security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,012 Commits 1 Branch 57 Tags
230562bdf6c0bb3a040ae2afae9773247dc5acd6
Commit Graph

806 Commits

Author SHA1 Message Date
Florian Roth 230562bdf6 Merge pull request #1278 from K-Yo/update-navigator-v4 
Update navigator v4
 2020-11-10 13:34:46 +01:00
Florian Roth c087e39698 Merge pull request #1277 from K-Yo/fix-unicode-error 
Fix unicode error in sigma2attack
 2020-11-10 13:34:05 +01:00
Hendrik 96e90fbff2 Fix recursion of rules 2020-11-06 12:43:52 +01:00
Olivier Caillault 34f24a60a1 Updating attack navigator version to v4.0 2020-11-05 23:37:01 +01:00
Hendrik bf5d40eec3 New Backend - Kibana NDJSON 
Tested against 7.9.3
 2020-11-05 23:34:25 +01:00
Olivier Caillault 31639366cd Fix unicode error in sigma2attack 2020-11-05 22:30:12 +01:00
Thomas Patzke f0e89b0c8c Fixed: typecheck in sumologig-cse 2020-10-23 19:49:55 +02:00
Thomas Patzke 2fb7dd5e99 Fixes 
* Removed Splunk regex query
* Added test for sumologic-cse backend
 2020-10-23 15:31:00 +02:00
Thomas Patzke 9dc806448c Merge branch 'master' of https://github.com/socprime/sigma into pr-1049 2020-10-23 14:57:25 +02:00
vh 383823f49a Fix: added default value of current_table 2020-10-21 10:12:17 +03:00
vh f45e45d736 Fix: Import SigmaRegularExpressionModifier in the splunk backend. 2020-10-20 18:13:53 +03:00
Thomas Patzke 976fc92b22 Merge pull request #971 from alan8trend/parse_nested_parentheses 
Add support nested parentheses for Sigma condition
 2020-10-12 23:30:36 +02:00
Thomas Patzke e8cdd4777a Merge pull request #1026 from ryanplasma/fix-pymisp-error 
Fix error with pymisp in sigma2misp
 2020-10-12 23:14:13 +02:00
vh 51df5ad876 Added: 
Sumo Logic CSE Rule Backend

Updated:
Mapping depence on logsource
Azure Sentinel Query Backend
MDATP: query with few logsources
CROWDSTRIKE: fix generateMapItemTypedNode
 2020-10-06 15:07:52 +03:00
Florian Roth d3ee1aba66 docs: MITRE ATT&CK(R) trademark references removed or adjusted 
https://github.com/Neo23x0/sigma/issues/1028
 2020-09-30 08:53:52 +02:00
Ryan Plas cdbee4b531 Fix error with pymisp in sigma2misp 2020-09-29 12:01:33 -04:00
Thomas Patzke 378d9c94cf Merge branch 'master' of https://github.com/socprime/sigma into pr-981 2020-09-15 12:14:49 +02:00
snake-jump 5119f887c8 add Regular expression support 
Add Regular expression support for netwitness-epl backend
 2020-09-14 22:04:47 +02:00
snake-jump 531557465c delete raise exception in case of sigma key is keyword(s) 2020-09-14 16:00:03 +02:00
snake-jump 09f25cf992 delete sqlparse module usage 2020-09-10 19:05:55 +02:00
snake-jump e74846b767 modify comment 2020-09-10 18:09:15 +02:00
snake-jump 64035fd799 initial commit for Netwitness-EPL backend 2020-09-10 17:12:12 +02:00
vh a2fec9f3b9 Fix sysmon backend 2020-08-28 12:26:40 +03:00
Thomas Patzke bae09e9447 Sigmatools release 0.18.1 2020-08-26 00:06:25 +02:00
Nate Guagenti f21b3c50c6 control whether to use an analyzed field or different type if a query/value contains a wildcard. 
Signed-off-by: Nate Guagenti <neu5ron@users.noreply.github.com>
 2020-08-25 13:13:18 -04:00
Nate Guagenti a7ffb96b6b elasticsearch regex escape of '.' for case insensitivity backend options 
Signed-off-by: Nate Guagenti <neu5ron@users.noreply.github.com>
 2020-08-25 13:10:25 -04:00
Nate Guagenti 474e04dfe3 add new options to readme for elasticbackend 
Signed-off-by: Nate Guagenti <neu5ron@users.noreply.github.com>
 2020-08-25 13:00:22 -04:00
Nate Guagenti 76910eaee4 fix sub field name usage if there are 3 or more fields.. 
Signed-off-by: Nate Guagenti <neu5ron@users.noreply.github.com>
 2020-08-25 12:56:57 -04:00
Nate Guagenti 0d713e4544 control whether to use an analyzed field or different type if a query/value contains a wildcard. 
Signed-off-by: Nate Guagenti <neu5ron@users.noreply.github.com>
 2020-08-25 12:56:33 -04:00
tung12 1921e9dd89 Fix wild card and some escaped characters 2020-08-18 15:57:13 +07:00
SOC Prime d3ba1e4fb8 Add sysmon backend 2020-08-18 11:20:22 +03:00
tung12 172f7b371e Change mapped Image to path 2020-08-17 15:05:44 +07:00
Dermott, Scott J 7e6828dd40 + Adding Mitre Sub-Techniques and python update script to fetch latest Pre, Enterprise & Mobile Tactics and Techniques from Mitre CTI 2020-08-13 10:24:44 +01:00
Thomas Patzke 01125ffd3b Fixed: Elastalert backend handling of conditional field mappings 2020-08-11 23:29:18 +02:00
alan tseng e9af2fb119 support nested conditions for Sigma 
The parser finds the close token in pairs with left token.
So the parser will support nested parentheses in the conditions.
 2020-08-07 14:58:32 +08:00
bar 8352eefe22 STIX Support keywords (value without field) 2020-07-28 18:52:02 +03:00
bar de475bb500 updated STIX mapping for more rule fields 2020-07-27 14:36:30 +03:00
bar 32cf352236 Merge remote-tracking branch 'upstream/master' 2020-07-26 14:56:06 +03:00
bar 9643e01b54 extension should use '..' 2020-07-26 12:16:48 +03:00
Thomas Patzke dcb07bab2f Merge pull request #949 from 0xballistics/powershell_backend_fix 
partial(?) fix of #762
 2020-07-25 10:18:05 +02:00
Simran Soin c329f6412d Fix bug with NOT handling 2020-07-23 11:47:55 -04:00
Simran Soin 6c7b4cf408 Revert additional change in base.py 2020-07-23 10:47:22 -04:00
Simran Soin ef9af3730a Remove unnecessary edits from qradar.py 2020-07-23 10:34:29 -04:00
Simran Soin 0e49a6acdf Default NOT to false for all functions 2020-07-23 10:18:16 -04:00
Simran Soin 0fac21f4a3 Remove modifications from base file and override in stix.py 2020-07-23 10:13:30 -04:00
Simran Soin 30ff22776a Fix NOT bug 2020-07-23 09:41:33 -04:00
bar 5019f2f160 added mapping for stix web, cloud, linux 2020-07-22 21:41:46 +03:00
bar 0543ec1ae3 mapping update, removed unused fields 2020-07-21 19:49:26 +03:00
bar 83623f396c Merge remote-tracking branch 'upstream/master' 2020-07-21 17:22:06 +03:00
bar da30266c60 ImageLoaded mapping added 2020-07-21 17:21:14 +03:00