security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ff4dee3c50da67fcea35ff7c02e96104d1468cd1
blue-team-tools/rules
T
History
ahouspan ff4dee3c50 Merge PR #4650 from @ahouspan - Process Creation Cmdline Matches Patterns Observed in Pikabot Infections 
new: Potential Pikabot Infection - Suspicious Command Combinations Via Cmd.EXE
updated: Cscript/Wscript Potentially Suspicious Child Process - WScript.exe Spawns RunDll32.exe

---------

Co-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
2024-01-10 14:37:20 +01:00
..
application
chore: promote older rules status from experimental to test (#4651)
2024-01-01 09:00:51 +01:00
category
Merge PR #4533 from @nasbench - Promote experimental rules
2023-11-02 10:48:45 +01:00
cloud
Merge PR #4611 from @nasbench - Promote Older Rules Status From experimental To test
2023-12-01 12:50:36 +01:00
compliance
feat: filename test enhancements (#3812)
2022-12-23 09:25:16 +01:00
linux
chore: promote older rules status from experimental to test (#4651)
2024-01-01 09:00:51 +01:00
macos
Merge PR #4649 from @slincoln-aiq - System Information Discovery Using System_Profiler
2024-01-10 14:29:49 +01:00
network
Merge PR #4597 from @nasbench - Update Process Access Rules
2023-12-04 01:14:15 +01:00
web
Merge PR #4614 from @X-Junior - updates for multiple rules 4-12-2023
2023-12-11 10:42:44 +01:00
windows
Merge PR #4650 from @ahouspan - Process Creation Cmdline Matches Patterns Observed in Pikabot Infections
2024-01-10 14:37:20 +01:00
README.md
chore: move more rules
2023-04-21 15:01:48 +02:00

README.md

TBD

Reference in New Issue View Git Blame Copy Permalink