paulmataruso/main
1
0
Fork 0
mirror of https://github.com/socfortress/Wazuh-Rules.git synced 2025-11-02 21:03:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
504 Commits 1 Branch 1 Tag
1b97650e8f0f84531ed04de129b64e7623218b80
Commit Graph

504 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
taylor_socfortress
1b97650e8f Create 200900-wazuh_inventory.xml 2023-07-10 13:26:22 -05:00
taylor_socfortress
0f0a41c920 Update 200970-phishing.xml 2023-07-03 14:43:14 -05:00
taylor_socfortress
5cd899ca39 Update 200970-phishing.xml 2023-07-03 11:57:24 -05:00
taylor_socfortress
e7443b2f28 Update 106101-MITRE_TECHNIQUES_FROM_SYSMON_EVENT7.xml 2023-06-20 08:49:21 -05:00
taylor_socfortress
d2d4e24090 Update 900000-exclusion_rules.xml 2023-06-20 08:38:08 -05:00
taylor_socfortress
bbbc9eb0ef Update 900000-exclusion_rules.xml 2023-06-20 08:33:00 -05:00
taylor_socfortress
2ca470be98 Update 900000-exclusion_rules.xml 2023-06-20 08:29:55 -05:00
taylor_socfortress
6bb89a23db Update 200200-osquery.xml 
Mac OS es_process_events support
 2023-06-20 07:55:34 -05:00
taylor_socfortress
2fbac2f3d0 Update 900000-exclusion_rules.xml 2023-06-19 14:18:16 -05:00
taylor_socfortress
15fbdb7e61 Update 106101-MITRE_TECHNIQUES_FROM_SYSMON_EVENT7.xml 2023-06-19 14:11:50 -05:00
taylor_socfortress
c0c398727f Update 200200-osquery.xml 2023-06-16 13:15:59 -05:00
taylor_socfortress
3baea3cef2 Update 900000-exclusion_rules.xml 2023-06-16 11:00:58 -05:00
taylor_socfortress
6424339dd2 Update 100100-MITRE_TECHNIQUES_FROM_SYSMON_EVENT1.xml 
Excluding Windows Defender to update Threat Feeds
 2023-06-14 15:06:23 -05:00
taylor_socfortress
988199bf8a Update 102101-MITRE_TECHNIQUES_FROM_SYSMON_EVENT3.xml 
Overwriting wazuh default rules 92101 and 92102
 2023-06-14 14:39:30 -05:00
taylor_socfortress
d4a842e137 Update 900000-exclusion_rules.xml 2023-06-12 08:55:48 -05:00
taylor_socfortress
6b9efac58f Update 900000-exclusion_rules.xml 2023-06-09 09:40:07 -05:00
taylor_socfortress
625908abee Update 200980-socfortress.xml 2023-05-26 15:00:30 -05:00
taylor_socfortress
cfd7ee8d1e Update 200050-chainsaw_sigma_rules.xml 2023-05-25 08:43:04 -05:00
Taylor
aac9ac18d0 Remove support for Wazuh-Manager lower than 4.2 2023-05-22 08:58:54 -05:00
taylor_socfortress
6474035ad7 Update 900000-exclusion_rules.xml 2023-05-20 08:37:01 -05:00
taylor_socfortress
5a8022229a Update 900000-exclusion_rules.xml 2023-05-20 08:33:34 -05:00
taylor_socfortress
54d1d1760d Update 900000-exclusion_rules.xml 2023-05-20 08:30:13 -05:00
taylor_socfortress
17fe087006 Update wazuh_socfortress_rules.sh 
Added 4.4.2 check
 2023-05-19 08:32:34 -05:00
taylor_socfortress
bd34ce664f Update 200200-osquery.xml 
Drop 200283 to level 10
 2023-05-17 09:23:34 -05:00
taylor_socfortress
235c5cb83b Update 900000-exclusion_rules.xml 2023-05-17 09:22:28 -05:00
taylor_socfortress
e5844b31ac Create common-ports 2023-05-10 07:42:28 -05:00
taylor_socfortress
04ce150ac0 Update 109100-win_sysmon_new_events.xml 
Adding Overwrite=yes
 2023-05-09 09:43:28 -05:00
taylor_socfortress
f8788e5c9b Update 200990-healthcheck.xml 2023-04-27 11:50:34 -05:00
taylor_socfortress
dc899d97df Update 100100-MITRE_TECHNIQUES_FROM_SYSMON_EVENT1.xml 2023-04-27 10:11:44 -05:00
taylor_socfortress
59f0340b13 Create config.yml 2023-04-25 15:12:15 -05:00
taylor_socfortress
e711b221b7 Create wazuh-certs-tool.sh 2023-04-25 15:10:57 -05:00
taylor_socfortress
7bcf91ea02 Update 900000-exclusion_rules.xml 
Added `92204,92213` based off of comments in PR: https://github.com/socfortress/Wazuh-Rules/pull/11
 2023-04-10 09:52:02 -05:00
taylor_socfortress
a8cc90d542 Merge pull request #11 from gnordli/patch-1 
Update 900000-exclusion_rules.xml
 2023-04-10 09:50:14 -05:00
taylor_socfortress
6c9413b703 Create 201015-software.xml 2023-04-09 16:05:51 -05:00
gnordli
5f9d64410c Update 900000-exclusion_rules.xml 
In Wazuh 4.4 92204 is for powershell creating executables, but 92213 is for any process to create an executable.  
Maybe it could be <if_sid>92204,92213</if_sid> to cover off both scenarios.  
Even level 8 may be high for this type of activity.
 2023-04-09 11:14:01 -07:00
taylor_socfortress
4b31ecd015 Create 201010-ad_inventory.xml 2023-04-01 18:30:20 -05:00
taylor_socfortress
dfcac3ee28 Update 201000-pentest-tools.xml 2023-03-30 14:20:14 -05:00
taylor_socfortress
4369f7a5ed Create 201000-pentest-tools.xml 2023-03-30 14:16:10 -05:00
taylor_socfortress
35030cf480 Create 200990-healthcheck.xml 
Added SOCFortress healthcheck rules
 2023-03-29 08:54:46 -05:00
taylor_socfortress
3a155ad07e Create 200980-socfortress.xml 2023-03-24 13:17:24 -05:00
taylor_socfortress
29cbe00e86 Update wazuh_socfortress_rules.sh 2023-03-23 07:06:03 -05:00
taylor_socfortress
220bc35b3e Create maltrail_decoders.xml 2023-03-23 07:05:08 -05:00
taylor_socfortress
13a0ff9147 Update README.MD 2023-03-23 07:04:30 -05:00
taylor_socfortress
f438fdf966 Create 100630-maltrail.xml 2023-03-23 07:03:45 -05:00
taylor_socfortress
571f2ef1b9 Create README.MD 2023-03-23 06:59:42 -05:00
taylor_socfortress
7e5acdb34f Create 2023-03-19 08:39:51 -05:00
taylor_socfortress
96a89fd198 Update wazuh_socfortress_rules.sh 2023-03-17 19:10:05 -05:00
taylor_socfortress
be4cfb2308 Update README.md 2023-03-17 19:09:02 -05:00
taylor_socfortress
1e899e66cf Create 2023-03-17 19:08:02 -05:00
taylor_socfortress
7aa8ce0b93 Create 2023-03-17 19:07:34 -05:00