security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
691dca6fd2cac002bec9f158bb3ecf4c679a76fa
blue-team-tools/rules/windows
T
History
frack113 691dca6fd2 Merge PR #4808 from @frack113 - FP Bad practice GPO 
fix: Windows Binaries Write Suspicious Extensions - Add new filter for when "bat" or "powershell" scripts are written via GPO to run at startup.

---------

Co-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>
2024-04-15 13:43:35 +02:00
..
builtin
Merge PR #4791 from @nasbench - Promote older rules status from experimental to test
2024-04-01 15:14:10 +02:00
create_remote_thread
Merge PR #4756 from @benmontour - Update Remote Thread Creation In Uncommon Target Image
2024-03-07 00:01:03 +01:00
create_stream_hash
Merge PR #4791 from @nasbench - Promote older rules status from experimental to test
2024-04-01 15:14:10 +02:00
dns_query
Merge PR #4780 from @xiangchen96 - Minor fix for ip lookup rules
2024-03-22 12:24:22 +01:00
driver_load
Merge PR #4791 from @nasbench - Promote older rules status from experimental to test
2024-04-01 15:14:10 +02:00
file
Merge PR #4808 from @frack113 - FP Bad practice GPO
2024-04-15 13:43:35 +02:00
image_load
Merge PR #4788 from @phantinuss - fix: regularly loaded by wsmprovhost.exe
2024-04-02 09:27:58 +02:00
network_connection
Merge PR #4791 from @nasbench - Promote older rules status from experimental to test
2024-04-01 15:14:10 +02:00
pipe_created
Merge PR #4690 from @tr0mb1r - filter Websense named pipe
2024-01-29 11:50:59 +01:00
powershell
Merge PR #4791 from @nasbench - Promote older rules status from experimental to test
2024-04-01 15:14:10 +02:00
process_access
Merge PR #4750 from @secDre4mer - Fix false positive with Potential Credential Dumping Activity Via LSASS rule
2024-03-02 02:28:29 +01:00
process_creation
Merge PR #4813 from @frack113 - Add Image to avoid FP
2024-04-15 13:42:32 +02:00
process_tampering
Merge PR #4597 from @nasbench - Update Process Access Rules
2023-12-04 01:14:15 +01:00
raw_access_thread
Merge PR #4597 from @nasbench - Update Process Access Rules
2023-12-04 01:14:15 +01:00
registry
Merge PR #4791 from @nasbench - Promote older rules status from experimental to test
2024-04-01 15:14:10 +02:00
sysmon
Merge PR #4482 From @nasbench - Add New Automation Workflows
2023-10-18 11:53:44 +02:00
wmi_event
Merge PR #4681 from @nasbench - Add Missing Ref & Tags
2024-01-29 13:37:20 +01:00