 frack113
|
468cac031d
|
fix status
|
2021-10-14 07:19:41 +02:00 |
|
|
frack113
|
f1d5605f10
|
fix yml space
|
2021-10-11 07:44:48 +02:00 |
|
|
frack113
|
9810a9fe73
|
add powershell.yml
|
2021-10-11 07:42:04 +02:00 |
|
|
frack113
|
94bff8e5ea
|
Merge pull request #2108 from hazedav/master
fix(backend): add remediation for lacework policy
|
2021-09-30 17:38:38 +02:00 |
|
|
hazedav
|
67818f125a
|
fix(backend): add remediation for lacework policy
|
2021-09-30 09:27:18 -05:00 |
|
|
frack113
|
424b0263df
|
add EventID 26
|
2021-09-29 08:53:22 +02:00 |
|
|
frack113
|
41f0fe6b52
|
Merge pull request #2095 from frack113/update_help
Update filter help
|
2021-09-28 16:23:29 +02:00 |
|
|
frack113
|
c27084dd0c
|
Merge pull request #2094 from frack113/backend_sysmon
Fix logsource not a string
|
2021-09-28 16:22:58 +02:00 |
|
|
frack113
|
11dc276185
|
Update filter help
|
2021-09-28 10:33:10 +02:00 |
|
|
frack113
|
bcdf164b4c
|
fix space
|
2021-09-27 19:17:14 +02:00 |
|
|
frack113
|
a0b48b96d4
|
Fix 'NoneType' object has no attribute 'lower'
|
2021-09-27 18:49:58 +02:00 |
|
|
frack113
|
6782a7af4d
|
fix TargetUserName and TargetUserSid for detection
|
2021-09-27 09:27:01 +02:00 |
|
|
frack113
|
74c2d39d53
|
Merge pull request #2081 from austinsonger/ecs-ms365_defender.yml
ecs-ms365_defender.yml
|
2021-09-27 08:03:36 +02:00 |
|
|
frack113
|
d08d3712be
|
Add more debug info
|
2021-09-25 19:33:30 +02:00 |
|
|
Austin Songer
|
00f4773eeb
|
Create ecs-ms365_defender.yml
|
2021-09-24 20:02:39 -05:00 |
|
|
Austin Songer
|
696f343ac3
|
Delete ecs-ms365_defender.yml
|
2021-09-24 20:02:04 -05:00 |
|
|
Austin Songer
|
176b9662fc
|
Update ecs-ms365_defender.yml
|
2021-09-24 20:01:00 -05:00 |
|
|
Austin Songer
|
dd2f3e50db
|
Create ecs-ms365_defender.yml
|
2021-09-24 19:53:21 -05:00 |
|
|
Austin Songer
|
527975c02f
|
Update ecs-azure-ad_signinlogs.yml
|
2021-09-24 19:33:01 -05:00 |
|
|
Austin Songer
|
9ca1ea993d
|
Create ecs-azure-ad_signinlogs.yml
|
2021-09-24 19:29:40 -05:00 |
|
|
Steven
|
9cb826b0d1
|
Rename auditbeat.yml to ecs-auditbeat-modules-enabled.yml
|
2021-09-24 09:00:26 +02:00 |
|
|
Steven
|
bf1a8c2415
|
Fix yamllint
|
2021-09-23 18:56:29 +02:00 |
|
|
Steven
|
35a710eec6
|
Added configuration for auditbeat, mapping to Elastic ECS
|
2021-09-23 14:59:51 +02:00 |
|
|
frack113
|
88a59be69c
|
Add options and return error code
|
2021-09-18 18:13:16 +02:00 |
|
|
frack113
|
72d301ba20
|
remove bad cb
|
2021-09-18 15:55:01 +02:00 |
|
|
frack113
|
365db5abbc
|
fix bad elasticsearch-rule
|
2021-09-18 15:54:08 +02:00 |
|
|
frack113
|
5081c210b7
|
add simple script
|
2021-09-18 15:51:05 +02:00 |
|
|
Maxime Lamothe-Brassard
|
314fa5aaa5
|
Add validation for logical sub operators.
