security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,661 Commits 1 Branch 57 Tags
11ed7e7ef8f355dc36c0ee4bb8df17b7edbcdcda
Commit Graph

398 Commits

Author SHA1 Message Date
Thomas Patzke 11ed7e7ef8 Check for valid configuration/backend combinations 2019-05-20 01:00:33 +02:00
Thomas Patzke e271484eef Load configurations via new config management 2019-05-20 00:27:35 +02:00
Thomas Patzke 3d20e0bc98 Sigma configuration management with listing 
Missing:
* Use config by identifier
 2019-05-17 09:13:59 +02:00
Thomas Patzke 71ff6bd943 Catch type errors in configuration handling 2019-05-16 23:34:44 +02:00
Thomas Patzke 36aeb19721 Added title to all configurations 2019-05-16 23:33:51 +02:00
Florian Roth a6d2a5d79b fix: more general fixes of the var type issue 2019-05-15 21:25:53 +02:00
Florian Roth 9f1bbb0a0d fix: missing type check in WDATP backend 2019-05-15 21:20:20 +02:00
Thomas Patzke 526468bec3 Merge pull request #298 from christophetd/elastalert-allow-rules-without-http-post-url 
Allow generating Elastalert rules with the http_post alert type without specifying a URL at generation time
 2019-05-10 00:31:33 +02:00
Thomas Patzke a361664ed2 Merge pull request #318 from HacknowledgeCH/es-qs-not-parenthesis-fix 
Correct parenthesization for NOT expressions in the ES-QS backend
 2019-05-10 00:14:29 +02:00
Thomas Patzke 763939a8ca Hide --shoot-yourself-in-the-foot 2019-04-25 23:42:13 +02:00
Thomas Patzke eb022f3908 Conditional field mapping for null values 
Fixes #326
 2019-04-25 23:24:05 +02:00
Thomas Patzke cfb4f32651 Backend es-dsl tolerates rules without title and log source 2019-04-25 22:41:31 +02:00
Codehardt 17ae9ea91c Renamed spark config in setup.py 2019-04-25 09:56:29 +02:00
Codehardt 8cf505fcb3 Accidentally removed windows-dhcp logsource in spark's config file 2019-04-25 08:23:48 +02:00
Codehardt 79f7edb6b4 Added logsources for generic sigma rules to spark config, renamed spark config to thor config 2019-04-25 08:15:50 +02:00
Thomas Patzke 6918784e87 Configuration order checking 2019-04-23 00:54:10 +02:00
Thomas Patzke c90d3e811e Formatted error code definitions 2019-04-23 00:53:52 +02:00
Thomas Patzke e9af99c147 Completed error codes 2019-04-23 00:52:31 +02:00
Thomas Patzke d0bd8a2a41 Mandatory configuration for most backends 2019-04-22 23:40:21 +02:00
Thomas Patzke 34c426a95b Moved error codes to constants defined centrally 2019-04-22 23:15:35 +02:00
christophetd 4e16bbafa8 Correct parenthesization for NOT expressions in the ES-QS backend 2019-04-16 10:30:18 +02:00
Thomas Patzke 5194e8778c Fail on missing target selection 2019-04-14 23:50:07 +02:00
Florian Roth 6351c5a350 Sigma ATT&CK coverage by @jmallette 2019-04-11 18:27:52 +02:00
Jon cd456a1d2b initial SIGMA ATTACK Navigator layer release 2019-04-09 22:49:28 -04:00
christophetd d32e5c10b8 Allow generating Elastalert rules with the http_post alert type without specifying a URL at generation time 2019-04-03 17:22:58 +02:00
Thomas Patzke 0419ff215a Fixed quoting of single quotes in grep backend 2019-04-01 23:22:05 +02:00
Thomas Patzke 140a32d8c9 Sigma tools release 0.10 2019-03-16 01:02:48 +01:00
Thomas Patzke 2dda9a7b77 Moved Sysmon schema XML from contrib directory into module 2019-03-16 00:59:29 +01:00
Thomas Patzke 5e973a6321 Fixes and CI testing of --backend-config 2019-03-15 23:46:38 +01:00
Thomas Patzke 0864d05aa5 Merge branch 'backend-config-file' of https://github.com/christophetd/sigma into christophetd-backend-config-file 2019-03-15 23:35:11 +01:00
Thomas Patzke 3f7e08733a Added backend option 'sysmon' for ala backend 2019-03-15 23:26:15 +01:00
Thomas Patzke 8d1723e65c Merge branch 'master' of https://github.com/tuckner/sigma into tuckner-master 2019-03-15 23:06:08 +01:00
John Tuckner a1ba04aec8 modified process creation logic 2019-03-08 00:01:43 -06:00
Thomas Patzke a429f09cc1 Merge branch 'elastalert-alert-types' of https://github.com/christophetd/sigma into christophetd-elastalert-alert-types 2019-03-07 23:54:05 +01:00
tuckner e9ddd933f8 more fixes for process creation 2019-03-07 16:28:35 -06:00
John Tuckner 5a64f572e3 update 2019-03-07 10:32:59 -06:00
John Tuckner 283bd278f4 added eventid to sysmon process creation 2019-03-05 20:58:23 -06:00
John Tuckner 971bd49071 accomodated process creation and slash escapes 2019-03-05 20:50:30 -06:00
tuckner cf186387af Added schema file checking 2019-03-04 11:53:51 -06:00
tuckner c5796d7853 Added Azure Log Analytics backend 2019-03-04 10:49:50 -06:00
tuckner 8179d182c4 added azure log analytics 2019-03-04 10:44:45 -06:00
Thomas Patzke 99b15edf8a Sigma tools release 0.9 2019-03-02 00:47:03 +01:00
Thomas Patzke 56a1ed1eac Merge branch 'project-1' 2019-03-02 00:26:10 +01:00
Thomas Patzke 7602309138 Increased indentation to 4 
* Converted (to generic sigma) rules
* Converter outputs by default with indentation 4
 2019-03-02 00:14:20 +01:00
Thomas Patzke 690807c846 Sigma tools release 0.8 2019-02-28 09:08:22 +01:00
Thomas Patzke c922f7d73f Merge branch 'master' into project-1 2019-02-26 00:24:46 +01:00
christophetd 1a6faf385c Add HTTP POST alert type to the Elastalert backend 2019-02-23 14:12:14 +01:00
christophetd 3a7160d52b Accept backend options from a configuration file (closes #213) 2019-02-23 13:20:20 +01:00
Thomas Patzke 9ef314486e Grep backend escapes + 2019-02-19 14:49:06 +01:00
Florian Roth 004497075d fix: spark source config bug 2019-02-12 23:27:38 +01:00