security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 45 Packages Projects Releases Wiki Activity
Files
ad80b4d75f603805d1d71b022f2bc9916fff4a8b
blue-team-tools/rules-threat-hunting
T
History
David J 7cf06feeea Merge PR #5859 from @davidljohnson - Update VBS/A related rules 
update: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript - Add entry for .wsh files
update: WScript or CScript Dropper - File - Enhance coverage with multiple file paths and extesnions
update: Potentially Suspicious Powershell Script Execution From Temp Folder - Reduce level to medium and enhance metadata
update: Script Interpreter Execution From Suspicious Folder - Add additional file path for coverage and enhance metadata
update: Potential Dropper Script Execution Via WScript/CScript/MSHTA - Add additional file path and extension for coverage and enhance metadata
---------

Co-authored-by: Swachchhanda Shrawan Poudel <87493836+swachchhanda000@users.noreply.github.com>
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
2026-04-28 01:37:10 +02:00
..
cloud
Merge PR #5917 from @marcopedrinazzi - Add Azure Sign-In With Axios User Agent
2026-04-28 00:55:15 +02:00
linux
Merge PR #5627 from @tsale - Filename with Embedded Base64 Commands
2025-11-24 15:33:42 +01:00
macos
Merge PR #5448 from @nasbench - Promote older rules status from experimental to test
2025-06-02 13:29:48 +02:00
network
Merge PR #5588 from @ norbert791 - Low Reputation Effective Top-Level Domain (eTLD)
2025-09-22 12:26:22 +02:00
web/proxy_generic
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
windows
Merge PR #5859 from @davidljohnson - Update VBS/A related rules
2026-04-28 01:37:10 +02:00
README.md
chore: move more rules
2023-04-21 15:01:48 +02:00

README.md

TBD

Reference in New Issue View Git Blame Copy Permalink