blue-team-tools

Files

T

Brad Kish 7e06fd80fd Proposed fix for sysmon_uac_bypass_eventvwr

Issue: https://github.com/Neo23x0/sigma/issues/888

The rules were not merged correctly with the transition to sysmon categories.

Split the rule into separate documents: one for the registry_event and one for
the process_creation

2020-07-06 09:20:34 -04:00

application

fix: fixed casing and long rule titles

2020-01-30 17:26:09 +01:00

apt

fix: removed rules missing in master

2020-05-14 15:53:09 +02:00

cloud

Initial round of subtechnique updates

2020-06-16 14:46:08 -06:00

compliance

Added UUIDs to rules

2019-11-12 23:12:27 +01:00

generic

OSCD QA wave 3

2020-02-02 12:41:12 +01:00

linux

Merge pull request #882 from Neo23x0/rule-devel

2020-07-03 15:33:55 +02:00

network

fix: duplicate IDs

2020-06-24 17:04:04 +02:00

proxy

rule: Turla ComRAT

2020-05-26 13:18:50 +02:00

web

improved F5 BIG-IP rule based on private feedback

2020-07-05 16:21:48 +02:00

windows

Proposed fix for sysmon_uac_bypass_eventvwr

2020-07-06 09:20:34 -04:00