security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ca8e778476b3e643ddc72baf7641f299d0b42567
blue-team-tools/rules
T
History
Swachchhanda Shrawan Poudel ca8e778476 Merge PR #5833 from @swachchhanda000 - Fix Multiple FPs based on VT data 
update: Suspicious Creation TXT File in User Desktop - Move to a TH rule
fix: ffice Macro File Creation - Exclude office binaries
fix: Suspicious Msiexec Execute Arbitrary DLL - Make the filter more generic due to the amount of FPs.
fix: Script Interpreter Execution From Suspicious Folder - Add filters for chocolatey
fix: Suspicious Script Execution From Temp Folder - Add filter for chocolatey
fix: Office Autorun Keys Modification - Add filters for shortened paths using tilda
fix Outlook Security Settings Updated - Registry - Exclude the outlook process

---------

Co-authored-by: Nasreddine Bencherchali <monsteroffire2@gmail.com>
2026-04-28 00:10:09 +02:00
..
application
Merge PR #5938 from @marcopedrinazzi - Fix file extension from .yaml to .yml for consistency
2026-04-20 14:44:21 +02:00
category
Merge PR #5477 from @phantinuss - chore: update MITRE tag t1219 to t1219.002
2025-06-13 10:00:52 +02:00
cloud
Merge PR #5799 from @nasbench - Update logic to use errorCode instead for better mapping and accuracy
2025-12-09 10:17:50 +01:00
identity
Merge PR #5964 from @mostafa - Update Okta Rules to use CamelCase fields
2026-04-27 21:55:40 +02:00
linux
Merge PR #5899 from @HueCodes - new: Python Base64 Encoded Inline Command Execution
2026-04-23 14:37:28 +02:00
macos
Merge PR #5791 from @Niicolaa - fix: add correct osascript path
2025-12-09 08:03:04 +05:45
network
Merge PR #5823 from @darses - Update DNS Query to External Service Interaction Domains
2026-01-24 12:37:27 +01:00
web
Merge PR #5769 from @nasbench - fix keywords rule and remove the fields field
2025-11-24 09:54:29 +01:00
windows
Merge PR #5833 from @swachchhanda000 - Fix Multiple FPs based on VT data
2026-04-28 00:10:09 +02:00
README.md
chore: move more rules
2023-04-21 15:01:48 +02:00

README.md

TBD

Reference in New Issue View Git Blame Copy Permalink