security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
9,904 Commits 1 Branch 57 Tags
16fed13bb0636b32e83d5851a572e2d21145f087
Commit Graph

1332 Commits

Author SHA1 Message Date
Florian Roth f9fec99992 Merge pull request #2600 from calebstewart/issue/2599/es-eql-char-escaping 
Add reEscape config to ElasticsearchEQLBackend
 2022-02-03 22:04:50 +01:00
Maxime Lamothe-Brassard be238b53ff Fix wildcard-only generation in LimaCharlie. 2022-01-29 13:22:48 -08:00
Caleb Stewart a6d1ca6c84 Add reEscape config to ElasticsearchEQLBackend 2022-01-24 16:52:59 -05:00
frack113 43690233fb Merge pull request #2572 from zeronetworks/master 
feat(rules): Adding rules for the rpc_firewall
 2022-01-24 18:18:22 +01:00
sagiezero 41baa3c4c5 fix(rules): misshap in "test_rules", and also updated the splunk-windows.yml configuration 2022-01-23 10:35:46 +02:00
sagiezero 2c6b779fa3 fix(rules): misshap in "test_rules", and also updated the splunk-windows.yml configuration 2022-01-23 10:18:17 +02:00
sagiezero eb5578fa33 fix(rules): fixed capital in rule names, removed unknown mitre tags, removed unknown tag in logsource. 2022-01-20 16:53:01 +02:00
Florian Roth 9b7b48c0e6 Merge branch 'rule-devel' of https://github.com/SigmaHQ/sigma into rule-devel 2022-01-20 09:45:03 +01:00
Florian Roth 68f0cdf338 feat: new log channel windows-codeintegrity-operational 
https://twitter.com/SBousseaden/status/1483810148602814466
 2022-01-20 09:44:36 +01:00
Florian Roth 6835381e6a Merge branch 'master' into rule-devel 2022-01-19 19:42:14 +01:00
Florian Roth 2a118e900a refactor: added requirement, debug output for MITRE ATTCK eval 2022-01-19 15:21:50 +01:00
frack113 5890c1bb20 Fix logsource 2022-01-16 08:56:51 +01:00
frack113 0828ff098f Fix windows-dns-server 2022-01-15 09:07:26 +01:00
Florian Roth 392175e467 Merge pull request #2529 from SigmaHQ/aurora-false-positive-fixing 
fix: add field mapping for provider name
 2022-01-07 14:15:09 +01:00
Florian Roth 683c1b59cb fix: add field mapping for provider name 2022-01-07 13:08:14 +01:00
frack113 c19d87127e Add not_bound_keyword option for elastic 2022-01-06 12:43:04 +01:00
Thomas Patzke d0c7f54794 Merge pull request #2514 from DataDog/master 
Add Datadog Backend
 2022-01-04 07:43:43 +01:00
Tim Shelton 1618f587ab adding missing category entries 2022-01-03 22:22:35 +00:00
Tim Shelton 01c5a62941 adding additional ps that was missed 2022-01-03 22:19:33 +00:00
Tim Shelton 8b261d9a30 Adding ps_script to config 2022-01-03 22:09:50 +00:00
Anna Pauxberger 007a951e7c edit README 2022-01-03 15:00:14 -05:00
Anna Pauxberger 8fa714ca26 Merge branch 'SigmaHQ:master' into master 2022-01-03 20:20:08 +01:00
Anna Pauxberger d0560d1a65 Merge pull request #1 from DataDog/add-datadog-backend 
Add Datadog Backend
 2022-01-03 20:19:28 +01:00
Tim Shelton a4f601f53f adding spring to config 2021-12-29 19:53:57 +00:00
Julien Doutre 63705cdccb Comments 2021-12-21 12:17:13 +01:00
Julien Doutre 860744594e No mutable default argument 2021-12-21 12:02:31 +01:00
David Hazekamp 03f6b3fa89 fix(lacework): value exists 
Use is not null for non-json fields
 2021-12-17 17:17:25 -06:00
Julien Doutre a21fe1eb58 Use tags instead of facets 2021-12-15 17:26:45 +01:00
Julien Doutre 6940bf4782 capture any number of whitespaces 2021-12-15 17:14:58 +01:00
Julien Doutre 851e237240 test list selection logic 2021-12-15 16:52:48 +01:00
Julien Doutre 620cbe9293 Fix test name 2021-12-15 16:50:43 +01:00
Julien Doutre 1712e9d0a1 Move coverage test to dedicated script 2021-12-15 16:46:42 +01:00
Julien Doutre 477c9cf048 Refactor tests basic rule 2021-12-15 16:26:31 +01:00
Tim Shelton db97b29e35 addding missing entry 2021-12-14 21:52:57 +00:00
Tim Shelton 2a96f239a5 adding additional translation fields for web based requests. 2021-12-14 20:54:32 +00:00
Florian Roth baa5d3758d Merge branch 'master' into rule-devel 2021-12-13 18:05:17 +01:00
Florian Roth 51a4315ab9 fix: referrer > referer adjustments 2021-12-13 15:47:43 +01:00
Max Altgelt b4553dcd9d feat: Add finer powershell log source distinguation 
Credits for this go to @frack113
 2021-12-13 09:49:28 +01:00
frack113 87b2f45db6 Merge pull request #2401 from hazedav/master 
feat(sigma): Add support for Lacework agent data
 2021-12-10 18:04:07 +01:00
frack113 bd90531f65 Merge pull request #2424 from redsand/hawk_add_translate 
hawk backend: fixing err where regex is mangled and should be left alone
 2021-12-10 06:45:25 +01:00
Tim Shelton d58bf20e4c fixing err where regex is mangled and should be left alone 2021-12-09 20:43:58 +00:00
Tim Shelton d1b7eda60c adding translation for User, apparently its case sensitive 2021-12-09 20:04:20 +00:00
David Hazekamp 5d46d5fe46 Merge remote-tracking branch 'upstream/master' 2021-12-07 11:17:32 -06:00
hazedav 73f69c6697 feat(sigma): Add support for Lacework agent data 
Support linux.file_create
Support linux.process_creation
 2021-12-07 11:16:26 -06:00
Tim Shelton 3b7ce140c1 adding ps_module to config.. currently not listed in any config yaml for backends, will trigger regex detection on all payloads 2021-12-07 16:18:00 +00:00
Florian Roth d2e77a5cd0 Merge pull request #2392 from redsand/hawk_fix_regex_type 
fixes error when implementing regex type, data should not be escaped
 2021-12-07 06:15:10 +01:00
Tim Shelton 1937a90cbf fixing yaml err 2021-12-06 23:03:24 +00:00
Tim Shelton 7a7cf4ede6 fix str err 2021-12-06 22:32:10 +00:00
Tim Shelton 8871898adf fixing yaml fail 2021-12-06 22:05:13 +00:00
Tim Shelton ea511bd761 adding file event filter 2021-12-06 20:50:20 +00:00