security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7f83008e9ee84ce0e2bcb1474dc002b41cdfe8a5
blue-team-tools/rules
T
History
Mohamed Ashraf 7f83008e9e Merge PR #5173 from @X-Junior - New rule additions and some fixes 
new: Clfs.SYS Loaded By Process Located In a Potential Suspicious Location
fix: Python Initiated Connection - Add filter for `pip install`
fix: Python Inline Command Execution - Add filter for whl package installations
---------

Co-authored-by: Nasreddine Bencherchali <nasreddineb@splunk.com>
2025-02-22 23:57:41 +01:00
..
application
Merge PR #5177 from @nasbench - promote older rules status from experimental to test
2025-02-03 18:23:12 +01:00
category
Merge PR #5068 from @ruppde - Update rules in the Antivirus category with additional strings and signature names
2024-11-04 11:45:07 +01:00
cloud
Merge PR #5157 from @joshnck - Add Azure Login Bypassing Conditional Access Policies
2025-01-19 22:00:59 +01:00
compliance
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
linux
Merge PR #5177 from @nasbench - promote older rules status from experimental to test
2025-02-03 18:23:12 +01:00
macos
Merge PR #5177 from @nasbench - promote older rules status from experimental to test
2025-02-03 18:23:12 +01:00
network
Merge PR #5064 from @Koifman - Add missing ATT&CK tag to Monero Crypto Coin Mining Pool Lookup
2024-11-04 11:32:02 +01:00
web
Merge PR #5164 from @Neo23x0 - Update Exploit Framework User Agent
2025-01-19 21:42:40 +01:00
windows
Merge PR #5173 from @X-Junior - New rule additions and some fixes
2025-02-22 23:57:41 +01:00
README.md
chore: move more rules
2023-04-21 15:01:48 +02:00

README.md

TBD

Reference in New Issue View Git Blame Copy Permalink