paulmataruso/main
1
0
Fork 0
mirror of https://github.com/socfortress/Wazuh-Rules.git synced 2025-11-02 21:03:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
517 Commits 1 Branch 1 Tag
7df81adb8a5935abe5039ad7ed2654b4f1a5039e
Commit Graph

517 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
protocolpaladin
7df81adb8a Update custom-opencti.py 
Correction and update compatibility OPENCTI integration python script to last version.
 2023-08-09 22:38:07 +02:00
taylor_socfortress
c213dccf24 Update 900000-exclusion_rules.xml 2023-08-06 08:38:45 -05:00
taylor_socfortress
487b686abe Update 900000-exclusion_rules.xml 2023-08-06 08:26:23 -05:00
taylor_socfortress
ed723002c4 Update 900000-exclusion_rules.xml 2023-08-06 08:20:14 -05:00
taylor_socfortress
2269239f80 Create README.MD 2023-08-04 10:26:28 -05:00
taylor_socfortress
c1593905b0 Update 300100-cisco_secure_endpoint.xml 2023-08-04 10:25:49 -05:00
taylor_socfortress
38d7481e90 Update 900000-exclusion_rules.xml 2023-08-04 08:53:55 -05:00
taylor_socfortress
82f26defba Update 900000-exclusion_rules.xml 2023-08-04 08:44:37 -05:00
taylor_socfortress
8dcfa4b095 Update 900000-exclusion_rules.xml 2023-08-04 08:11:16 -05:00
taylor_socfortress
2dfc107029 Update 900000-exclusion_rules.xml 2023-08-04 08:09:33 -05:00
taylor_socfortress
3410e672a2 Create 300100-cisco_secure_endpoint.xml 2023-08-03 18:27:34 -05:00
taylor_socfortress
a4763a5ff5 Update 108000-office365.xml 2023-08-03 09:29:37 -05:00
taylor_socfortress
cd30252b99 Update 900000-exclusion_rules.xml 2023-08-01 12:15:26 -05:00
taylor_socfortress
1b97650e8f Create 200900-wazuh_inventory.xml 2023-07-10 13:26:22 -05:00
taylor_socfortress
0f0a41c920 Update 200970-phishing.xml 2023-07-03 14:43:14 -05:00
taylor_socfortress
5cd899ca39 Update 200970-phishing.xml 2023-07-03 11:57:24 -05:00
taylor_socfortress
e7443b2f28 Update 106101-MITRE_TECHNIQUES_FROM_SYSMON_EVENT7.xml 2023-06-20 08:49:21 -05:00
taylor_socfortress
d2d4e24090 Update 900000-exclusion_rules.xml 2023-06-20 08:38:08 -05:00
taylor_socfortress
bbbc9eb0ef Update 900000-exclusion_rules.xml 2023-06-20 08:33:00 -05:00
taylor_socfortress
2ca470be98 Update 900000-exclusion_rules.xml 2023-06-20 08:29:55 -05:00
taylor_socfortress
6bb89a23db Update 200200-osquery.xml 
Mac OS es_process_events support
 2023-06-20 07:55:34 -05:00
taylor_socfortress
2fbac2f3d0 Update 900000-exclusion_rules.xml 2023-06-19 14:18:16 -05:00
taylor_socfortress
15fbdb7e61 Update 106101-MITRE_TECHNIQUES_FROM_SYSMON_EVENT7.xml 2023-06-19 14:11:50 -05:00
taylor_socfortress
c0c398727f Update 200200-osquery.xml 2023-06-16 13:15:59 -05:00
taylor_socfortress
3baea3cef2 Update 900000-exclusion_rules.xml 2023-06-16 11:00:58 -05:00
taylor_socfortress
6424339dd2 Update 100100-MITRE_TECHNIQUES_FROM_SYSMON_EVENT1.xml 
Excluding Windows Defender to update Threat Feeds
 2023-06-14 15:06:23 -05:00
taylor_socfortress
988199bf8a Update 102101-MITRE_TECHNIQUES_FROM_SYSMON_EVENT3.xml 
Overwriting wazuh default rules 92101 and 92102
 2023-06-14 14:39:30 -05:00
taylor_socfortress
d4a842e137 Update 900000-exclusion_rules.xml 2023-06-12 08:55:48 -05:00
taylor_socfortress
6b9efac58f Update 900000-exclusion_rules.xml 2023-06-09 09:40:07 -05:00
taylor_socfortress
625908abee Update 200980-socfortress.xml 2023-05-26 15:00:30 -05:00
taylor_socfortress
cfd7ee8d1e Update 200050-chainsaw_sigma_rules.xml 2023-05-25 08:43:04 -05:00
Taylor
aac9ac18d0 Remove support for Wazuh-Manager lower than 4.2 2023-05-22 08:58:54 -05:00
taylor_socfortress
6474035ad7 Update 900000-exclusion_rules.xml 2023-05-20 08:37:01 -05:00
taylor_socfortress
5a8022229a Update 900000-exclusion_rules.xml 2023-05-20 08:33:34 -05:00
taylor_socfortress
54d1d1760d Update 900000-exclusion_rules.xml 2023-05-20 08:30:13 -05:00
taylor_socfortress
17fe087006 Update wazuh_socfortress_rules.sh 
Added 4.4.2 check
 2023-05-19 08:32:34 -05:00
taylor_socfortress
bd34ce664f Update 200200-osquery.xml 
Drop 200283 to level 10
 2023-05-17 09:23:34 -05:00
taylor_socfortress
235c5cb83b Update 900000-exclusion_rules.xml 2023-05-17 09:22:28 -05:00
taylor_socfortress
e5844b31ac Create common-ports 2023-05-10 07:42:28 -05:00
taylor_socfortress
04ce150ac0 Update 109100-win_sysmon_new_events.xml 
Adding Overwrite=yes
 2023-05-09 09:43:28 -05:00
taylor_socfortress
f8788e5c9b Update 200990-healthcheck.xml 2023-04-27 11:50:34 -05:00
taylor_socfortress
dc899d97df Update 100100-MITRE_TECHNIQUES_FROM_SYSMON_EVENT1.xml 2023-04-27 10:11:44 -05:00
taylor_socfortress
59f0340b13 Create config.yml 2023-04-25 15:12:15 -05:00
taylor_socfortress
e711b221b7 Create wazuh-certs-tool.sh 2023-04-25 15:10:57 -05:00
taylor_socfortress
7bcf91ea02 Update 900000-exclusion_rules.xml 
Added `92204,92213` based off of comments in PR: https://github.com/socfortress/Wazuh-Rules/pull/11
 2023-04-10 09:52:02 -05:00
taylor_socfortress
a8cc90d542 Merge pull request #11 from gnordli/patch-1 
Update 900000-exclusion_rules.xml
 2023-04-10 09:50:14 -05:00
taylor_socfortress
6c9413b703 Create 201015-software.xml 2023-04-09 16:05:51 -05:00
gnordli
5f9d64410c Update 900000-exclusion_rules.xml 
In Wazuh 4.4 92204 is for powershell creating executables, but 92213 is for any process to create an executable.  
Maybe it could be <if_sid>92204,92213</if_sid> to cover off both scenarios.  
Even level 8 may be high for this type of activity.
 2023-04-09 11:14:01 -07:00
taylor_socfortress
4b31ecd015 Create 201010-ad_inventory.xml 2023-04-01 18:30:20 -05:00
taylor_socfortress
dfcac3ee28 Update 201000-pentest-tools.xml 2023-03-30 14:20:14 -05:00