|
2021-09-14 18:00:09 -07:00 |
|
|
Austin Songer
|
7ff0ff104a
|
Update ecs-okta.yml
|
2021-09-14 01:52:03 -05:00 |
|
|
Austin Songer
|
2a52cef62e
|
Update ecs-okta.yml
|
2021-09-13 22:29:19 -05:00 |
|
|
Austin Songer
|
1895906580
|
Update ecs-okta.yml
|
2021-09-13 22:16:43 -05:00 |
|
|
Austin Songer
|
15bd61ed9f
|
Update ecs-okta.yml
|
2021-09-13 21:45:14 -05:00 |
|
|
Austin Songer
|
87affad990
|
Create ecs-okta.yml
|
2021-09-13 21:31:25 -05:00 |
|
|
Thomas Patzke
|
c7ecf6da65
|
Merge pull request #2009 from Preston-Young/master
Added New OpenSearch Monitor Backend
|
2021-09-13 23:07:35 +02:00 |
|
|
albchen
|
1dec1a49fa
|
Mapped OriginalFileName in DeviceProcessEvents
Mapped OriginalFileName to ProcessVersionInfoOriginalFileName in DeviceProcessEvents. Tested and works for rules such as https://github.com/SigmaHQ/sigma/blob/master/rules/windows/process_creation/win_renamed_binary.yml
|
2021-09-10 15:51:32 -07:00 |
|
|
Austin Songer
|
a798469961
|
Update lacework.py
|
2021-09-10 09:46:57 -05:00 |
|
|
Young
|
fe53f6dd5d
|
moved default values to backend file
|
2021-09-09 15:02:59 -07:00 |
|
|
Young
|
647f81d128
|
reverted changes in base.py to upstream
|
2021-09-09 10:55:36 -07:00 |
|
|
Young
|
03a8d93a54
|
Merge branch 'master' of https://github.com/Preston-Young/sigma
|
2021-09-09 10:41:10 -07:00 |
|
|
Young
|
c2c1b21a27
|
cleaning up changed files
|
2021-09-09 10:40:48 -07:00 |
|
|
Preston Young
|
4a98d68977
|
Merge branch 'SigmaHQ:master' into master
|
2021-09-09 10:28:16 -07:00 |
|
|
frack113
|
dc88ad7c73
|
fix sigma_uuid assign id
|
2021-09-05 17:50:54 +02:00 |
|
|
frack113
|
acf2bfbd27
|
Update sigma_uuid verify
Make a better verify code
|
2021-09-05 10:43:42 +02:00 |
|
|
frack113
|
11e4b900e4
|
Update global id
|
2021-09-03 06:59:40 +02:00 |
|
|
frack113
|
086a15fc45
|
Update global ID
|
2021-09-02 20:07:03 +02:00 |
|
|
Thomas Patzke
|
51bc036dbf
|
Merge pull request #1921 from roysjosh/azure-sentinel-arm-output
Azure Sentinel support
|
2021-09-01 22:26:42 +02:00 |
|
|
Thomas Patzke
|
3d6ad1bc0f
|
Merge pull request #1944 from ncrqnt/elastic-subtechniques
[Elastic] Add support for authors and subtechniques
|
2021-09-01 22:25:10 +02:00 |
|
|
Young
|
b0efaf5a51
|
changed adjustMatches function to combine aall atomic matches into a single bool statement
|
2021-08-31 18:15:46 -07:00 |
|
|
neu5ron
|
96c7e180fe
|
Merge branch 'master' of https://github.com/SigmaHQ/sigma into qoutes_and_wildcards
Signed-off-by: neu5ron <neu5ron@users.noreply.github.com>
|
2021-08-30 16:33:33 -04:00 |
|
|
neu5ron
|
61897fa2e0
|
Merge branch 'master' of https://github.com/SigmaHQ/sigma into qoutes_and_wildcards
Signed-off-by: neu5ron <neu5ron@users.noreply.github.com>
|
2021-08-30 16:06:58 -04:00 |
|