blue-team-tools

Files

T

$frack113$ frack113 ff37a49dc0 Merge pull request #1930 from SigmaHQ/rule-devel

fix: FPs with whoami rule and 4688 event IDs without parent info

2021-08-27 06:27:30 +02:00

builtin

Merge branch 'master' into feature/AADHealth-Agent-HybridADFSServices

2021-08-26 16:12:38 -04:00

create_remote_thread

Cleanup PS rules

2021-08-21 09:58:58 +02:00

create_stream_hash

Merging upstream updates

2021-07-01 12:18:30 +05:45

deprecated

Merging upstream updates

2021-07-01 12:18:30 +05:45

dns_query

Removed EventID from generic DNS query rule

2021-07-08 07:41:11 +02:00

driver_load

Update cve tags

2021-08-24 10:27:27 +02:00

file_delete

Update cve tags

2021-08-24 10:27:27 +02:00

file_event

fix tags

2021-08-24 12:36:31 +02:00

image_load

Update cve tags

2021-08-24 10:27:27 +02:00

malware

Replace old mitre techniques by new one

2021-08-22 13:57:56 +02:00

network_connection

Merge branch 'master' into master

2021-07-11 00:32:55 +02:00

other

Update win_tool_psexec.yml

2021-08-26 12:51:45 +00:00

pipe_created

add applicable pipe names from regex rule

2021-08-26 14:53:20 +02:00

powershell

fix file name case

2021-08-26 11:15:33 +02:00

process_access

Replace old mitre techniques by new one

2021-08-22 13:57:56 +02:00

process_creation

Merge pull request #1930 from SigmaHQ/rule-devel

2021-08-27 06:27:30 +02:00

raw_access_thread

Fix selection with only 1 element

2021-08-14 09:54:27 +02:00

registry_event

Fix invalid tags

2021-08-25 09:15:57 +02:00

sysmon

Fix invalid tags

2021-08-25 09:15:57 +02:00

wmi_event

Merging upstream updates

2021-07-01 12:18:30 +05:45