security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f80cf52982e902f46fbc47a4568262afeb7583b4
blue-team-tools/rules
T
History
Florian Roth f80cf52982 Expired happens too often 
Back then when we created this rule, we noticed that "logon attempt with expired account" happens pretty often, so we decided to not include it. All event codes in this rule did not appear in a 30 day time period and therefore the rule's "level" was set to "high".
2019-03-02 07:20:59 +01:00
..
application
Fixes for Elasticsearch query correctness CI tests
2018-04-09 22:33:29 +02:00
apt
Rule: BabyShark activity
2019-02-24 14:04:44 +01:00
linux
Rule: removed overlapping strings in Linux rule
2019-02-05 16:12:07 +01:00
network
Fixed ATT&CK tagging
2018-08-08 15:58:19 +02:00
proxy
Rule: Suspicious Windows NT 9 UA
2019-02-12 10:33:33 +01:00
web
Rule: Apache threading errors
2019-01-22 08:49:10 +01:00
windows
Expired happens too often
2019-03-02 07:20:59 +01:00