security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6bcbd61fb836ceed5c8bdcc30773fb9ed5dbbd9a
blue-team-tools/rules/windows/network_connection
T
History
Kamran Saifullah - Frog Man e506e4574a Merge PR #4580 from @deFr0ggy - Update VsCode/DevTunnels Communication Related Rules 
new: DNS Query To Devtunnels Domain - Split rule based on b3e6418f-7c7a-4fad-993a-93b65027a9f1
new: Network Connection Initiated To DevTunnels Domain
new: Network Connection Initiated To Visual Studio Code Tunnels Domain
update: DNS Query To Visual Studio Code Tunnels Domain - Update the rule to only focus on DNS requests from Vscode tunnels and move the logic of Devtunnels to another rule. To ease FP management for users that leverage one but not the other.

---------

Co-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
2023-11-20 13:22:15 +01:00
..
net_connection_win_addinutil.yml
Merge PR #4452 from @SILJAEUROPA - Add New Rules To AddInUtil Potential Abuse
2023-10-05 13:07:50 +02:00
net_connection_win_binary_susp_com.yml
Merge PR #4482 From @nasbench - Add New Automation Workflows
2023-10-18 11:53:44 +02:00
net_connection_win_certutil_initiated_connection.yml
Merge PR #4479 From @frack113 - Upgrade Rules Status
2023-10-17 14:35:26 +02:00
net_connection_win_crypto_mining_pools.yml
feat: update multiple rules
2023-04-18 18:08:08 +02:00
net_connection_win_dead_drop_resolvers.yml
Merge PR #4524 from @wagga40 - Fix Typos In Metadata Fields
2023-10-28 13:15:09 +02:00
net_connection_win_devtunnel_connection.yml
Merge PR #4580 from @deFr0ggy - Update VsCode/DevTunnels Communication Related Rules
2023-11-20 13:22:15 +01:00
net_connection_win_dfsvc_uncommon_ports.yml
feat: update clickonce rules
2023-06-12 23:52:40 +02:00
net_connection_win_dllhost_net_connections.yml
fix: filter fp found in testing
2023-01-20 11:39:08 +01:00
net_connection_win_eqnedt.yml
Merge PR #4479 From @frack113 - Upgrade Rules Status
2023-10-17 14:35:26 +02:00
net_connection_win_excel_outbound_network_connection.yml
Merge PR #4479 From @frack113 - Upgrade Rules Status
2023-10-17 14:35:26 +02:00
net_connection_win_google_api_non_browser_access.yml
Merge PR #4538 from @frack113 - Add Sigma CLI Configuration File
2023-11-03 16:59:53 +01:00
net_connection_win_hh.yml
Merge PR #4479 From @frack113 - Upgrade Rules Status
2023-10-17 14:35:26 +02:00
net_connection_win_imewdbld.yml
Merge PR #4557 from @swachchhanda000 - Multiple Rule Updates & New Rules
2023-11-14 09:46:39 +01:00
net_connection_win_malware_backconnect_ports.yml
feat: add new rules related to coldsteel
2023-05-02 19:02:53 +02:00
net_connection_win_mega_nz.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
net_connection_win_msiexec.yml
change status to test
2023-01-27 06:48:34 +01:00
net_connection_win_ngrok_domains.yml
Merge PR #4576 from @Neo23x0 - Additional Ngrok Domains
2023-11-17 16:44:49 +01:00
net_connection_win_ngrok_tunnel.yml
Merge PR #4479 From @frack113 - Upgrade Rules Status
2023-10-17 14:35:26 +02:00
net_connection_win_notepad_network_connection.yml
Order yaml field
2022-10-26 09:42:26 +02:00
net_connection_win_notion_api_susp_communication.yml
Merge PR #4482 From @nasbench - Add New Automation Workflows
2023-10-18 11:53:44 +02:00
net_connection_win_office_susp_ports.yml
Merge PR #4482 From @nasbench - Add New Automation Workflows
