security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
1,879 Commits 1 Branch 57 Tags
158ffd2f0cd080bef4e37808aa23f249b769e910
Commit Graph

466 Commits

Author SHA1 Message Date
Lep 158ffd2f0c requiment 2019-11-28 17:23:05 +07:00
Lep 37257170dd postAPI 2019-11-28 16:01:24 +07:00
Lep d08ff35222 postAPI 2019-11-28 11:45:49 +07:00
gsanm 150afd816d IP Clean 2019-10-22 17:49:50 +07:00
lep 1c5816b214 update carbonblack module 2019-10-18 17:51:31 +07:00
lep 7219e0b0f1 module carbonblack 2019-10-18 14:04:38 +07:00
agold 0984293d0c Support for Malicious cmdlets in ATP 2019-08-20 14:33:08 -07:00
svent 1ea6d00a39 Fix QRadar field name escaping and handling 2019-08-12 23:47:43 +02:00
svent 826c1e3942 Fix QRadar backend config 2019-08-12 23:47:43 +02:00
Michiel Meersmans 0708fdd28e Correctly escape slashes within es-dsl wildcard queries 2019-08-07 12:56:19 +02:00
Florian Roth 9c85d5e80f Merge pull request #406 from tuckner/master 
Fix ala parsing issues
 2019-08-06 10:28:07 +02:00
Thomas Patzke 940c36a4cd Fixed build 
Missing package specification
 2019-08-05 23:42:33 +02:00
Thomas Patzke d5885686fc Sigmatools release 0.12 
* Value modifiers
* Config name cleanup
 2019-08-01 23:45:07 +02:00
Thomas Patzke 805c739611 Merge branch 'devel-modifiers' 2019-07-31 23:44:10 +02:00
Thomas Patzke 31c6ffcb61 No escaping for typed values 2019-07-31 23:43:29 +02:00
tuckner 8f2f1922c6 Merge pull request #1 from Neo23x0/master 
update fork
 2019-07-27 21:27:52 -05:00
Thomas Patzke 8a3117d73e Nested list handling for chained value modifiers 2019-07-16 23:03:19 +02:00
Thomas Patzke 6881967889 Further modifiers 
* base64
* base64offset
 2019-07-16 00:00:35 +02:00
Thomas Patzke 1bb29dca26 Implemented type modifiers and regular expressions 2019-07-15 22:52:10 +02:00
Thomas Patzke b9ff280209 Cleanup of configuration names 2019-07-14 00:50:15 +02:00
Thomas Patzke 5489f870cc Merge pull request #393 from HacknowledgeCH/master 
Explicit OR for list elements
 2019-07-13 23:11:44 +02:00
Thomas Patzke 134bfebe57 Ignore "timeframe" detection keyword in "all/any of" conditions 
Fixes #395
 2019-07-13 00:35:35 +02:00
christophetd 576912eb7a Support OR queries for Elasticsearch 6 and above 2019-07-08 17:12:53 +02:00
Florian Roth f7ba2b3976 fix: bug in sumologic backend with 'null' values 2019-07-02 22:31:10 +02:00
Thomas Patzke 337681cfce Value modifiers 
* First transformation modfiers: contains, all
* Sigma converter modifier list
 2019-06-30 23:41:28 +02:00
Thomas Patzke 161965d14c Added version information to Winlogbeat configs 2019-06-30 22:44:12 +02:00
herrBez 74021d53d8 Modified winlogbeat config to adhere to winlogbeat 7 field names breaking changes 
ref: https://www.elastic.co/guide/en/beats/libbeat/current/breaking-changes-7.0.html
 2019-06-30 12:13:21 +02:00
Thomas Patzke 6fab5d7f23 Improved testing and removed dead&debug code 2019-06-29 00:09:53 +02:00
Thomas Patzke 377872c91e Merge branch 'devel-sumo' of https://github.com/juju4/sigma into juju4-devel-sumo 2019-06-28 23:39:15 +02:00
Thomas Patzke 0c7151c901 Watcher backend default options, refactoring and testing 2019-06-28 23:22:16 +02:00
Adrian Constantin Stanila feac0be8a4 Added 2 more actions on Elasticsearch X-pack Watcher: index and webhook 
Added timestamp filter query.
 2019-06-27 08:54:59 +03:00
juju4 654a009c9e sumologic backend: remove TypeError 2019-06-22 16:49:46 -04:00
juju4 559d0f4ba8 sumologic backend: force as string 2019-06-22 16:43:50 -04:00
juju4 2df0e9765c sumologic backend: pycodestyle review - E501 2019-06-22 16:41:57 -04:00
juju4 49533a5909 sumologic backend: pycodestyle review 2019-06-22 16:39:13 -04:00
juju4 84de12635e self.debug option, fix multiple keyvalue escapings/cleanValue, inline index for now 2019-06-22 16:19:45 -04:00
juju4 a11d800353 Merge branch 'master' into devel-sumo 2019-06-22 09:18:23 -04:00
Thomas Patzke f4da0c5540 Added field SecurityID to Winlogbeat config 2019-06-19 23:35:50 +02:00
Thomas Patzke f271685f59 Merge pull request #372 from dvas0004/patch-2 
Addition of KeyLength field
 2019-06-19 23:28:31 +02:00
Thomas Patzke d82df83ef1 Merge pull request #369 from TareqAlKhatib/refactors 
Refactors
 2019-06-19 23:16:19 +02:00
David Vassallo fdce7ad9bf Addition of KeyLength field 2019-06-14 17:58:47 +03:00
Thomas Patzke 5715413da9 Usage of Channel field name in ELK Windows config 2019-06-11 13:15:43 +02:00
John Tuckner 3529b717cb fixed backend errors in ala 2019-06-10 09:25:59 -05:00
Tareq AlKhatib d61a971874 Minor refactors 2019-06-10 09:55:52 +03:00
Thomas Patzke 8a0f706cca Merge branch 'master' of https://github.com/Neo23x0/sigma 2019-05-30 23:24:37 +02:00
Thomas Patzke 1986bcb843 Sigma tools release 0.11 2019-05-30 22:56:38 +02:00
Thomas Patzke 673973e523 Merge pull request #357 from agix/es_dsl_bug 
fix missing condition when unique plus timeframe
 2019-05-30 22:42:09 +02:00
Thomas Patzke 8023011bb1 Merge branch 'elastalert_dsl_backend' of https://github.com/agix/sigma into agix-elastalert_dsl_backend 2019-05-30 22:33:57 +02:00
Florian GAULTIER 89c1d7b63d Wrong fix, self.queries should be emptied after copied to rule_object 2019-05-29 16:10:14 +02:00
Florian GAULTIER 748ac2e206 Dont combine multiple queries 2019-05-29 16:05:53 +02:00