 Thomas Patzke
|
a22fe58ac9
|
Aggregation support for Splunk backend
|
2017-03-29 23:18:47 +02:00 |
|
|
Thomas Patzke
|
5009794591
|
Changes to field mappings
* Introduced field mapping objects
* moved mapping from backends into parse tree generation
(SigmaParser.parse_definition)
|
2017-03-24 00:48:32 +01:00 |
|
|
Thomas Patzke
|
1bf11dc471
|
Merge pull request #17 from benno001/master
Fixed LogPoint list behaviour
|
2017-03-20 08:58:16 +01:00 |
|
|
Ben de Haan
|
c94b539b14
|
Fixed LogPoint list behaviour
|
2017-03-20 08:41:29 +01:00 |
|
|
Florian Roth
|
8403e8072c
|
Merge pull request #14 from benno001/master
Added LogPoint backend
|
2017-03-18 13:30:35 +01:00 |
|
|
Ben de Haan
|
d18751a0ea
|
Added LogPoint backend
|
2017-03-18 11:12:06 +01:00 |
|
|
Thomas Patzke
|
b865a858aa
|
Generation of conditions for configured indices
|
2017-03-17 23:28:06 +01:00 |
|
|
Thomas Patzke
|
d1030ec053
|
Fieldlist backend
Lists all fields used in given rules.
|
2017-03-06 22:47:30 +01:00 |
|
|
Thomas Patzke
|
05df298d45
|
Field mappings
|
2017-03-06 22:07:04 +01:00 |
|
|
Florian Roth
|
47bfe82cc4
|
Splunk specifics
|
2017-03-04 10:37:40 +01:00 |
|
|
Thomas Patzke
|
8f3541f0a0
|
Added Splunk backend
|
2017-03-02 23:34:12 +01:00 |
|
|
Thomas Patzke
|
2dd1c7cd12
|
Deactivated not implemented backends
|
2017-03-02 22:55:45 +01:00 |
|
|
Thomas Patzke
|
9556e73cd1
|
Fix: automatic escaping of * and ? in es-qs backend removed
|
2017-03-02 12:07:07 +01:00 |
|
|
Thomas Patzke
|
10ee9c64fe
|
Moved node output into dedicated backend class methods
|
2017-03-01 21:47:51 +01:00 |
|
|
Thomas Patzke
|
e0f813ebbb
|
Conversion to Elasticsearch Query Strings
First version of sigmac that converts Sigma YAMLs without aggregations
into ES Query Strings suitable for Kibana or other tools.
|
2017-03-01 00:03:34 +01:00 |
|
|
Thomas Patzke
|
1498d787e7
|
Added Sigma converter skeleton
* YAML parsing
* argument parsing
* empty backend classes
|
2017-02-13 23:28:53 +01:00 |
|