blue-team-tools

Files

T

Swachchhanda Shrawan Poudel fa27f1bc54 Merge PR #5224 from @swachchhanda000 - Fix Multiple FPs

update: Elevated System Shell Spawned - Add `powershell_ise`
fix: Potential Binary Or Script Dropper Via PowerShell - Add filter for `C:\Windows\SystemTemp\`
fix: Python Initiated Connection - Enhance python filter
fix: Conhost Spawned By Uncommon Parent Process - Add filter for `'-k wusvcs -p -s WaaSMedicSvc`
update: Elevated System Shell Spawned From Uncommon Parent Location - Add `powershell_ise`
fix: Potential WinAPI Calls Via CommandLine - Add new filter for `CompatTelRunner`
fix: Windows Processes Suspicious Parent Directory - Add new filter for empty parent
fix: Whoami.EXE Execution Anomaly - Add new filter for empty parent
---------

Co-authored-by: Nasreddine Bencherchali <nasreddineb@splunk.com>

2025-04-07 11:05:53 +02:00

file_access

Merge PR #4950 from @nasbench - Comply With v2 Spec Changes

2024-08-12 12:02:50 +02:00

file_change

Merge PR #4950 from @nasbench - Comply With v2 Spec Changes

2024-08-12 12:02:50 +02:00

file_delete

Merge PR #5216 from @nasbench - Promote older rules status from experimental to test

2025-03-05 00:23:27 +01:00

file_event

Merge PR #5224 from @swachchhanda000 - Fix Multiple FPs