security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7,573 Commits 1 Branch 57 Tags
5508ff45b671ccedccebfdaff84197879eedf0f9
Commit Graph

1086 Commits

Author SHA1 Message Date
frack113 5f1143247b Update "sigmac -l" message 2021-08-28 08:51:58 +02:00
frack113 6aae623f45 Remove duplicate file 2021-08-28 08:42:02 +02:00
David Hazekamp cc6e4381b2 feat(backend): introducing lacework backend 
Adding authors
Removing todo
 2021-08-26 14:12:47 -05:00
David Hazekamp a5d175fbf7 feat(backend): introducing lacework backend 2021-08-26 14:05:44 -05:00
Thomas Patzke 3396d72d81 Merge pull request #1887 from frack113/fix_NodeSubexpression_len 
fix sigmac error "has no len()"
 2021-08-22 12:11:16 +02:00
Thomas Patzke cbf1fd213b Merge pull request #1856 from theoguidoux/sql-sqlite-fields-selection 
[Ready] SQL & SQLite rule fields selection
 2021-08-22 12:09:07 +02:00
Thomas Patzke b97a47c32a Merge pull request #1895 from frack113/fix_sigma2attack.py 
sigma2attack.py fix yaml error
 2021-08-22 12:05:54 +02:00
frack113 7cd71b2240 fix yaml error 2021-08-22 08:57:07 +02:00
Austin Songer 579a80411d Update m365.yml 2021-08-21 15:03:31 -05:00
Austin Songer 645492cef5 Update m365.yml 
just working on expanding this.
 2021-08-21 14:57:38 -05:00
frack113 f6fe5e7d02 fix when backend support error 2021-08-20 13:58:57 +02:00
frack113 4e895da471 fix error "has no len()" 2021-08-20 09:20:56 +02:00
Austin Songer e6457531dd Create m365.yml 2021-08-20 00:29:29 -05:00
frack113 08324a5a56 Merge pull request #1875 from frack113/fix_sigma_similarity 
sigma_similarity fix start errors
 2021-08-19 14:16:52 +02:00
frack113 2cdab46ee4 fix start errors 2021-08-19 09:37:00 +02:00
Austin Songer e039f91272 Spelling 2021-08-18 19:00:57 +00:00
Theo Guidoux 2a3acd7d11 add selection flag for backward compatibility 2021-08-16 19:32:54 +02:00
Theo Guidoux c1876b9ff6 add fields from rules to query + sqlite 2021-08-16 13:33:43 +02:00
Theo Guidoux 16269c0d63 cleaner default value handling 2021-08-16 10:47:05 +02:00
Theo Guidoux 40018eef7f edit help + case where 'select=' 2021-08-16 10:44:01 +02:00
Thomas Patzke 5c4fd3a122 Release 0.20 2021-08-14 00:25:12 +02:00
Thomas Patzke 607724278a Merge pull request #1580 from codyswanson4:master 
Update Elasticsearch Watcher backend to populate name column in Kibana
 2021-08-13 23:33:47 +02:00
Thomas Patzke f9c9f73b09 Merge pull request #1772 from eocete-devo:master 
[Devo backend] Added support for multicondition rules using Devo subqueries
 2021-08-13 23:30:04 +02:00
Thomas Patzke 32400e5d55 Merge pull request #1785 from theoguidoux:theoguidoux/sql-backend-field-selection 
Add fields selection to sql backend option
 2021-08-13 23:29:24 +02:00
Thomas Patzke 62a53ca895 Merge pull request #1835 from wietze:fix/mdatp/linux_support 
Enabling Linux/macOS support on MDATP
 2021-08-13 23:28:06 +02:00
Wagga 4d53e4b040 Merge branch 'master' into master 2021-08-12 22:49:11 +02:00
Thomas Patzke 1b215e3aaf Merge pull request #1828 from wietze/optimisation/nesting_reduction 
Optimising lists/subexpressions with only one item
 2021-08-12 22:41:17 +02:00
Thomas Patzke 8694afe023 Merge pull request #1779 from frack113/elastalert 
Fix elastalert multi output file
 2021-08-12 22:40:36 +02:00
frack113 62e541ec7f Merge pull request #1784 from frack113/winlogbeat-modules-enabled 
Update Mapping Winlogbeat modules enabled
 2021-08-12 19:14:17 +02:00
Wietze 17595e2443 Enabling Linux/macOS support on MDATP, fixing incorrect parent cmd mappings 2021-08-12 18:07:13 +01:00
wagga40 13a3e78184 Fix options : removed "raw" 2021-08-12 15:54:02 +02:00
wagga40 cbb03db2dd Fix the way YAML is dumped 2021-08-12 15:28:45 +02:00
wagga40 c165783fff Add an option to enhance default output by choosing fields 
Add an option to output in JSON or YAML
 2021-08-12 15:26:46 +02:00
Florian Roth 80e686994c Merge pull request #1824 from frack113/add_list_test_warning 
Sigma Schema add new Attribute and test
 2021-08-12 12:18:29 +02:00
Wietze 7ba375dea0 Optimising lists/subexpressions with length 1 
Should reduce brackets on some output targets
 2021-08-11 18:00:09 +01:00
frack113 f4268d8054 Merge pull request #1707 from heyibrahimkhan/patch-6 
Create ala-suricata.yml
 2021-08-11 15:55:44 +02:00
frack113 5e5ac8479c Add tlp and target Attribute 2021-08-11 14:26:20 +02:00
Thomas Patzke 3dea956812 Merge pull request #1789 from frack113/fix_issue_1771 
add hash_normalise option for ElasticsearchWildcardHandlingMixin
 2021-08-11 08:21:43 +02:00
frack113 e43b917dab fix space error 2021-08-10 17:35:32 +02:00
frack113 6b21a881ca Merge pull request #1700 from heyibrahimkhan/patch-5 
Create ala-azure-aws_cloudtrail.yml
 2021-08-09 10:21:34 +02:00
frack113 f6980edc66 fix english : normalize 2021-08-07 11:16:24 +02:00
frack113 2333defde7 add hash_normalise option 2021-08-07 08:24:36 +02:00
Theo Guidoux b7e301b639 add field selection to sql backend option 2021-08-06 11:46:00 +02:00
frack113 f4bef0fc39 Add Microsoft-Windows-Windows Defender/Operational 2021-08-06 11:12:34 +02:00
frack113 65251e13e9 Add missing system field 2021-08-06 10:52:24 +02:00
frack113 4a8192fecc fix typo mono 2021-08-05 22:38:48 +02:00
RedKyper b353a10643 elastalert multi output file 2021-08-05 20:37:07 +02:00
Florian Roth f67e372af6 Merge pull request #1766 from frack113/patch_elastalert 
Fix duplicate output in elastalert Backend
 2021-08-05 15:48:18 +02:00
frack113 4b44ee654b Fix missing a space 2021-08-05 13:36:18 +02:00
frack113 0b053e79cc fix syntax error 2021-08-05 13:33:39 +02:00