blue-team-tools

Files

T

$frack113$ frack113 ac9ea531ae Merge pull request #1956 from Cyb3rEng/master

Adding Various Rules To Monitor Process Creations in Sysmon, Event Logs & EDR

2021-09-10 10:47:23 +02:00

builtin

Merge pull request #2001 from SigmaHQ/rule-devel

2021-09-08 09:09:58 +02:00

create_remote_thread

Cleanup PS rules

2021-08-21 09:58:58 +02:00

create_stream_hash

Merging upstream updates

2021-07-01 12:18:30 +05:45

deprecated

Merging upstream updates

2021-07-01 12:18:30 +05:45

dns_query

Split global sysmon rules

2021-09-09 16:11:41 +02:00

driver_load

Update cve tags

2021-08-24 10:27:27 +02:00

file_delete

Update cve tags

2021-08-24 10:27:27 +02:00

file_event

Split global sysmon rules

2021-09-09 16:11:41 +02:00

image_load

Update image_load_wmiprvse_wbemcomn_dll_hijack.yml

2021-09-09 19:56:20 +02:00

malware

Update global ID

2021-09-02 21:16:55 +02:00

network_connection

update global id

2021-09-02 21:03:25 +02:00

other

Merge pull request #1979 from frack113/test_global

2021-09-06 08:44:14 +02:00

pipe_created

Various fixes

2021-09-07 23:38:07 +02:00

powershell

Merge pull request #2000 from frack113/split_global

2021-09-08 06:26:35 +02:00

process_access

Various fixes

2021-09-07 23:38:07 +02:00

process_creation

Merge pull request #1956 from Cyb3rEng/master

2021-09-10 10:47:23 +02:00

raw_access_thread

Fix selection with only 1 element

2021-08-14 09:54:27 +02:00

registry_event

Split global sysmon rules

2021-09-09 16:11:41 +02:00

sysmon

Merge pull request #1956 from Cyb3rEng/master

2021-09-10 10:47:23 +02:00

wmi_event

fix: tags for WMI / execution / persistence

2021-09-01 16:34:50 +02:00