security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a9f22696d8cbfcb5770fbc4f384d733d8d9ee2b0
blue-team-tools/rules/web
T
History
Gott a9f22696d8 Update web_cve_2022_27925_exploit.yml 
consolidated selection logic and stripped "cs-cookie: 'ZM_AUTH_TOKEN'", as it is most likely not logged
2022-08-18 12:27:58 -04:00
..
web_apache_segfault.yml
refactor: first bigger log source refactoring
2022-03-22 17:58:29 +01:00
web_apache_threading_error.yml
Update Ref+Selection
2022-07-11 14:11:53 +01:00
web_cve_2010_5278_exploitation_attempt.yml
chore: test rules: reactivate single value list check
2022-05-10 17:13:04 +02:00
web_cve_2014_6287_hfs_rce.yml
Update web_cve_2014_6287_hfs_rce.yml
2022-07-20 13:26:19 +01:00
web_cve_2018_2894_weblogic_exploit.yml
remove invalid tag
2022-01-19 18:23:30 +01:00
web_cve_2018_13379_fortinet_preauth_read_exploit.yml
Rename Web CVE Rules
2022-06-14 19:22:26 +01:00
web_cve_2019_3398_confluence.yml
Change status for old rules
2021-11-27 11:33:14 +01:00
web_cve_2019_11510_pulsesecure_exploit.yml
Rename Web CVE Rules
2022-06-14 19:22:26 +01:00
web_cve_2019_19781_citrix_exploit.yml
Update Ref+Selection
2022-07-11 14:11:53 +01:00
web_cve_2020_0688_exchange_exploit.yml
Rename Web CVE Rules
2022-06-14 19:22:26 +01:00
web_cve_2020_0688_msexchange.yml
Update selections and indentation
2022-07-07 20:13:45 +01:00
web_cve_2020_3452_cisco_asa_ftd.yml
remove invalid tag
2022-01-19 18:23:30 +01:00
web_cve_2020_5902_f5_bigip.yml
Change status for old rules
2021-11-27 11:33:14 +01:00
web_cve_2020_8193_8195_citrix_exploit.yml
Rename Web CVE Rules
2022-06-14 19:22:26 +01:00
web_cve_2020_10148_solarwinds_exploit.yml
Update web_cve_2020_10148_solarwinds_exploit.yml
2022-08-03 16:38:38 +02:00
web_cve_2020_14882_weblogic_exploit.yml
remove invalid tag
2022-01-19 18:23:30 +01:00
web_cve_2020_28188_terramaster_rce_exploit.yml
refactor: rule level adjustments - critical to high
2022-06-18 17:43:22 +02:00
web_cve_2021_2109_weblogic_rce_exploit.yml
Add cve tags
2021-10-25 18:40:50 +02:00
web_cve_2021_20090_2021_20091_arcadyan_router_exploit.yml
Rename Web CVE Rules
2022-06-14 19:22:26 +01:00
web_cve_2021_21972_vsphere_unauth_rce_exploit.yml
Rename Web CVE Rules
2022-06-14 19:22:26 +01:00
web_cve_2021_21978_vmware_view_planner_exploit.yml
fix: none --> Unknown
2022-03-16 14:19:21 +01:00
web_cve_2021_22005_vmware_file_upload.yml
fix: remove penetration test as valid false positive reason
2022-03-16 14:33:18 +01:00
web_cve_2021_22123_fortinet_exploit.yml
Rename Web CVE Rules
2022-06-14 19:22:26 +01:00
web_cve_2021_22893_pulse_secure_rce_exploit.yml
Update selections and indentation
2022-07-07 20:13:45 +01:00
web_cve_2021_26814_wzuh_rce.yml
Update Ref+Selection 3
2022-07-11 18:12:51 +01:00
web_cve_2021_26858_iis_rce.yml
Add "\" to "Image|endswith" modifier
2022-06-02 13:39:07 +01:00
web_cve_2021_28480_exchange_exploit.yml
Rename Web CVE Rules
2022-06-14 19:22:26 +01:00
web_cve_2021_33766_msexchange_proxytoken.yml
refactor: add 500 status code in selection2
