security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,994 Commits 1 Branch 57 Tags
01dc930c173e329c191245b76f05de5fa4b5da21
Commit Graph

115 Commits

Author SHA1 Message Date
frack113 7f66081288 Merge pull request #2201 from redsand/HAWK_Backend 
Hawk backend
 2021-10-27 06:30:13 +02:00
Tim Shelton 860b4b2bb9 adding hawk to makefile fore coverage 2021-10-26 20:26:29 +00:00
frack113 6ce82ab780 Add athena coverage 2021-10-26 19:37:22 +02:00
frack113 8ad2c722d6 add uberagent COVERAGE 2021-08-29 12:19:49 +02:00
frack113 2e79998cc7 add devo COVERAGE 2021-08-29 11:47:47 +02:00
frack113 83e2f3640c add lacework backend 2021-08-29 09:24:43 +02:00
Gábor Lipták d2592ee0b6 Add yamllint to GHA 
Signed-off-by: Gábor Lipták <gliptak@gmail.com>
 2021-07-26 21:26:16 -04:00
mf1d3l 681accf2ba add splunkdm to Makefile 2021-07-10 22:23:15 +02:00
Thomas Patzke c13f3f1383 Merge pull request #1325 from dennispo/align-simac-stixshifter 
sigmac to STIX enhancements
 2021-03-13 18:49:12 +01:00
vh 7eeed68fb4 Chronicle Security Backend contributed by SOC Prime. 2021-03-12 12:21:44 +02:00
Dennis Potashnik 5143cbeaa7 Fixed sigmac stix test invocation 2021-02-08 12:23:57 +02:00
Thomas Patzke 0ed54a6cae Merge pull request #1290 from arollyson/helix_backend 
Backend: FireEye Helix
 2020-11-21 00:06:19 +01:00
Alek Rollyson 83b8af6cd2 Add FirEye Helix backend 2020-11-19 11:18:28 -05:00
Florian Roth 9944c0e563 Merge branch 'master' into pr/1267 2020-11-17 14:33:55 +01:00
Jonhnathan 9173fb2cb9 Update Makefile 2020-11-01 21:28:26 -03:00
Thomas Patzke 16d63cc5d2 Decreased coverage requirement 2020-10-23 20:17:58 +02:00
Thomas Patzke e30237c5c5 Fixed test configuration 2020-10-23 19:30:59 +02:00
Thomas Patzke 2fb7dd5e99 Fixes 
* Removed Splunk regex query
* Added test for sumologic-cse backend
 2020-10-23 15:31:00 +02:00
Thomas Patzke b0ccf44243 Added test 2020-09-15 12:42:37 +02:00
Thomas Patzke 64961c6d42 Added test 2020-09-15 09:06:02 +02:00
Thomas Patzke bd9410fe06 Added CI test 2020-07-07 23:46:49 +02:00
bar 35bb8df0b5 updated makefile with stix coverage cmd 2020-07-07 16:39:59 +03:00
Thomas Patzke f907c49ab5 Improved test coverage 
* Added test case
* Removed unused code
 2020-06-13 01:11:08 +02:00
Thomas Patzke 915ea1cc67 Merge branch 'script_entry_points' into master 2020-06-10 00:51:47 +02:00
Thomas Patzke 1d211565fc Moved backend options list to --backend-help 2020-06-06 00:56:00 +02:00
Jonas Plum 3a6ac5bd5c Remove unused function 2020-05-30 01:57:06 +02:00
Jonas Plum 5cc82d0f05 Move testcase 2020-05-30 00:56:06 +02:00
Jonas Plum 4a8ab88ade Fix test path 2020-05-30 00:15:38 +02:00
Jonas Plum 70935d26ce Add license header 2020-05-29 23:56:05 +02:00
Jonas Hagg abf1a2c6d7 Adjusted Makefile 2020-05-25 11:58:55 +02:00
Thomas Patzke daf7ab5ff7 Cleanup: removal of corelight_* backends 2020-05-24 22:41:38 +02:00
Thomas Patzke d45f8e19fe Fixes 2020-05-24 21:46:55 +02:00
Tiago Faria 06abd6e76a added ci tests for ecs-cloudtrail 2020-05-14 14:03:23 +01:00
Remco Hofman c5c5e1b79b Added ee-outliers test to Makefile 2020-05-08 17:51:35 +02:00
Florian Roth 030898ba9c Merge branch 'master' into override-coverage 2020-05-02 14:22:03 +02:00
Thomas Patzke 72c2241bb4 Cleanup 
* Added CI test
* Added changelog entry
 2020-04-08 23:39:38 +02:00
Thomas Patzke 13dbb4cdbd Moved tools into sigma namespace 2020-03-31 23:46:58 +02:00
Florian Roth 6aba430de6 fix: sigma_uuid occurances 2020-03-31 16:29:58 +02:00
David Szili 0947538228 MDATP schema changes 
WDATP was renamed to MDATP (Microsoft Defendre ATP).
MDATP also had schema changes recently: https://techcommunity.microsoft.com/t5/microsoft-defender-atp/advanced-hunting-data-schema-changes/ba-p/1043914
The updates reflect these changes
 2020-03-09 17:12:41 +01:00
Thomas Patzke 5a2ccbd040 Fixed ArcSight backend visibility 2020-02-24 23:27:22 +01:00
Thomas Patzke 6236429f3d Added/changed CI tests 2020-02-24 23:21:11 +01:00
Thomas Patzke fa4c76871f Added CI test for sql backend 2020-02-21 22:27:55 +01:00
Thomas Patzke 638d461b16 Added ala-rule backend to CI testing 2020-01-13 13:47:11 +01:00
Thomas Patzke 530ac854df Added sigma2attack to CI testing 2019-12-20 22:53:22 +01:00
Thomas Patzke b701e9be50 Added ECS proxy configuration 2019-12-09 16:34:07 +01:00
Johan Berggren d8e1f56219 Add source distribution for PyPi when building 
Add sdist when building. This makes it easier to build packages from PyPi for example Debian PPA pkgs etc.
This will not affect anything else, just make the source distribution available in PyPi as a tar.gz archive.

If this gets merged, please bump the version and push to PyPi as well.
 2019-12-06 15:45:28 +01:00
Thomas Patzke 8d8530be2a Added UUID check to CI tests 2019-11-12 23:15:30 +01:00
Maxime Lamothe-Brassard 91e48d8c1b Adding setup links and fixing test that would crash Not node, but not seen in prod rules. 2019-10-27 11:56:32 -05:00
Hilko Bengen d759896e07 Make coverage binary overridable 
This makes it possible to pass a different coverage program to make
test, e.g.:

    make test COVERAGE=python3-coverage
 2019-10-23 15:42:25 +02:00
Thomas Patzke d5885686fc Sigmatools release 0.12 
* Value modifiers
* Config name cleanup
 2019-08-01 23:45:07 +02:00