security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
76f4a42ebb462a066f960d8a034a90fc7465e411
blue-team-tools/rules/windows
T
History
Swachchhanda Shrawan Poudel 76f4a42ebb Merge PR #5854 from @swachchhanda000 - Add Notepad++ Infrastructure Abuse Rules 
new: Notepad++ Updater DNS Query to Uncommon Domains
new: Uncommon File Created by Notepad++ Updater Gup.EXE
new: Suspicious Child Process of Notepad++ Updater - GUP.Exe

---------

Co-authored-by: nasbench <nbencher@cisco.com>
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
2026-02-04 12:08:03 +01:00
..
builtin
Merge PR #5741 from @swachchhanda000 - Add Splunk Rules for MSIX/AppX
2026-01-24 17:04:41 +01:00
create_remote_thread
Merge #5798 from @swachchhanda000 - fix: aurora fps
2025-12-09 08:21:14 +05:45
create_stream_hash
Merge PR #5804 from @swachchhanda000 - enhance rules related with file download from file sharing websites
2025-12-12 08:04:27 +05:45
dns_query
Merge PR #5854 from @swachchhanda000 - Add Notepad++ Infrastructure Abuse Rules
2026-02-04 12:08:03 +01:00
driver_load
chore: ci: bump validator version (#5722)
2025-10-23 15:43:47 +02:00
file
Merge PR #5854 from @swachchhanda000 - Add Notepad++ Infrastructure Abuse Rules
2026-02-04 12:08:03 +01:00
image_load
Merge PR #5476 from @swachchhanda000 - Update SquiblyTwo Related Rules
2026-01-24 12:25:13 +01:00
network_connection
Merge PR #5804 from @swachchhanda000 - enhance rules related with file download from file sharing websites
2025-12-12 08:04:27 +05:45
pipe_created
chore: ci: bump validator version (#5722)
2025-10-23 15:43:47 +02:00
powershell
Merge PR #5741 from @swachchhanda000 - Add Splunk Rules for MSIX/AppX
2026-01-24 17:04:41 +01:00
process_access
Merge PR #5777 from @swachchhanda000 - feat: more edrfreeze rules
2025-12-10 15:29:38 +01:00
process_creation
Merge PR #5854 from @swachchhanda000 - Add Notepad++ Infrastructure Abuse Rules
2026-02-04 12:08:03 +01:00
process_tampering
Merge PR #5027 from @nasbench - Promote older rules status from experimental to test
2024-10-01 14:56:09 +02:00
raw_access_thread
Merge PR #5789 from @swachchhanda000 - Add fps filter observed on ARM-based Windows updates
2025-12-09 08:29:51 +05:45
registry
Merge PR #5814 from @swachchhanda000 - Add New Credential Guard Tampering Rules
2026-01-29 12:52:08 +01:00
sysmon
Merge PR #5775 from @swachchhanda000 - Restructure regression testing data directory
2025-11-26 11:08:11 +01:00
wmi_event
Merge PR #5769 from @nasbench - fix keywords rule and remove the fields field
2025-11-24 09:54:29 +01:00