blue-team-tools

Files

T

Nasreddine Bencherchali ddcccfe4d3 Merge PR #5757 from @nasbench - Clone #5504

update: Potentially Suspicious NTFS Symlink Behavior Modification - Tighten logic to focus on proxy process such as cmd or powershell

---------

Co-authored-by: Swachchhanda Shrawan Poudel <87493836+swachchhanda000@users.noreply.github.com>

2025-11-17 12:23:57 +05:45

builtin

Merge PR #5740 from @swachchhanda000 - chore: reorganize threat specific rules into rules-emerging-threats directory

2025-11-10 12:00:08 +01:00

create_remote_thread

chore: ci: bump validator version (#5722 )

2025-10-23 15:43:47 +02:00

create_stream_hash

Merge PR #5637 from @nasbench - Promote older rules status from experimental to test

2025-09-22 11:41:37 +02:00

dns_query

chore: ci: bump validator version (#5722 )

2025-10-23 15:43:47 +02:00

driver_load

chore: ci: bump validator version (#5722 )

2025-10-23 15:43:47 +02:00

file

Merge PR #5733 from @nasbench - fix windash issues and some renames

2025-11-10 12:12:34 +01:00

image_load

Merge PR #5598 from @swachchhanda000 - filter FPs on multiple rules

2025-11-10 13:52:54 +01:00

network_connection

chore: ci: bump validator version (#5722 )

2025-10-23 15:43:47 +02:00

pipe_created

chore: ci: bump validator version (#5722 )

2025-10-23 15:43:47 +02:00

powershell

Merge PR #5708 from @nasbench - Multiple updates and issue fixes

2025-10-29 11:45:19 +01:00

process_access

chore: ci: bump validator version (#5722 )

2025-10-23 15:43:47 +02:00

process_creation

Merge PR #5757 from @nasbench - Clone #5504

2025-11-17 12:23:57 +05:45

process_tampering

Merge PR #5027 from @nasbench - Promote older rules status from experimental to test

2024-10-01 14:56:09 +02:00

raw_access_thread

Merge PR #5639 from @swachchhanda000 - Fix some more fps found in prod

2025-09-22 11:46:48 +02:00

registry

Merge PR #5756 from @phantinuss - add a check for duplicate IDs over all rules that ever existed

2025-11-13 14:22:02 +01:00

sysmon

Merge PR #4950 from @nasbench - Comply With v2 Spec Changes

2024-08-12 12:02:50 +02:00

wmi_event

chore: ci: bump validator version (#5722 )

2025-10-23 15:43:47 +02:00