blue-team-tools

Files

T

$frack113$ frack113 6abf058185 Merge PR #4765 from @frack113 - Update additional rules to use the cidr modifier

update: Communication To Uncommon Destination Ports - Add link-local address range
update: Dfsvc.EXE Network Connection To Non-Local IPs - Update rule to use cidr modifier
update: Microsoft Sync Center Suspicious Network Connections - Add link-local address range
update: Network Connection Initiated By PowerShell Process - Update rule to use cidr modifier
update: Office Application Initiated Network Connection To Non-Local IP - Update rule to use cidr modifier
update: Outbound Network Connection To Public IP Via Winlogon - Add link-local address range
update: Potential CVE-2023-23397 Exploitation Attempt - SMB - Update rule to use cidr modifier
update: Potentially Suspicious Malware Callback Communication - Add link-local address range
update: Potentially Suspicious Wuauclt Network Connection - Update rule to use cidr modifier
update: Publicly Accessible RDP Service - Add link-local address range
update: RDP Over Reverse SSH Tunnel - Update rule to use cidr modifier
update: Rundll32 Internet Connection - Add link-local address range
update: Script Initiated Connection to Non-Local Network - Update rule to use cidr modifier
update: Search-ms and WebDAV Suspicious Indicators in URL - Add link-local address range
update: Search-ms and WebDAV Suspicious Indicators in URL - Add link-local address range
update: WebDav Put Request - Update rule to use cidr modifier

---------

Co-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>

2024-03-13 14:51:21 +01:00

cisco

Merge PR #4681 from @nasbench - Add Missing Ref & Tags

2024-01-29 13:37:20 +01:00

dns

Merge PR #4479 From @frack113 - Upgrade Rules Status

2023-10-17 14:35:26 +02:00

firewall

Merge PR #4681 from @nasbench - Add Missing Ref & Tags

2024-01-29 13:37:20 +01:00

huawei/bgp

Merge PR #4611 from @nasbench - Promote Older Rules Status From experimental To test