2023-10-18 11:53:44 +02:00
net_connection_win_powershell_network_connection.yml
Merge PR #4427 from @nasbench - Multiple Fixes & Enhancements
2023-10-04 19:06:57 +02:00
net_connection_win_python.yml
Merge PR #4427 from @nasbench - Multiple Fixes & Enhancements
2023-10-04 19:06:57 +02:00
net_connection_win_rdp_outbound_over_non_standard_tools.yml
Merge PR #4482 From @nasbench - Add New Automation Workflows
2023-10-18 11:53:44 +02:00
net_connection_win_rdp_reverse_tunnel.yml
fix: broken single item lists
2022-12-08 16:23:58 +01:00
net_connection_win_rdp_to_http.yml
Merge PR #4479 From @frack113 - Upgrade Rules Status
2023-10-17 14:35:26 +02:00
net_connection_win_reddit_api_non_browser_access.yml
Merge PR #4482 From @nasbench - Add New Automation Workflows
2023-10-18 11:53:44 +02:00
net_connection_win_regsvr32_network_activity.yml
Merge PR #4427 from @nasbench - Multiple Fixes & Enhancements
2023-10-04 19:06:57 +02:00
net_connection_win_remote_powershell_session_network.yml
Merge PR #4482 From @nasbench - Add New Automation Workflows
2023-10-18 11:53:44 +02:00
net_connection_win_rundll32_net_connections.yml
Merge PR #4482 From @nasbench - Add New Automation Workflows
2023-10-18 11:53:44 +02:00
net_connection_win_script_wan.yml
Merge PR #4479 From @frack113 - Upgrade Rules Status
2023-10-17 14:35:26 +02:00
net_connection_win_script.yml
Merge PR #4479 From @frack113 - Upgrade Rules Status
2023-10-17 14:35:26 +02:00
net_connection_win_silenttrinity_stager_msbuild_activity.yml
Order yaml field
2022-10-26 09:42:26 +02:00
net_connection_win_susp_binary_no_cmdline.yml
Merge PR #4479 From @frack113 - Upgrade Rules Status
2023-10-17 14:35:26 +02:00
net_connection_win_susp_cmstp.yml
Merge PR #4479 From @frack113 - Upgrade Rules Status
2023-10-17 14:35:26 +02:00
net_connection_win_susp_dropbox_api.yml
Merge PR #4479 From @frack113 - Upgrade Rules Status
2023-10-17 14:35:26 +02:00
net_connection_win_susp_epmap.yml
Merge PR #4482 From @nasbench - Add New Automation Workflows
2023-10-18 11:53:44 +02:00
net_connection_win_susp_external_ip_lookup.yml
Merge PR #4482 From @nasbench - Add New Automation Workflows
2023-10-18 11:53:44 +02:00
net_connection_win_susp_outbound_kerberos_connection.yml
Merge PR #4482 From @nasbench - Add New Automation Workflows
2023-10-18 11:53:44 +02:00
net_connection_win_susp_outbound_mobsync_connection.yml
Merge PR #4479 From @frack113 - Upgrade Rules Status
2023-10-17 14:35:26 +02:00
net_connection_win_susp_outbound_smtp_connections.yml
Merge PR #4479 From @frack113 - Upgrade Rules Status
2023-10-17 14:35:26 +02:00
net_connection_win_susp_prog_location_network_connection.yml
Merge PR #4482 From @nasbench - Add New Automation Workflows
2023-10-18 11:53:44 +02:00
net_connection_win_telegram_api_non_browser_access.yml
Merge PR #4482 From @nasbench - Add New Automation Workflows
2023-10-18 11:53:44 +02:00
net_connection_win_vscode_tunnel_connection.yml
Merge PR #4580 from @deFr0ggy - Update VsCode/DevTunnels Communication Related Rules
2023-11-20 13:22:15 +01:00
net_connection_win_winlogon_net_connections.yml
Update net_connection_win_winlogon_net_connections.yml
2023-04-28 16:39:04 +02:00
net_connection_win_wuauclt_network_connection.yml
Merge PR #4575 from @fukusuket - Fix typo in the selection name
2023-11-17 15:25:24 +01:00