security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,063 Commits 1 Branch 57 Tags
82fbfed2c2319acd4eefa9dba5d2694de546172a
Commit Graph

790 Commits

Author SHA1 Message Date
Thomas Patzke 763939a8ca Hide --shoot-yourself-in-the-foot 2019-04-25 23:42:13 +02:00
Thomas Patzke eb022f3908 Conditional field mapping for null values 
Fixes #326
 2019-04-25 23:24:05 +02:00
Thomas Patzke cfb4f32651 Backend es-dsl tolerates rules without title and log source 2019-04-25 22:41:31 +02:00
Codehardt 17ae9ea91c Renamed spark config in setup.py 2019-04-25 09:56:29 +02:00
Codehardt 8cf505fcb3 Accidentally removed windows-dhcp logsource in spark's config file 2019-04-25 08:23:48 +02:00
Codehardt 79f7edb6b4 Added logsources for generic sigma rules to spark config, renamed spark config to thor config 2019-04-25 08:15:50 +02:00
Thomas Patzke 6918784e87 Configuration order checking 2019-04-23 00:54:10 +02:00
Thomas Patzke c90d3e811e Formatted error code definitions 2019-04-23 00:53:52 +02:00
Thomas Patzke e9af99c147 Completed error codes 2019-04-23 00:52:31 +02:00
Thomas Patzke d0bd8a2a41 Mandatory configuration for most backends 2019-04-22 23:40:21 +02:00
Thomas Patzke 34c426a95b Moved error codes to constants defined centrally 2019-04-22 23:15:35 +02:00
christophetd 4e16bbafa8 Correct parenthesization for NOT expressions in the ES-QS backend 2019-04-16 10:30:18 +02:00
Thomas Patzke 5194e8778c Fail on missing target selection 2019-04-14 23:50:07 +02:00
Florian Roth 6351c5a350 Sigma ATT&CK coverage by @jmallette 2019-04-11 18:27:52 +02:00
Jon cd456a1d2b initial SIGMA ATTACK Navigator layer release 2019-04-09 22:49:28 -04:00
juju4 152febcea2 sumologic: fixing non-pushed cleannode() 2019-04-07 13:04:15 -04:00
christophetd d32e5c10b8 Allow generating Elastalert rules with the http_post alert type without specifying a URL at generation time 2019-04-03 17:22:58 +02:00
Thomas Patzke 0419ff215a Fixed quoting of single quotes in grep backend 2019-04-01 23:22:05 +02:00
Thomas Patzke 140a32d8c9 Sigma tools release 0.10 2019-03-16 01:02:48 +01:00
Thomas Patzke 2dda9a7b77 Moved Sysmon schema XML from contrib directory into module 2019-03-16 00:59:29 +01:00
Thomas Patzke 5e973a6321 Fixes and CI testing of --backend-config 2019-03-15 23:46:38 +01:00
Thomas Patzke 0864d05aa5 Merge branch 'backend-config-file' of https://github.com/christophetd/sigma into christophetd-backend-config-file 2019-03-15 23:35:11 +01:00
Thomas Patzke 3f7e08733a Added backend option 'sysmon' for ala backend 2019-03-15 23:26:15 +01:00
Thomas Patzke 8d1723e65c Merge branch 'master' of https://github.com/tuckner/sigma into tuckner-master 2019-03-15 23:06:08 +01:00
John Tuckner a1ba04aec8 modified process creation logic 2019-03-08 00:01:43 -06:00
Thomas Patzke a429f09cc1 Merge branch 'elastalert-alert-types' of https://github.com/christophetd/sigma into christophetd-elastalert-alert-types 2019-03-07 23:54:05 +01:00
tuckner e9ddd933f8 more fixes for process creation 2019-03-07 16:28:35 -06:00
John Tuckner 5a64f572e3 update 2019-03-07 10:32:59 -06:00
John Tuckner 283bd278f4 added eventid to sysmon process creation 2019-03-05 20:58:23 -06:00
John Tuckner 971bd49071 accomodated process creation and slash escapes 2019-03-05 20:50:30 -06:00
tuckner cf186387af Added schema file checking 2019-03-04 11:53:51 -06:00
tuckner c5796d7853 Added Azure Log Analytics backend 2019-03-04 10:49:50 -06:00
tuckner 8179d182c4 added azure log analytics 2019-03-04 10:44:45 -06:00
Thomas Patzke 99b15edf8a Sigma tools release 0.9 2019-03-02 00:47:03 +01:00
Thomas Patzke 56a1ed1eac Merge branch 'project-1' 2019-03-02 00:26:10 +01:00
Thomas Patzke 7602309138 Increased indentation to 4 
* Converted (to generic sigma) rules
* Converter outputs by default with indentation 4
 2019-03-02 00:14:20 +01:00
Thomas Patzke 690807c846 Sigma tools release 0.8 2019-02-28 09:08:22 +01:00
Thomas Patzke c922f7d73f Merge branch 'master' into project-1 2019-02-26 00:24:46 +01:00
christophetd 1a6faf385c Add HTTP POST alert type to the Elastalert backend 2019-02-23 14:12:14 +01:00
christophetd 3a7160d52b Accept backend options from a configuration file (closes #213) 2019-02-23 13:20:20 +01:00
Thomas Patzke 9ef314486e Grep backend escapes + 2019-02-19 14:49:06 +01:00
Florian Roth 004497075d fix: spark source config bug 2019-02-12 23:27:38 +01:00
Thomas Patzke 01dfc23a26 Merge pull request #234 from juju4/devel-sumo 
Sumologic support update
 2019-02-09 23:54:23 +01:00
Thomas Patzke 5866d8eb71 Merge pull request #238 from sisecbe/patch-1 
Adapt count function when aggfield not present
 2019-02-09 23:38:20 +01:00
juju4 4429d7564f remove 'escape' of '_' - not needed 2019-02-09 12:57:43 -05:00
juju4 a815b7eb9b add custom cleanValue function for wildcards in keyvalue: OK with lists, NOK with string 2019-02-09 12:57:07 -05:00
neu5ron 046510f021 updated HELK Destination IP name 2019-02-05 13:11:06 -05:00
sisecbe 5d94b9f0bc Changed stats to eventstats 
Changed 'stats' to 'eventstats' when using aggregation, this keeps the original data of the event in the result.
 2019-02-05 17:36:46 +01:00
sisecbe 2f5eb08b41 Adapt count function when aggfield not present 
When no field is present, use "count" , when field is present use "dc(field)". As described in the Sigma specifications.
Splunk throws errors when using "count()" with empy fields. use "count" instead.
 2019-02-05 15:44:05 +01:00
Florian Roth a276d3083d DHCP log source in sigmac configs 2019-02-05 14:35:23 +01:00