security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 45 Packages Projects Releases Wiki Activity
Files
685194383b4d6e594ec264e7d92270108783197d
blue-team-tools/rules/windows
T
History
Swachchhanda Shrawan Poudel 685194383b Merge PR #5804 from @swachchhanda000 - enhance rules related with file download from file sharing websites 
update: Suspicious Remote AppX Package Locations - add github.com
update: BITS Transfer Job Download From File Sharing Domains - add github.com
update: Suspicious File Download From File Sharing Websites - File Stream - add github.com
update: Unusual File Download From File Sharing Websites - File Stream - add github.com
update: Network Communication Initiated To File Sharing Domains From Process Located In Suspicious Folder - add github.com
update: Network Connection Initiated From Process Located In Potentially Suspicious Or Uncommon Location - add github.com
update: Suspicious File Downloaded From File-Sharing Website Via Certutil.EXE - add github.com
update: Suspicious File Download From File Sharing Domain Via Curl.EXE - add github.com
update: Suspicious File Download From File Sharing Domain Via Wget.EXE - add github.com
2025-12-12 08:04:27 +05:45
..
builtin
Merge PR #5804 from @swachchhanda000 - enhance rules related with file download from file sharing websites
2025-12-12 08:04:27 +05:45
create_remote_thread
Merge #5798 from @swachchhanda000 - fix: aurora fps
2025-12-09 08:21:14 +05:45
create_stream_hash
Merge PR #5804 from @swachchhanda000 - enhance rules related with file download from file sharing websites
2025-12-12 08:04:27 +05:45
dns_query
Merge PR #5763 from @swachchhanda000 - Update ClickFix/FileFix related rules
2025-11-27 23:00:25 +01:00
driver_load
chore: ci: bump validator version (#5722)
2025-10-23 15:43:47 +02:00
file
Merge PR #5801 from @toheeb-orelope - add Invoke-DNSExfiltrator
2025-12-10 15:15:19 +01:00
image_load
Merge PR #5777 from @swachchhanda000 - feat: more edrfreeze rules
2025-12-10 15:29:38 +01:00
network_connection
Merge PR #5804 from @swachchhanda000 - enhance rules related with file download from file sharing websites
2025-12-12 08:04:27 +05:45
pipe_created
chore: ci: bump validator version (#5722)
2025-10-23 15:43:47 +02:00
powershell
Merge PR #5801 from @toheeb-orelope - add Invoke-DNSExfiltrator
2025-12-10 15:15:19 +01:00
process_access
Merge PR #5777 from @swachchhanda000 - feat: more edrfreeze rules
2025-12-10 15:29:38 +01:00
process_creation
Merge PR #5804 from @swachchhanda000 - enhance rules related with file download from file sharing websites
2025-12-12 08:04:27 +05:45
process_tampering
Merge PR #5027 from @nasbench - Promote older rules status from experimental to test
2024-10-01 14:56:09 +02:00
raw_access_thread
Merge PR #5789 from @swachchhanda000 - Add fps filter observed on ARM-based Windows updates
2025-12-09 08:29:51 +05:45
registry
Merge #5798 from @swachchhanda000 - fix: aurora fps
2025-12-09 08:21:14 +05:45
sysmon
Merge PR #5775 from @swachchhanda000 - Restructure regression testing data directory
2025-11-26 11:08:11 +01:00
wmi_event
Merge PR #5769 from @nasbench - fix keywords rule and remove the fields field
2025-11-24 09:54:29 +01:00