security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
2,897 Commits 1 Branch 57 Tags
4cd99e71bf71c9dfd9d2cd3545602a7abdc88942
Commit Graph

581 Commits

Author SHA1 Message Date
neu5ron 58ac26e531 more ECS to sigmac taxonomy for web/proxy 2020-03-14 14:57:38 -04:00
Thomas Patzke a0f7da8c03 Splunk XML backend rule title 
Fixes #645
 2020-03-01 22:23:35 +01:00
Thomas Patzke 65444f7a77 Release 0.16.0 2020-02-25 22:19:52 +01:00
Thomas Patzke 5a2ccbd040 Fixed ArcSight backend visibility 2020-02-24 23:27:22 +01:00
Thomas Patzke 5b42135935 Added es-rule backend to all ES configurations 2020-02-24 23:20:48 +01:00
Thomas Patzke d9b48ea747 Fixes in es-rule backend 2020-02-24 23:20:19 +01:00
Thomas Patzke 4ee2c2762e Sorting of backend and configuration lists 2020-02-24 22:59:59 +01:00
vh 5dc30bd388 Carbonblack, Arcsight ESM, Elastic Rule 2020-02-24 19:29:45 +02:00
vh 516e61fdb0 t 2020-02-24 19:23:11 +02:00
Thomas Patzke 12be884aa5 Merge branch 'sql-backend' 2020-02-21 22:41:53 +01:00
Thomas Patzke 776b58b594 Improved Splunk Zeek configuration 2020-02-21 22:31:14 +01:00
Thomas Patzke 746f957a63 Merge branch 'patch-1' of https://github.com/fuseyjz/sigma into fuseyjz-patch-1 2020-02-21 22:24:44 +01:00
Thomas Patzke 3047571132 Merge pull request #625 from ninoseki/fix-sigma2misp 
Update sigma2misp
 2020-02-21 22:22:54 +01:00
Thomas Patzke 48d95f027c Merge branch 'oscd' 2020-02-20 23:11:57 +01:00
Manabu Niseki c6eb3bfbf2 Update sigma2misp 
Make enable to use with modern PyMISP
 2020-02-20 18:55:10 +09:00
james dickenson 1347e5060f logsource config for zeek events in splunk 2020-02-12 21:24:03 -08:00
Thomas Patzke d7bd90cb24 Merge branch 'master' into oscd 2020-02-03 23:13:16 +01:00
Thomas Patzke 1bc2c0b930 Deduplication of backend list 
Fixes issue #609. Added backend list debug output (class name).
 2020-02-03 22:16:00 +01:00
Thomas Patzke 815c562a17 Merge branch 'master' into oscd 2020-02-02 13:40:08 +01:00
vh dc5a31aebc Updated Azure Sentinel backend 2020-01-31 17:17:24 +02:00
Thomas Patzke 7b4ec734a8 Using rule ids as Kibana object id 2020-01-30 11:30:01 +01:00
Thomas Patzke 7b62b931ce Moved ala-rule backend code into ala backend module 2020-01-13 11:24:46 +01:00
Thomas Patzke de690cbfbf Merge branch 'master' of https://github.com/socprime/sigma into socprime-master 2020-01-13 11:19:39 +01:00
neu5ron d8b703462d fix name of network_initiated 2020-01-13 00:12:04 -05:00
Thomas Patzke 8d6a507ec4 OSCD QA wave 1 
* Checked all rules against Mordor and EVTX samples datasets
* Added field names
* Some severity adjustments
* Fixes
 2020-01-11 00:11:27 +01:00
Maxime Lamothe-Brassard a3ad7cb1c5 Fixed actual event tag 2019-12-30 18:15:12 -08:00
Maxime Lamothe-Brassard 9b32086d92 Mapping OriginalFileName to event/INTERNAL_NAME now that it's available. 2019-12-30 15:58:18 -08:00
SOC Prime 92bc96a308 Update ala-rule.py 2019-12-30 16:26:30 +02:00
vh f2117f798a Fix ala-rule 2019-12-30 16:24:08 +02:00
SOC Prime f015c97dff Update ala-rule.py 2019-12-30 16:13:27 +02:00
vh f9570a48cb Azure Sentinel backend (ala) - Fixed path in query 
Added new backend Azure Sentinel Rule (ala-rule)
 2019-12-30 16:11:53 +02:00
vh d42409372c Azure Sentinel backend (ala) - Fixed path in query 
Added new backend Azure Sentinel Rule (ala-rule)
 2019-12-30 16:09:19 +02:00
fuseyjz 0b2f88d5df Sigma converter for SQL format 
Get the converted SQL query after the WHERE statement for any filtering on SQL platform.

Example:
https://github.com/fuseyjz/sigma-sql/blob/master/README.md
 2019-12-24 10:42:25 +08:00
christophetd e99b0fe2d7 Add sigma2attack 2019-12-19 00:00:13 +01:00
Thomas Patzke d2a940a0a6 Merge branch 'devel' of https://github.com/Neo23x0/sigma 2019-12-13 22:01:40 +01:00
Thomas Patzke ee4138c48e Merge pull request #526 from zouzias/hotfix_aggregate_count_distinct_groupby 
[feature] extend es-dsl to support nested aggregations
 2019-12-13 21:55:47 +01:00
Thomas Patzke a25b2ec361 Merge pull request #523 from refractionPOINT/lc-added-mtd 
LC added FP metadata
 2019-12-13 21:50:52 +01:00
Thomas Patzke b701e9be50 Added ECS proxy configuration 2019-12-09 16:34:07 +01:00
Thomas Patzke 991108e64d Further proxy field name fixes (config + rules) 2019-12-07 00:23:30 +01:00
Thomas Patzke 51e9689425 Sigmatool release 0.15.0 2019-12-06 22:13:44 +01:00
Maxime Lamothe-Brassard 27bb07b74e Adding support for basic proxy rules using the HTTP_REQUEST events from the Chrome LC Agent. 2019-12-05 09:35:09 -08:00
Maxime Lamothe-Brassard 61bcc46394 Prettier formatting of YAML. 2019-11-18 14:50:41 -05:00
Maxime Lamothe-Brassard 9eed57ee1d Adding the "falsepositives" field to the LC metadata. 2019-11-15 08:30:41 -05:00
Anastasios Zouzias 3c7f522017 add .keyword on aggs; add extra unit test 2019-11-14 14:34:50 +01:00
Thomas Patzke cf22e9e576 Added hint on failed UUID check 2019-11-12 23:37:28 +01:00
Thomas Patzke ca53e937d9 Removed sigma.output from setup packages 2019-11-12 23:11:39 +01:00
Thomas Patzke 3828f4a95c Merge branch 'uuid' into assign-ids 2019-11-12 22:46:54 +01:00
Thomas Patzke 0065e2420f Merge branch 'oscd-qa' 2019-11-12 20:54:11 +01:00
Anastasios Zouzias e7ed0fa9ea added unit test 2019-11-12 14:06:10 +01:00
Anastasios Zouzias 324005a126 [feature] extend es-dsl to support nested aggregations 2019-11-12 11:46:43 +01:00