09ac41949c
Removal from sigma.backends.archsight
2018-07-10 23:22:36 +02:00
04b89befce
Splitting backends - Copy elasticsearch.py
2018-07-10 23:15:04 +02:00
bb9bef4deb
Splitting backends - Copy wdatp.py
2018-07-10 23:15:04 +02:00
72480d304b
Splitting backends - Copy splunk.py
2018-07-10 23:15:04 +02:00
c5d5c52850
Splitting backends - Copy output.py
2018-07-10 23:15:04 +02:00
0c93040da5
Splitting backends - Copy base.py
2018-07-10 23:15:04 +02:00
a8e19bb4ba
Splitting backends - Copy mixins.py
2018-07-10 23:15:04 +02:00
116fe16512
Splitting backends - Copy logpoint.py
2018-07-10 23:15:04 +02:00
b621e9c3a8
Splitting backends - Copy graylog.py
2018-07-10 23:15:04 +02:00
a2ee36eac7
Splitting backends - Copy qualys.py
2018-07-10 23:15:04 +02:00
32c70b26d8
Splitting backends - Copy exceptions.py
2018-07-10 23:15:04 +02:00
43d951b173
Splitting backends - Copy cli.py
2018-07-10 23:15:04 +02:00
a6cd7a3d6b
Splitting backends - Copy tools.py
2018-07-10 23:15:04 +02:00
7a2b1ae790
Splitting backends - Copy arcsight.py
2018-07-10 23:15:04 +02:00
d064d24fbe
Sigmac WDATP backend: renamed action types
2018-07-10 22:49:38 +02:00
0cdfc776de
Sigma tools release 0.5
2018-07-03 00:07:43 +02:00
67158ba1d2
Merge branch 'master' of https://github.com/SaltyHash123/sigma into SaltyHash123-master
2018-07-02 23:14:04 +02:00
2a74a62c67
Config file for SPARK scanner
2018-06-29 16:42:16 +02:00
14464f8c79
Added support of splunk dashboards (xml)
2018-06-22 14:17:58 +02:00
7d1b801858
Merge branch 'devel-sigmac-wdatp'
2018-06-22 00:43:23 +02:00
d8e036f737
sigmac: Parameter for ignoring "not supported" errors
...
Used to pass tests with complete rule set that would fail for backends
which target systems don't support required features.
2018-06-22 00:23:59 +02:00
31727b3b25
Added Windows Defender ATP backend
...
Missing:
* Aggregations
2018-06-22 00:03:10 +02:00
e72c0d5de4
SingleTextQueryBackend ignores empty components in composed queries
...
Example: one component of a AND-composition is ignored if invoked
generate* call returns None.
2018-06-21 23:59:41 +02:00
d8a7bcad39
Reordered rule generation
...
Generation of query parts before and after main query gives access to
information possibly gathered while main query generation.
2018-06-21 23:50:13 +02:00
3d52030391
Changed help text for -r flag
2018-06-13 00:08:46 +02:00
7edd95744a
Windows NTLM
2018-06-13 00:08:46 +02:00
c9658074dd
Removed "not yet implemented" comment from -r flag
2018-06-13 00:08:46 +02:00
f6d5e5dd99
Sigmac parameter -I now ignores all backend errors
...
New backends introduced further exceptions and the intention of -I is to
get a successful run.
2018-06-07 23:33:12 +02:00
8ddb369df3
Integration of Qualys backend
...
* Changed description text to one-liner
* Output to intended class
* Minor code optimizations
2018-06-07 23:31:09 +02:00
ce9db548ff
Integration of ArcSight backend
...
* Rename
* Changed description to one line to beautify output of backend list
* Small bugfix in handling of numeric values
2018-06-07 23:04:36 +02:00
d13e8d7bd3
Added ArcSight & Qualys backends
2018-06-07 16:18:23 +03:00
4eabc5ea5c
Sigmac Usage
2018-06-01 10:33:11 +02:00
65cc78f9e8
Windows Config Update - DNS logs
2018-05-22 16:59:58 +02:00
715a88542d
Graylog backend added
2018-05-17 15:51:25 +01:00
37ee355a77
patched es-dsl
2018-05-17 08:44:50 +02:00
738d03c751
Fixed position of line separation if rulecomment and verbose is active
2018-05-13 22:36:51 +02:00
f60e7e125f
Sigma tools release 0.4
...
* Various bug fixes in quoting of specific characters
* New backend es-dsl
2018-05-01 00:50:07 +02:00
7647587a8b
Fixed quoting of backslashes in generated queries
2018-05-01 00:45:59 +02:00
de2ed08695
Merge branch 'ci-es'
2018-05-01 00:34:11 +02:00
e411039b56
Fixed escaping of \u in Elasticsearch Query String queries
2018-05-01 00:05:16 +02:00
aeda30a389
Python rewrite of es-qs query test
2018-04-11 23:59:44 +02:00
0b3b0c3aaf
imported es-dsl code from repo
2018-04-06 17:36:11 +02:00
4183b1b59e
Sigma tools release 0.3.3
2018-03-29 11:17:03 +02:00
22ee6f4521
sigmac: escaped wildcards (\* and \?) are passed in generated query
2018-03-29 11:15:20 +02:00
17c1c1adff
Added field name mappings to HELK configuration
2018-03-27 14:41:02 +02:00
a3e02ea70f
Various rule fixes
...
* Field name: LogonProcess -> LogonProcessName
* Field name: Message -> AuditPolicyChanges
* Field name: ProcessCommandLine -> CommandLine
* Removed Type match in Kerberos RC4 encryption rule
Problematic because text representation not unified and audit failures are possibly interesting events
* Removed field 'Severity' from rules (Redundant)
* Rule decomposition of win_susp_failed_logons_single_source) because of different field names
* Field name: SubjectAccountName -> SubjectUserName
* Field name: TargetProcess -> TargetImage
* Field name: TicketEncryption -> TicketEncryptionType
* Field name: TargetFileName -> TargetFilename
2018-03-27 14:35:49 +02:00
5f8b60cc24
sigmac: Improved fieldlist backend
...
* Unique list of fields for multiple rules
* Aggregation support
2018-03-22 00:03:51 +01:00
5c0f811f4a
Sigma tools release 0.3.2
2018-03-21 01:15:19 +01:00
0018503501
sigmac: Fixed rulecommend backend option
2018-03-21 01:13:10 +01:00
7360a68741
Sigma tools release 0.3.1
2018-03-21 00:59:23 +01:00
Thomas Patzke