security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,063 Commits 1 Branch 57 Tags
82fbfed2c2319acd4eefa9dba5d2694de546172a
Commit Graph

446 Commits

Author SHA1 Message Date
neu5ron 55bf39a2ac keyword, analyzed field, case insensitivity 2020-03-11 11:38:56 -04:00
David Szili 0947538228 MDATP schema changes 
WDATP was renamed to MDATP (Microsoft Defendre ATP).
MDATP also had schema changes recently: https://techcommunity.microsoft.com/t5/microsoft-defender-atp/advanced-hunting-data-schema-changes/ba-p/1043914
The updates reflect these changes
 2020-03-09 17:12:41 +01:00
Abhijit Khinvasara 9cb395823c Rework according to review comments. 2020-03-04 14:54:49 -08:00
vunx2 b070ffab74 Merge branch 'master' of https://github.com/Neo23x0/sigma 2020-03-03 10:08:31 +07:00
Thomas Patzke a0f7da8c03 Splunk XML backend rule title 
Fixes #645
 2020-03-01 22:23:35 +01:00
vunx2 58f5fa1b8e change to github 2020-02-28 16:56:48 +07:00
vunx2 139600009b conflict 2020-02-28 16:50:30 +07:00
Thomas Patzke 5a2ccbd040 Fixed ArcSight backend visibility 2020-02-24 23:27:22 +01:00
Thomas Patzke d9b48ea747 Fixes in es-rule backend 2020-02-24 23:20:19 +01:00
vh 5dc30bd388 Carbonblack, Arcsight ESM, Elastic Rule 2020-02-24 19:29:45 +02:00
vh 516e61fdb0 t 2020-02-24 19:23:11 +02:00
Abhijit Khinvasara 612df1666b add LOGIQ backend. 2020-02-22 20:50:30 -08:00
Thomas Patzke 746f957a63 Merge branch 'patch-1' of https://github.com/fuseyjz/sigma into fuseyjz-patch-1 2020-02-21 22:24:44 +01:00
vunx2 d0e9af171f cleanIPRange 2020-02-06 17:20:52 +07:00
vunx2 627f46abc2 backslash fix 2020-02-06 16:28:27 +07:00
vunx2 bc4c6ce8db cleanValue 2020-02-06 11:02:22 +07:00
vunx2 579e7481c7 cleanValue + eventID list 2020-02-04 18:14:40 +07:00
Thomas Patzke 1bc2c0b930 Deduplication of backend list 
Fixes issue #609. Added backend list debug output (class name).
 2020-02-03 22:16:00 +01:00
vunx2 2930df17d6 update sigma 2020-02-03 09:47:06 +07:00
vh dc5a31aebc Updated Azure Sentinel backend 2020-01-31 17:17:24 +02:00
Thomas Patzke 7b4ec734a8 Using rule ids as Kibana object id 2020-01-30 11:30:01 +01:00
Thomas Patzke 7b62b931ce Moved ala-rule backend code into ala backend module 2020-01-13 11:24:46 +01:00
Thomas Patzke de690cbfbf Merge branch 'master' of https://github.com/socprime/sigma into socprime-master 2020-01-13 11:19:39 +01:00
Maxime Lamothe-Brassard a3ad7cb1c5 Fixed actual event tag 2019-12-30 18:15:12 -08:00
Maxime Lamothe-Brassard 9b32086d92 Mapping OriginalFileName to event/INTERNAL_NAME now that it's available. 2019-12-30 15:58:18 -08:00
SOC Prime 92bc96a308 Update ala-rule.py 2019-12-30 16:26:30 +02:00
vh f2117f798a Fix ala-rule 2019-12-30 16:24:08 +02:00
SOC Prime f015c97dff Update ala-rule.py 2019-12-30 16:13:27 +02:00
vh f9570a48cb Azure Sentinel backend (ala) - Fixed path in query 
Added new backend Azure Sentinel Rule (ala-rule)
 2019-12-30 16:11:53 +02:00
vh d42409372c Azure Sentinel backend (ala) - Fixed path in query 
Added new backend Azure Sentinel Rule (ala-rule)
 2019-12-30 16:09:19 +02:00
fuseyjz 0b2f88d5df Sigma converter for SQL format 
Get the converted SQL query after the WHERE statement for any filtering on SQL platform.

Example:
https://github.com/fuseyjz/sigma-sql/blob/master/README.md
 2019-12-24 10:42:25 +08:00
Thomas Patzke d2a940a0a6 Merge branch 'devel' of https://github.com/Neo23x0/sigma 2019-12-13 22:01:40 +01:00
Thomas Patzke ee4138c48e Merge pull request #526 from zouzias/hotfix_aggregate_count_distinct_groupby 
[feature] extend es-dsl to support nested aggregations
 2019-12-13 21:55:47 +01:00
Thomas Patzke a25b2ec361 Merge pull request #523 from refractionPOINT/lc-added-mtd 
LC added FP metadata
 2019-12-13 21:50:52 +01:00
Maxime Lamothe-Brassard 27bb07b74e Adding support for basic proxy rules using the HTTP_REQUEST events from the Chrome LC Agent. 2019-12-05 09:35:09 -08:00
Lep 60997b47b2 moreEventID 2019-11-28 21:34:52 +07:00
Lep 738008b52b requiment 2019-11-28 17:38:05 +07:00
Lep 158ffd2f0c requiment 2019-11-28 17:23:05 +07:00
Lep 37257170dd postAPI 2019-11-28 16:01:24 +07:00
Lep d08ff35222 postAPI 2019-11-28 11:45:49 +07:00
Maxime Lamothe-Brassard 61bcc46394 Prettier formatting of YAML. 2019-11-18 14:50:41 -05:00
Maxime Lamothe-Brassard 9eed57ee1d Adding the "falsepositives" field to the LC metadata. 2019-11-15 08:30:41 -05:00
Anastasios Zouzias 3c7f522017 add .keyword on aggs; add extra unit test 2019-11-14 14:34:50 +01:00
Anastasios Zouzias e7ed0fa9ea added unit test 2019-11-12 14:06:10 +01:00
Anastasios Zouzias 324005a126 [feature] extend es-dsl to support nested aggregations 2019-11-12 11:46:43 +01:00
Thomas Patzke 6d62d426c9 Added sigma-uuid tool 
* Moved SigmaYAMLDumper to new sigma.output module
 2019-11-11 23:35:16 +01:00
Thomas Patzke 465e41bfbb Added regular expression support in es-dsl backend 2019-11-08 22:31:02 +01:00
Thomas Patzke ef14ee542d Added modifiers: startswith and endswith 2019-11-05 23:04:13 +01:00
Maxime Lamothe-Brassard 1b9054c1f3 Adding some comments 2019-11-05 08:39:24 -05:00
Maxime Lamothe-Brassard b7018bcd4a Adding a post-mapper mechanism to fix some common issues in Sigma rules to LC. 2019-11-05 08:39:24 -05:00