security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,036 Commits 1 Branch 57 Tags
77cd0bf6c0a250877244f7a07e1ad2edc19fa196
Commit Graph

1529 Commits

Author SHA1 Message Date
frack113 fb755788ab Normalize LF 2023-03-02 17:52:48 +01:00
fukusuket f710664dc0 fix: sigmac conversion error with base64offset|contains rule 2023-02-21 21:53:05 +09:00
Nasreddine Bencherchali c67782b098 fix: add new edge case 
Add edge case handling for when converting rules that use one of the new modifiers introduced in PySIGMA
 2023-02-09 23:35:56 +01:00
Nasreddine Bencherchali 7c38a5c496 chore: add nextron authors tag 2023-02-01 11:14:59 +01:00
Maxime Lamothe-Brassard f294be60b8 Adding support for additional platforms and sources. 2023-01-26 17:33:58 -08:00
Maxime Lamothe-Brassard aa341ab38f Support macOS file_event. 2023-01-26 15:51:24 -08:00
Maxime Lamothe-Brassard ff7794225b Fix a case of regular expression use. 2023-01-26 15:44:10 -08:00
frack113 699da13dc0 Revert name to uuid 2023-01-18 19:34:13 +01:00
Nasreddine Bencherchali fbeb32e24f fix: broken winlogbeat bitlocker config 2023-01-17 19:13:33 +01:00
Nasreddine Bencherchali 459ba25cce Merge branch 'nasbench-rule-devel' of https://github.com/nasbench/sigma into nasbench-rule-devel 2023-01-17 01:01:38 +01:00
Nasreddine Bencherchali e5fe4d5f46 feat: update config files 
- Update indentation of config files to 4
- Add new event logs
 2023-01-17 01:00:24 +01:00
Arnim Rupp ffa01ef035 add -i to grep parameters to make it case insensitive as sigma 2023-01-16 10:14:51 +01:00
Nasreddine Bencherchali c7f1f52b7b fix: apply suggestions from code review 2023-01-13 18:19:32 +01:00
frack113 deeac89f36 Add lsa-server 2023-01-13 17:56:02 +01:00
Nasreddine Bencherchali acf4a404d5 feat: add Microsoft-Windows-AppXDeploymentServer/Operational 2023-01-11 22:23:52 +01:00
frack113 9b550f6858 Add win_vhdmp_mount_iso 2023-01-09 10:19:41 +01:00
Thomas Patzke b0f59faac3 Fixed type hint causing issues 2023-01-07 00:37:47 +01:00
Nasreddine Bencherchali 3bd12552bb feat: add bitlocker channel 2023-01-02 22:19:32 +01:00
frack113 c261c1773d Update mapping 2023-01-02 19:33:24 +01:00
frack113 3527436897 Update mapping 2023-01-02 19:31:00 +01:00
frack113 a1a94a0b66 Update W3C field name 2023-01-02 16:39:55 +01:00
frack113 aee5ca7afc Fix invalid field cast or name (#3841) 2022-12-30 11:46:21 +01:00
Nasreddine Bencherchali a25027fef8 fix: rename links from old repo to SigmaHQ 2022-12-27 21:05:16 +01:00
frack113 1d2269922f Merge pull request #3697 from redsand/hawk_backend_update 
Hawk backend update
 2022-12-23 21:07:03 +01:00
frack113 316aa03efd Update hawk.yml 2022-12-23 20:59:40 +01:00
frack113 2f945478dc Fix duplicate 2022-12-15 17:54:34 +01:00
frack113 544081f3c7 Space remove 2022-12-15 12:55:18 +01:00
redsand (Tim Shelton) b53f534d2f Merge branch 'SigmaHQ:master' into hawk_backend_update 2022-11-15 11:39:46 -06:00
Tim Shelton 9e26ad75da HAWK backend configuration update and bug fix. 2022-11-15 17:38:29 +00:00
Nasreddine Bencherchali a67ab607a1 feat: add Microsoft-Windows-LDAP-Client/Debug provider 2022-11-15 11:39:42 +01:00
Nasreddine Bencherchali a605380279 fix: fix broken mapping 2022-11-15 11:39:28 +01:00
tr0mb1r 27b8b85230 Update elasticsearch.py 
Example:

'threshold': {
        'field': [
            'host.name',
        ],
        'value': 10,
        'cardinality': [
            {
                'field': 'process.parent.name',
                'value': 1,
            },
        ],
    }
 2022-11-07 12:46:09 +04:00
Nasreddine Bencherchali 2f5fe64099 Update service to openssh 2022-10-25 20:01:02 +02:00
Nasreddine Bencherchali 9b7af82e23 Add OpenSSH/Operational 2022-10-25 19:07:53 +02:00
Nasreddine Bencherchali 14c08635ef Add PowerShellCore Channel 2022-10-19 00:07:09 +02:00
phantinuss 40f64a6b69 fix: unneeded fieldmapping for THOR/Aurora 2022-10-12 16:17:18 +02:00
frack113 85d33e4af9 Merge pull request #3525 from vastlimits/feature/ame-7.0 
Updated uberAgent backend to support version 7.0.
 2022-10-06 06:42:57 +02:00
Tim Shelton febeadfb4c BACKEND: updating production config 2022-10-05 19:43:39 +00:00
mpgn 652447696b Update datadog sigmac 2022-09-28 08:30:03 -04:00
Yamato Security 979502921f define security-mitigations service 2022-09-28 06:23:50 +09:00
Sven Scharmentke 5d9edbbb28 Merge remote-tracking branch 'origin/master' into feature/ame-6.3 2022-09-27 09:48:24 +02:00
frack113 dd1fed29a0 Add shell-core service 2022-09-27 06:36:01 +02:00
Yamato Security 048de3fc81 add diagnosis-scripted to windows services file 2022-09-27 10:43:38 +09:00
David Hazekamp ad6ddf5896 feat(backend): add support for linux.network_connection 
Also remove evaluatorId
 2022-09-20 13:47:17 -05:00
frack113 b9c7b79847 Merge pull request #3477 from elhoim/sigmac_deprecation_warning 
Added deprecating warning in sigmac with color
 2022-09-10 15:43:35 +02:00
frack113 97cecc6de7 Merge pull request #3479 from elhoim/add_sigmac_deprecation_readme 
Add deprecation notice in README page
 2022-09-10 12:34:07 +02:00
Thomas Patzke c6e633bf30 Release 0.22.1 2022-09-09 22:48:08 +02:00
Thomas Patzke 7afcf24d21 Splunk puts AND always into parentheses 
New fix for issue #3443
 2022-09-09 22:30:00 +02:00
Thomas Patzke 3396414bda Revert "Wrapped all-modifier result into NodeSubexpression" 
This reverts commit 1fbd2bba4d.
 2022-09-09 22:26:13 +02:00
David ANDRE 607521f6bd Added depcration notice in README page 2022-09-09 12:33:00 +02:00