security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
99 Commits 1 Branch 57 Tags
4aaa22fd6d0ef45cbf90be1364bf4e0eddd7a9db
Commit Graph

99 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Thomas Patzke 4aaa22fd6d Made not implemented sigmac features obvious 
* added notes to help message
* error if not implemented option is used
 2017-03-04 23:36:46 +01:00
Florian Roth a9d6295791 Rule: Sysmon Malware Shellcode in Verclsid Process 2017-03-04 10:38:23 +01:00
Florian Roth 47bfe82cc4 Splunk specifics 2017-03-04 10:37:40 +01:00
Florian Roth 9971192bff Create README.md 2017-03-03 13:45:55 +01:00
Florian Roth b984d83685 Typo in help text 2017-03-03 12:47:20 +01:00
Thomas Patzke 8f3541f0a0 Added Splunk backend 2017-03-02 23:34:12 +01:00
Thomas Patzke 2dd1c7cd12 Deactivated not implemented backends 2017-03-02 22:55:45 +01:00
Thomas Patzke 9556e73cd1 Fix: automatic escaping of * and ? in es-qs backend removed 2017-03-02 12:07:07 +01:00
Florian Roth 15e61a9681 Rule: Certutil Decode in AppData 2017-03-02 11:28:34 +01:00
Florian Roth b6459a00ab Two new Sysmon rules for Office Macro/PS detection 2017-03-02 11:06:53 +01:00
Florian Roth 8559837aab Removed Sysmon EventLog from selection > via 'logsource' 2017-03-02 11:06:20 +01:00
Thomas Patzke 77b8bd3834 Merge branch 'devel-sigmac' 2017-03-01 21:55:55 +01:00
Thomas Patzke 10ee9c64fe Moved node output into dedicated backend class methods 2017-03-01 21:47:51 +01:00
Florian Roth 06348d8ee3 Delete _config.yml 2017-03-01 17:29:02 +01:00
Florian Roth b4f2a74371 Proposed changes to mimimkatz-inmemory aggregation 2017-03-01 10:16:43 +01:00
Florian Roth 9934a66a3c Rule: ClamAV 2017-03-01 10:00:17 +01:00
Thomas Patzke 7c362fb98e Merge branch 'devel-sigmac' 2017-03-01 09:45:35 +01:00
Thomas Patzke 0d470af0e7 Set sigmac default backend to 'es-qs' 2017-03-01 09:40:51 +01:00
Thomas Patzke 27909782e7 Merge branch 'devel-sigmac' 2017-03-01 09:36:46 +01:00
Florian Roth ed78233544 Update README.md 2017-03-01 08:55:06 +01:00
Florian Roth 07206728a5 Sigmac Screenshot 2017-03-01 08:48:39 +01:00
Thomas Patzke 92920abbed Added sigmac Screenshot 2017-03-01 08:39:02 +01:00
Florian Roth 2e0632b05f Rule: Linux: buffer overflows 2017-03-01 08:38:33 +01:00
Thomas Patzke 0b0d37fd61 Added sigmac Screenshot 2017-03-01 00:19:11 +01:00
Thomas Patzke f5616051d7 Merge branch 'master' into devel-sigmac 2017-03-01 00:09:24 +01:00
Thomas Patzke e0f813ebbb Conversion to Elasticsearch Query Strings 
First version of sigmac that converts Sigma YAMLs without aggregations
into ES Query Strings suitable for Kibana or other tools.
 2017-03-01 00:03:34 +01:00
Florian Roth 001bed0c45 ModSecurity rule: multiple blocks 2017-02-28 17:53:32 +01:00
Florian Roth 9c8ed4c0b1 Apache segmentation fault rule 2017-02-28 17:53:06 +01:00
Florian Roth b1446f9b87 Removed 'last' keyword from 'timeframe' fields 2017-02-28 17:52:40 +01:00
Florian Roth e9d39c78c6 Scheme - Image 2017-02-25 11:39:59 +01:00
Thomas Patzke 15c6f9411b Rule review 
* Typos
* Added false positive descriptions
 2017-02-24 23:44:42 +01:00
Thomas Patzke 58f2118ef4 Parsing of search expressions 
* Tokenization
* Building a parse tree
* Aggregations not yet implemented
 2017-02-24 23:36:19 +01:00
Thomas Patzke 0e5eb513a2 Merge branch 'master' into devel-sigmac 2017-02-22 22:47:12 +01:00
Thomas Patzke ec9f42410a Intermediate backup state: Parsing of most conditions 
* Conditions with parentheses cause exceptions
 2017-02-22 22:43:35 +01:00
Thomas Patzke fdbadb8e6e Rule fix 
Fixed condition in webshell keyowrd rule.
 2017-02-22 22:42:35 +01:00
Florian Roth b5b5296c5f Fixed unfinished sentence, changed 'next steps' 2017-02-22 18:16:20 +01:00
Florian Roth a57d8347b2 Link to Sigma Converter in Devel Branch 2017-02-20 10:37:23 +01:00
Thomas Patzke a4611d6dc6 Added new rules 
From adsecurity.org:

* https://adsecurity.org/?p=1772
* https://adsecurity.org/?p=1714
 2017-02-19 22:43:27 +01:00
Thomas Patzke 9740be92bc Merge branch 'master' into devel-sigmac 2017-02-19 22:15:18 +01:00
Florian Roth 8ec7d53688 Improved coverage / tree image 2017-02-19 13:41:04 +01:00
Florian Roth 00a4adf542 Link Bugfix 2017-02-19 11:09:32 +01:00
Florian Roth 52d04e52ac Removed lists from log source section 2017-02-19 11:08:40 +01:00
Florian Roth 6fbc1dcd32 Mayor update 
Why Sigma, intro changed
 2017-02-19 11:03:30 +01:00
Florian Roth ca758bb99b New images 2017-02-19 10:24:24 +01:00
Florian Roth 166f207dc0 Sysmon rules 'logsource' change 2017-02-19 09:19:06 +01:00
Florian Roth cd6e24c5ff Added "logsource" sections and new rule 2017-02-19 00:31:59 +01:00
Thomas Patzke 0543ef7e75 sigmac: Condition Tokenizer 2017-02-16 23:58:44 +01:00
Thomas Patzke ec1c5e142b Merge branch 'master' into devel-sigmac 2017-02-16 23:52:03 +01:00
Thomas Patzke 9a38d6543f Fixed type of condition 2017-02-16 23:49:34 +01:00
Thomas Patzke 367596060d Merge branch 'master' into devel-sigmac 2017-02-16 22:14:48 +01:00