blue-team-tools

Files

T

Florian Roth bea6f18d35 Merge pull request #3024 from redsand/win_system_susp_eventlog_cleared

Making a derived detection for system/application/security event logs…

2022-05-20 20:56:00 +02:00

application

fix: missing modified date mod

2022-05-16 17:24:26 +02:00

applocker

chore: test rules: capitalization on FP list entries

2022-05-09 16:07:44 +02:00

bits_client

Add Bits-Client rules

2022-03-03 06:27:00 +01:00

code_integrity

move to builtin

2022-01-21 11:59:13 +01:00

dns_server

fix: unknown --> Unknown

2022-03-16 13:43:54 +01:00

driverframeworks

move to builtin

2022-01-21 11:59:13 +01:00

firewall_as

fix: FPs from fresh Windows 2022 install

2022-04-07 14:15:44 +02:00

ldap

move to builtin

2022-01-21 11:59:13 +01:00

msexchange

fix: legitimate --> Legitimate

2022-03-16 14:35:19 +01:00

ntlm

Update win_susp_ntlm_brute_force.yml

2022-02-03 22:02:33 +01:00

printservice

move to builtin

2022-01-21 11:59:13 +01:00

security

Renamed suspicious in filenames to susp

2022-05-19 09:37:04 +02:00

servicebus

move to builtin

2022-01-21 11:59:13 +01:00

smbclient

move to builtin

2022-01-21 11:59:13 +01:00

system

Merge pull request #3024 from redsand/win_system_susp_eventlog_cleared

2022-05-20 20:56:00 +02:00

taskscheduler

fix: several issues

2022-05-12 17:30:30 +02:00

terminalservices

fix: description

2022-04-29 13:10:36 +02:00

windefend

chore: test rules: reactivate single value list check

2022-05-10 17:13:04 +02:00

wmi

fix: several FPs against a fresh installed Windows with example applications and basic user interaction 2

2022-02-10 16:12:17 +01:00

win_alert_mimikatz_keywords.yml

fix: remove penetration test as valid false positive reason

2022-03-16 14:33:18 +01:00

win_susp_logon_newcredentials.yml

feat: Generate low sigma match for new credential logon

2022-04-07 10:50:50 +02:00