 frack113
|
f1d5605f10
|
fix yml space
|
2021-10-11 07:44:48 +02:00 |
|
|
frack113
|
9810a9fe73
|
add powershell.yml
|
2021-10-11 07:42:04 +02:00 |
|
|
frack113
|
424b0263df
|
add EventID 26
|
2021-09-29 08:53:22 +02:00 |
|
|
frack113
|
6782a7af4d
|
fix TargetUserName and TargetUserSid for detection
|
2021-09-27 09:27:01 +02:00 |
|
|
frack113
|
74c2d39d53
|
Merge pull request #2081 from austinsonger/ecs-ms365_defender.yml
ecs-ms365_defender.yml
|
2021-09-27 08:03:36 +02:00 |
|
|
Austin Songer
|
00f4773eeb
|
Create ecs-ms365_defender.yml
|
2021-09-24 20:02:39 -05:00 |
|
|
Austin Songer
|
696f343ac3
|
Delete ecs-ms365_defender.yml
|
2021-09-24 20:02:04 -05:00 |
|
|
Austin Songer
|
176b9662fc
|
Update ecs-ms365_defender.yml
|
2021-09-24 20:01:00 -05:00 |
|
|
Austin Songer
|
dd2f3e50db
|
Create ecs-ms365_defender.yml
|
2021-09-24 19:53:21 -05:00 |
|
|
Austin Songer
|
527975c02f
|
Update ecs-azure-ad_signinlogs.yml
|
2021-09-24 19:33:01 -05:00 |
|
|
Austin Songer
|
9ca1ea993d
|
Create ecs-azure-ad_signinlogs.yml
|
2021-09-24 19:29:40 -05:00 |
|
|
Steven
|
9cb826b0d1
|
Rename auditbeat.yml to ecs-auditbeat-modules-enabled.yml
|
2021-09-24 09:00:26 +02:00 |
|
|
Steven
|
bf1a8c2415
|
Fix yamllint
|
2021-09-23 18:56:29 +02:00 |
|
|
Steven
|
35a710eec6
|
Added configuration for auditbeat, mapping to Elastic ECS
|
2021-09-23 14:59:51 +02:00 |
|
|
frack113
|
72d301ba20
|
remove bad cb
|
2021-09-18 15:55:01 +02:00 |
|
|
frack113
|
365db5abbc
|
fix bad elasticsearch-rule
|
2021-09-18 15:54:08 +02:00 |
|
|
Austin Songer
|
7ff0ff104a
|
Update ecs-okta.yml
|
2021-09-14 01:52:03 -05:00 |
|
|
Austin Songer
|
2a52cef62e
|
Update ecs-okta.yml
|
2021-09-13 22:29:19 -05:00 |
|
|
Austin Songer
|
1895906580
|
Update ecs-okta.yml
|
2021-09-13 22:16:43 -05:00 |
|
|
Austin Songer
|
15bd61ed9f
|
Update ecs-okta.yml
|
2021-09-13 21:45:14 -05:00 |
|
|
Austin Songer
|
87affad990
|
Create ecs-okta.yml
|
2021-09-13 21:31:25 -05:00 |
|
|
Preston Young
|
4a98d68977
|
Merge branch 'SigmaHQ:master' into master
|
2021-09-09 10:28:16 -07:00 |
|
|
Thomas Patzke
|
51bc036dbf
|
Merge pull request #1921 from roysjosh/azure-sentinel-arm-output
Azure Sentinel support
|
2021-09-01 22:26:42 +02:00 |
|
|
frack113
|
6aae623f45
|
Remove duplicate file
|
2021-08-28 08:42:02 +02:00 |
|
|
Joshua Roys
|
294bb432d0
|
Add Azure Sentinel backend
The web interface expects ARM templates.
|
2021-08-24 16:01:23 -04:00 |
|
|
Austin Songer
|
579a80411d
|
Update m365.yml
|
2021-08-21 15:03:31 -05:00 |
|
|
Austin Songer
|
645492cef5
|
Update m365.yml
just working on expanding this.
|
2021-08-21 14:57:38 -05:00 |
|
|
Austin Songer
|
e6457531dd
|
Create m365.yml
|
2021-08-20 00:29:29 -05:00 |
|
|
Young
|
6ccff2cff5
|
Added support for threshold rules
|
2021-08-18 18:15:18 -07:00 |
|
|
frack113
|
62e541ec7f
|
Merge pull request #1784 from frack113/winlogbeat-modules-enabled
Update Mapping Winlogbeat modules enabled
|
2021-08-12 19:14:17 +02:00 |
|
|
frack113
|
f4268d8054
|
Merge pull request #1707 from heyibrahimkhan/patch-6
Create ala-suricata.yml
|
2021-08-11 15:55:44 +02:00 |
|
|
frack113
|
e43b917dab
|
fix space error
|
2021-08-10 17:35:32 +02:00 |
|
|
frack113
|
6b21a881ca
|
Merge pull request #1700 from heyibrahimkhan/patch-5
Create ala-azure-aws_cloudtrail.yml
|
2021-08-09 10:21:34 +02:00 |
|
|
frack113
|
f4bef0fc39
|
Add Microsoft-Windows-Windows Defender/Operational
|
2021-08-06 11:12:34 +02:00 |
|
|
frack113
|
65251e13e9
|
Add missing system field
|
2021-08-06 10:52:24 +02:00 |
|
|
Young
|
faba4f481b
|
initial commit
|
2021-08-05 18:50:18 -07:00 |
|
|
frack113
|
4b44ee654b
|
Fix missing a space
|
2021-08-05 13:36:18 +02:00 |
|
|
frack113
|
0b053e79cc
|
fix syntax error
|
2021-08-05 13:33:39 +02:00 |
|
|
frack113
|
439b3cecc3
|
Add most of security EventID
|
2021-08-05 13:31:39 +02:00 |
|
|
frack113
|
ac43eecc36
|
Add eventid 4624
|
2021-08-05 11:20:22 +02:00 |
|
|
frack113
|
1d1b58d712
|
add sysmon mapping
|
2021-08-05 10:54:58 +02:00 |
|
|
frack113
|
481cd9aca1
|
add security 7045
|
2021-08-04 15:46:05 +02:00 |
|
|
frack113
|
47086d5d78
|
fix duplicate
|
2021-08-04 15:12:01 +02:00 |
|
|
frack113
|
21228a21c7
|
update SYSMON Hashes
|
2021-08-04 15:09:02 +02:00 |
|
|
Wietze
|
687631ee20
|
Several updates to CarbonBlack EEDR config
|
2021-07-29 14:09:37 +01:00 |
|
|
Gábor Lipták
|
d2592ee0b6
|
Add yamllint to GHA
Signed-off-by: Gábor Lipták <gliptak@gmail.com>
|
2021-07-26 21:26:16 -04:00 |
|
|
phantinuss
|
3b5f3d8bef
|
fix: indentation
|
2021-07-22 10:18:03 +02:00 |
|
|
phantinuss
|
e4880169d3
|
add sysmon_status and sysmon_error category to thor logsources
|
2021-07-22 09:59:16 +02:00 |
|
|
Florian Roth
|
c905e61f7a
|
Merge pull request #1705 from thegoatreich/logrhythm-support
Logrhythm support
|
2021-07-17 13:47:04 +02:00 |
|
|
Ibrahim Ali Khan
|
dbf924635d
|
Update ecs-suricata.yml
metadata items tag and cve mapping added.
|
2021-07-17 04:55:46 +05:00 |
|