506 from @nasbench -promote older rules status from experimental to test

2025-07-01 10:34:38 +02:00

appxpackaging_om

Merge PR #4950 from @nasbench - Comply With v2 Spec Changes

2024-08-12 12:02:50 +02:00

Merge PR #5144 from @djlukic - Fix multiple FPs

2024-12-27 16:38:02 +01:00

Merge PR #4950 from @nasbench - Comply With v2 Spec Changes

2024-08-12 12:02:50 +02:00

certificate_services_client_lifecycle_system

Merge PR #4950 from @nasbench - Comply With v2 Spec Changes

2024-08-12 12:02:50 +02:00

Merge PR #5144 from @djlukic - Fix multiple FPs

2024-12-27 16:38:02 +01:00

diagnosis/scripted

Merge PR #4950 from @nasbench - Comply With v2 Spec Changes

2024-08-12 12:02:50 +02:00

Merge PR #5506 from @nasbench -promote older rules status from experimental to test

2025-07-01 10:34:38 +02:00

Merge PR #5418 from @frack113 - chore: 🧹 Update MITRE V17 DLL tags

2025-05-15 12:17:10 +02:00

driverframeworks

Merge PR #4950 from @nasbench - Comply With v2 Spec Changes

2024-08-12 12:02:50 +02:00

Merge PR #5506 from @nasbench -promote older rules status from experimental to test

2025-07-01 10:34:38 +02:00

iis-configuration

Merge PR #5395 from @david-syk - Update MITRE ATT&CK tags

2025-05-20 23:05:21 +02:00

Merge PR #5513 from @swachchhanda000 - fix FPs observed via Aurora

2025-07-08 10:29:01 +02:00

Merge PR #4950 from @nasbench - Comply With v2 Spec Changes

2024-08-12 12:02:50 +02:00

Merge PR #4950 from @nasbench - Comply With v2 Spec Changes

2024-08-12 12:02:50 +02:00

Merge PR #5477 from @phantinuss - chore: update MITRE tag t1219 to t1219.002

2025-06-13 10:00:52 +02:00

Merge PR #4950 from @nasbench - Comply With v2 Spec Changes

2024-08-12 12:02:50 +02:00

Merge PR #5520 from @swachchhanda000 - Fix Logic in some rules that were causing FPs and FNs

2025-07-14 12:04:39 +02:00

security_mitigations

Merge PR #5418 from @frack113 - chore: 🧹 Update MITRE V17 DLL tags

2025-05-15 12:17:10 +02:00

Merge PR #4950 from @nasbench - Comply With v2 Spec Changes

2024-08-12 12:02:50 +02:00

Merge PR #4950 from @nasbench - Comply With v2 Spec Changes

2024-08-12 12:02:50 +02:00

smbclient/security

Merge PR #5007 from @fukusuket - Fix unreachable GitHub URL references

2024-09-13 11:14:11 +02:00

Merge PR #5477 from @phantinuss - chore: update MITRE tag t1219 to t1219.002

2025-06-13 10:00:52 +02:00

Merge PR #4950 from @nasbench - Comply With v2 Spec Changes

2024-08-12 12:02:50 +02:00

terminalservices

Merge PR #4950 from @nasbench - Comply With v2 Spec Changes

2024-08-12 12:02:50 +02:00

Merge PR #5022 from @jaegeral - Fix some typos in rules metadata

2024-09-22 19:14:26 +02:00

Merge PR #4950 from @nasbench - Comply With v2 Spec Changes

2024-08-12 12:02:50 +02:00

win_alert_mimikatz_keywords.yml

Merge PR #4950 from @nasbench - Comply With v2 Spec Changes

2024-08-12 12:02:50 +02:00