blue-team-tools

Files

T

David Hazekamp bc26970596 fix(rule): lnx_dd_file_overwrite /bin symlinks

This rule is subject to false negatives for *nix distros which
alias /bin to /usr/bin.  By using endswith we can catch dd usage
for either /bin or /usr/bin.

2022-06-06 09:27:27 -05:00

proc_creation_lnx_at_command.yml

Mitre Update

2022-05-26 18:39:42 +02:00

proc_creation_lnx_atlassian_confluence_cve_2022_26134.yml

Update proc_creation_lnx_atlassian_confluence_cve_2022_26134.yml

2022-06-03 08:38:24 +01:00

proc_creation_lnx_base64_decode.yml

refactor condition

2022-06-03 15:35:24 +02:00

proc_creation_lnx_bpftrace_unsafe_option_usage.yml

chore: test rules: reactivate single value list check

2022-05-10 17:13:04 +02:00

proc_creation_lnx_clear_logs.yml

Normalization of rule names

2022-02-22 11:16:31 +01:00

proc_creation_lnx_clear_syslog.yml

Normalization of rule names

2022-02-22 11:16:31 +01:00

proc_creation_lnx_clipboard_collection.yml

Normalization of rule names

2022-02-22 11:16:31 +01:00

proc_creation_lnx_crypto_mining.yml

Normalization of rule names

2022-02-22 11:16:31 +01:00

proc_creation_lnx_dd_file_overwrite.yml

fix(rule): lnx_dd_file_overwrite /bin symlinks

2022-06-06 09:27:27 -05:00

proc_creation_lnx_doas_execution.yml

Normalization of rule names

2022-02-22 11:16:31 +01:00

proc_creation_lnx_file_and_directory_discovery.yml

Normalization of rule names

2022-02-22 11:16:31 +01:00

proc_creation_lnx_file_deletion.yml

Normalization of rule names

2022-02-22 11:16:31 +01:00

proc_creation_lnx_install_root_certificate.yml

Normalization of rule names

2022-02-22 11:16:31 +01:00

proc_creation_lnx_local_account.yml

chore: test rules: reactivate single value list check

2022-05-10 17:13:04 +02:00

proc_creation_lnx_local_groups.yml

chore: test rules: reactivate single value list check

2022-05-10 17:13:04 +02:00

proc_creation_lnx_network_service_scanning.yml

Normalization of rule names

2022-02-22 11:16:31 +01:00

proc_creation_lnx_omigod_scx_runasprovider_executescript.yml

Normalization of rule names

2022-02-22 11:16:31 +01:00

proc_creation_lnx_omigod_scx_runasprovider_executeshellcommand.yml

Normalization of rule names

2022-02-22 11:16:31 +01:00

proc_creation_lnx_process_discovery.yml

Normalization of rule names

2022-02-22 11:16:31 +01:00

proc_creation_lnx_python_pty_spawn.yml

fix: avoid regex, not actually needed

2022-06-03 14:55:09 +02:00

proc_creation_lnx_remote_system_discovery.yml

Normalization of rule names

2022-02-22 11:16:31 +01:00

proc_creation_lnx_schedule_task_job_cron.yml

chore: test rules: reactivate single value list check

2022-05-10 17:13:04 +02:00

proc_creation_lnx_security_software_discovery.yml

Normalization of rule names

2022-02-22 11:16:31 +01:00

proc_creation_lnx_security_tools_disabling.yml

Normalization of rule names

2022-02-22 11:16:31 +01:00

proc_creation_lnx_susp_interactive_bash.yml

rules: suspicious linux patterns

2022-03-14 12:01:52 +01:00

proc_creation_lnx_susp_java_children.yml

Quick Update

2022-06-03 08:31:53 +01:00

proc_creation_lnx_susp_pipe_shell.yml

rules: suspicious linux patterns

2022-03-14 12:01:52 +01:00

proc_creation_lnx_system_info_discovery.yml

Normalization of rule names

2022-02-22 11:16:31 +01:00

proc_creation_lnx_system_network_connections_discovery.yml

Normalization of rule names

2022-02-22 11:16:31 +01:00

proc_creation_lnx_system_network_discovery.yml

Normalization of rule names

2022-02-22 11:16:31 +01:00

proc_creation_lnx_webshell_detection.yml

chore: reduce rule level

2022-06-03 12:17:33 +02:00