2021-08-30 16:12:42 +02:00
web_cve_2021_40539_adselfservice.yml
Update web_cve_2021_40539_adselfservice.yml
2021-09-20 15:51:21 +02:00
web_cve_2021_40539_manageengine_adselfservice_exploit.yml
refactor: first bigger log source refactoring
2022-03-22 17:58:29 +01:00
web_cve_2021_41773_apache_path_traversal.yml
Fix review
2022-07-11 20:27:42 +01:00
web_cve_2021_42237_sitecore_report_ashx.yml
fix: remove penetration test as valid false positive reason
2022-03-16 14:33:18 +01:00
web_cve_2021_43798_grafana.yml
Add rule CVE-2022-31656
2022-08-12 16:29:52 +01:00
web_cve_2021_44228_log4j_fields.yml
fix: avoid Microsoft Defender detections
2022-02-06 08:56:54 +01:00
web_cve_2021_44228_log4j.yml
fix: FPs noticed in THOR testing
2022-02-21 10:15:27 +01:00
web_cve_2022_27925_exploit.yml
Update web_cve_2022_27925_exploit.yml
2022-08-18 12:27:58 -04:00
web_cve_2022_31656_auth_bypass.yml
Add rule CVE-2022-31656
2022-08-12 16:29:52 +01:00
web_cve_2022_31659_vmware_rce.yml
Update
2022-08-15 00:22:08 +01:00
web_cve_2022_33891_spark_shell_command_injection.yml
Update web_cve_2022_33891_spark_shell_command_injection.yml
2022-07-21 18:02:44 +02:00
web_exchange_exploitation_hafnium.yml
refactor: change all " of them" expressions
2022-01-11 10:59:57 +01:00
web_exchange_proxyshell_successful.yml
rules: ProxyShell refactoring and new rule
2021-08-09 17:57:34 +02:00
web_exchange_proxyshell.yml
fix: typo in description
2021-08-12 10:11:17 +02:00
web_iis_tilt_shortname_scan.yml
Update Ref+Selection
2022-07-11 14:11:53 +01:00
web_java_payload_in_access_logs.yml
Update Ref+Selection 3
2022-07-11 18:12:51 +01:00
web_jndi_exploit.yml
rule: JNDIExploit
2021-12-12 13:16:05 +01:00
web_multiple_susp_resp_codes_single_source.yml
Renamed suspicious in filenames to susp
2022-05-19 09:37:04 +02:00
web_nginx_core_dump.yml
refactor: first bigger log source refactoring
2022-03-22 17:58:29 +01:00
web_path_traversal_exploitation_attempt.yml
fix: remove penetration testing as a valid false positive
2022-03-16 13:51:26 +01:00
web_solarwinds_supernova_webshell.yml
Split PR 1802 fix net rules
2021-08-09 17:23:15 +02:00
web_sonicwall_jarrewrite_exploit.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
web_source_code_enumeration.yml
fix: unknown --> Unknown
2022-03-16 13:43:54 +01:00
web_sql_injection_in_access_logs.yml
fix: too many FPs
2022-07-27 14:18:29 +02:00
web_ssti_in_access_logs.yml
Add FP filter + FP remark
2022-06-15 11:48:15 +01:00
web_susp_useragents.yml
Feature improvement to add an additional known user agent seen in the wild.
2022-07-21 19:28:10 +00:00
web_susp_windows_path_uri.yml
Update web_susp_windows_path_uri.yml
2022-06-07 10:45:06 +02:00
web_unc2546_dewmode_php_webshell.yml
refactor: rule level adjustments - critical to high
2022-06-18 17:43:22 +02:00
web_webshell_regeorg.yml
Rename Web Rule
2022-06-14 19:13:15 +01:00
web_win_webshells_in_access_logs.yml
Quick typo fix
2022-06-15 11:38:34 +01:00
web_xss_in_access_logs.yml
Add FP filter + FP remark
2022-06-15 11:48:15 +01:00