blue-team-tools

Files

T

Cyb3rEng fe9b91c504 Completed changes to selection1

changed to the following to follow rule creation guidelines:
    - Image|endswith: '\wbem\WMIC.exe'
    - ProcessCommandLine|contains: 'wmic '

2021-09-08 21:26:01 -06:00

builtin

Merge pull request #2001 from SigmaHQ/rule-devel

2021-09-08 09:09:58 +02:00

create_remote_thread

Cleanup PS rules

2021-08-21 09:58:58 +02:00

create_stream_hash

Merging upstream updates

2021-07-01 12:18:30 +05:45

deprecated

Merging upstream updates

2021-07-01 12:18:30 +05:45

dns_query

Removed EventID from generic DNS query rule

2021-07-08 07:41:11 +02:00

driver_load

Update cve tags

2021-08-24 10:27:27 +02:00

file_delete

Update cve tags

2021-08-24 10:27:27 +02:00

file_event

Merge pull request #1979 from frack113/test_global

2021-09-06 08:44:14 +02:00

image_load

Merge branch 'fix'

2021-09-08 00:19:09 +02:00

malware

Update global ID

2021-09-02 21:16:55 +02:00

network_connection

update global id

2021-09-02 21:03:25 +02:00

other

Merge pull request #1979 from frack113/test_global

2021-09-06 08:44:14 +02:00

pipe_created

Various fixes

2021-09-07 23:38:07 +02:00

powershell

Merge pull request #2000 from frack113/split_global

2021-09-08 06:26:35 +02:00

process_access

Various fixes

2021-09-07 23:38:07 +02:00

process_creation

Changed the category

2021-09-08 21:22:26 -06:00

raw_access_thread

Fix selection with only 1 element

2021-08-14 09:54:27 +02:00

registry_event

Merge pull request #1979 from frack113/test_global

2021-09-06 08:44:14 +02:00

sysmon

Completed changes to selection1

2021-09-08 21:26:01 -06:00

wmi_event

fix: tags for WMI / execution / persistence

2021-09-01 16:34:50 +02:00