security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7f030b250e82fda2795bba7ea2f7a102ff5e88fa
blue-team-tools/rules/windows
T
History
phantinuss 7f030b250e fix: wrong mapping of Windows Audit Log EventID 4688 
reverts some changes introduced by commit c5fa73c328
    - removes the unnecessary/wrong field mapping
    - fixes the rules to apply to CommandLine instead of
      ParentCommandLine as the author probably intended
2022-03-30 11:24:24 +02:00
..
builtin
Merge branch 'master' into aurora-false-positive-fixing
2022-03-29 21:06:30 +02:00
create_remote_thread
Merge pull request #2813 from phantinuss/master
2022-03-17 14:31:27 +01:00
create_stream_hash
fix: unknown --> Unknown
2022-03-16 13:43:54 +01:00
deprecated
fix: remove penetration test as valid false positive reason
2022-03-16 14:33:18 +01:00
dns_query
fix: unknown --> Unknown
2022-03-16 13:43:54 +01:00
driver_load
fix: legitimate --> Legitimate
2022-03-16 14:35:19 +01:00
etw/file_rename
Merge branch 'master' into aurora-false-positive-fixing
2022-03-15 18:07:13 +01:00
file_delete
fix: unknown --> Unknown
2022-03-16 13:43:54 +01:00
file_event
Merge branch 'master' into aurora-false-positive-fixing
2022-03-29 21:06:30 +02:00
image_load
fix: remove penetration test as valid false positive reason
2022-03-16 14:33:18 +01:00
network_connection
fix: more falsepositives harmonization
2022-03-16 14:57:06 +01:00
pipe_created
new susp service installation rules
2022-03-18 16:08:40 +01:00
powershell
Update posh_ps_susp_get_addefaultdomainpasswordpolicy.yml
2022-03-21 12:09:33 +01:00
process_access
Merge branch 'master' into aurora-false-positive-fixing
2022-03-20 17:59:58 +01:00
process_creation
fix: wrong mapping of Windows Audit Log EventID 4688
2022-03-30 11:24:24 +02:00
raw_access_thread
fix: FPs with THOR
2022-03-15 18:05:42 +01:00
registry_add
Update logsource
2022-03-26 16:57:58 +01:00
registry_delete
Registry_delete category
2022-03-26 12:02:37 +01:00
registry_event
fix: wpad decision matches
2022-03-29 19:46:45 +02:00
registry_set
Merge branch 'master' into aurora-false-positive-fixing
2022-03-29 21:06:30 +02:00
sysmon
fix: legitimate --> Legitimate
2022-03-16 14:35:19 +01:00
wmi_event
remove invalid tag
2022-01-19 18:23:30 +01:00