blue-team-tools/rules/windows at 992e70032e2b8d12429c9bcfc123d9857d644562 - blue-team-tools - GreySec Git

security-tools/blue-team-tools

Files

T

History

Tobias Michalski 992e70032e fix: Comma in title seems to break splunk search

Most likely it comes from a bad parsing by Sigma2Splunkalert but since it is unmaintained and this is the only rule with a comma in title, this is the easy fix. 

Error in 'inputlookup' command: Invalid argument:
'_Privileged_Console_Access_whitelist.csv'

[| inputlookup "Using_Sticky-keys_To_Obtain_Unauthenticated,_Privileged_Console_Access_whitelist.csv]

2022-04-19 17:22:01 +02:00

..

refactor: proposed changes from issue #2917

2022-04-14 16:57:30 +02:00

create_remote_thread

fix: FPs from fresh Windows 2022 install

2022-04-07 14:15:44 +02:00

create_stream_hash

fix: unknown --> Unknown

2022-03-16 13:43:54 +01:00

Redcannary

2022-04-04 10:57:23 +02:00

fix: legitimate --> Legitimate

2022-03-16 14:35:19 +01:00

fix: errors in file access rule

2022-04-11 11:48:46 +02:00

fix: unknown --> Unknown

2022-03-16 13:43:54 +01:00

fix: MITRE tags

2022-04-13 19:25:11 +02:00

refactor: folder refactoring

2022-04-11 11:35:19 +02:00

fix: Add FP exclusion for vss_ps.dll load

2022-04-07 10:49:10 +02:00

network_connection

feat: Add rule for equation editor network connections

2022-04-14 10:50:10 +02:00

new susp service installation rules

2022-03-18 16:08:40 +01:00

New Redcannary Windows Tests

2022-04-09 18:00:15 +02:00

fix: fixed typo in rule

2022-04-13 19:27:11 +02:00

process_creation

fix: Comma in title seems to break splunk search

2022-04-19 17:22:01 +02:00

raw_access_thread

fix: FPs with THOR

2022-03-15 18:05:42 +01:00

Rename registry_delete_removeal_sd_value_scheduled_task_hide.yml to registry_delete_removal_sd_value_scheduled_task_hide.yml

2022-04-15 20:20:34 +07:00

fix: FPs from fresh Windows install

2022-04-06 16:09:53 +02:00

remove invalid tag

2022-01-19 18:23:30 +01:00