security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c0f1b128331ecb642e1680c52ca091e9ef196f6c
blue-team-tools/rules/windows
T
History
Karneades 68fd20cb66 fix: bound windows event log rules to message field 
Fixed rules
- rules/windows/builtin/win_susp_msmpeng_crash.yml
- rules/windows/builtin/win_alert_active_directory_user_control.yml
- rules/windows/builtin/win_av_relevant_match.yml
- rules/windows/builtin/win_mal_creddumper.yml
- rules/windows/builtin/win_susp_sam_dump.yml
- rules/windows/builtin/win_alert_mimikatz_keywords.yml
- rules/windows/builtin/win_alert_enable_weak_encryption.yml
2019-11-02 11:25:29 +01:00
..
builtin
fix: bound windows event log rules to message field
2019-11-02 11:25:29 +01:00
malware
rules: AV rules updated to reflect 1.7.2 auf AV cheat sheet
2019-10-04 16:17:34 +02:00
other
fix: bound keywords to field in WMI persistence rule
2019-10-29 19:22:41 +01:00
powershell
Merge pull request #508 from Karneades/fixRule3
2019-10-29 22:34:08 +01:00
process_creation
rule: Formbook rule improved
2019-10-31 09:32:18 +01:00
sysmon
rule: svchost dll search order hijack
2019-10-28 12:03:03 +01:00