security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5bbe3dec9bb6dfb97190e04c3139ebb8be793985
blue-team-tools/rules/windows
T
History
Cyb3rEng 5bbe3dec9b Completed changes to selection1 and selection2 
changes were completed to remove ( * ) and stay within rule creation guide:
    - Image|endswith:
      - '\winword.exe'
      - '\excel.exe'
      - '\powerpnt.exe'

 WMIcommand|contains: 'Win32_Process\:\:Create'
2021-09-08 21:14:58 -06:00
..
builtin
Merge pull request #2001 from SigmaHQ/rule-devel
2021-09-08 09:09:58 +02:00
create_remote_thread
Cleanup PS rules
2021-08-21 09:58:58 +02:00
create_stream_hash
Merging upstream updates
2021-07-01 12:18:30 +05:45
deprecated
Merging upstream updates
2021-07-01 12:18:30 +05:45
dns_query
Removed EventID from generic DNS query rule
2021-07-08 07:41:11 +02:00
driver_load
Update cve tags
2021-08-24 10:27:27 +02:00
file_delete
Update cve tags
2021-08-24 10:27:27 +02:00
file_event
Merge pull request #1979 from frack113/test_global
2021-09-06 08:44:14 +02:00
image_load
Merge branch 'fix'
2021-09-08 00:19:09 +02:00
malware
Update global ID
2021-09-02 21:16:55 +02:00
network_connection
update global id
2021-09-02 21:03:25 +02:00
other
Merge pull request #1979 from frack113/test_global
2021-09-06 08:44:14 +02:00
pipe_created
Various fixes
2021-09-07 23:38:07 +02:00
powershell
Merge pull request #2000 from frack113/split_global
2021-09-08 06:26:35 +02:00
process_access
Various fixes
2021-09-07 23:38:07 +02:00
process_creation
Completed changes to selection1 and selection2
2021-09-08 21:14:58 -06:00
raw_access_thread
Fix selection with only 1 element
2021-08-14 09:54:27 +02:00
registry_event
Merge pull request #1979 from frack113/test_global
2021-09-06 08:44:14 +02:00
sysmon
Changed Category
2021-09-08 20:38:07 -06:00
wmi_event
fix: tags for WMI / execution / persistence
2021-09-01 16:34:50 +02:00