security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7ce5b3515b09ed6c47b67dcf9bc02e3093fbe7db
blue-team-tools/rules
T
History
John Lambert 7ce5b3515b Create win_susp_powershell_hidden_b64_cmd.yml 
Look in process creation events for powershell commands with base64 encoded content containing suspicious keywords. Require hidden flag to reduce FP.
2018-09-07 20:23:11 -07:00
..
application
Fixes for Elasticsearch query correctness CI tests
2018-04-09 22:33:29 +02:00
apt
Rule fix
2018-08-26 22:35:35 +02:00
linux
Update lnx_buffer_overflows.yml
2018-08-25 00:20:34 +02:00
network
Fixed ATT&CK tagging
2018-08-08 15:58:19 +02:00
proxy
Rule: Proxy UA rule update - from Kaspersky report
2018-09-05 20:39:19 +02:00
web
Update web_cve_2018_2894_weblogic_exploit.yml
2018-07-23 06:19:25 -06:00
windows
Create win_susp_powershell_hidden_b64_cmd.yml
2018-09-07 20:23:11 -07:00