blue-team-tools

Author	SHA1	Message	Date
$frack113$ frack113	87a0bed0ec	Add missing WinEventLog prefix	2022-03-05 11:35:49 +01:00
Florian Roth	335ed24751	fix: wrong channel prefix	2022-03-05 11:21:00 +01:00
$frack113$ frack113	53651cdd2f	Add Bits-Client rules	2022-03-03 06:27:00 +01:00
$frack113$ frack113	1fbb9a9b29	Add missing fields Add missing fields	2022-03-01 15:36:39 +01:00
Wagga	0921857230	Add basic REGEX support in SQLite Backend (#2754 )	2022-02-27 16:43:02 +01:00
Wagga	da6b5969a0	Add a check to avoid outputting empty JSON or YAML rules. Add a check to avoid outputting empty JSON or YAML rules.	2022-02-26 18:24:15 +01:00
$frack113$ frack113	d3dff083f2	fix channel	2022-02-23 17:50:23 +01:00
$frack113$ frack113	8cfab22acb	Add firewall-as basic rules	2022-02-19 10:18:49 +01:00
wagga40	30ab88683c	Replace double quoted string literals to single quoted (SQLite)	2022-02-12 19:49:30 +01:00
Maxime Lamothe-Brassard	f49cdaee5b	The LimaCharlie "exists" operator has no case param.	2022-02-08 11:33:26 -08:00
Tim Shelton	fe95c8abaf	setting minimum value of record score to zero	2022-02-07 14:15:16 +00:00
Tim Shelton	64c32fa566	Merge branch 'master' of https://github.com/redsand/sigma into hawk	2022-02-07 14:12:45 +00:00
Florian Roth	f9fec99992	Merge pull request #2600 from calebstewart/issue/2599/es-eql-char-escaping Add reEscape config to ElasticsearchEQLBackend	2022-02-03 22:04:50 +01:00
Tim Shelton	b8f399d0ca	Merge branch 'master' of https://github.com/redsand/sigma into hawk	2022-01-31 15:08:37 +00:00
Maxime Lamothe-Brassard	be238b53ff	Fix wildcard-only generation in LimaCharlie.	2022-01-29 13:22:48 -08:00
Tim Shelton	8dae288ff8	reducing medium scores	2022-01-28 00:24:20 +00:00
Tim Shelton	c4efcae4e0	Merge branch 'master' of https://github.com/redsand/sigma into hawk	2022-01-28 00:24:07 +00:00
Caleb Stewart	a6d1ca6c84	Add reEscape config to ElasticsearchEQLBackend	2022-01-24 16:52:59 -05:00
$frack113$ frack113	43690233fb	Merge pull request #2572 from zeronetworks/master feat(rules): Adding rules for the rpc_firewall	2022-01-24 18:18:22 +01:00
sagiezero	41baa3c4c5	fix(rules): misshap in "test_rules", and also updated the splunk-windows.yml configuration	2022-01-23 10:35:46 +02:00
sagiezero	2c6b779fa3	fix(rules): misshap in "test_rules", and also updated the splunk-windows.yml configuration	2022-01-23 10:18:17 +02:00
sagiezero	eb5578fa33	fix(rules): fixed capital in rule names, removed unknown mitre tags, removed unknown tag in logsource.	2022-01-20 16:53:01 +02:00
Florian Roth	9b7b48c0e6	Merge branch 'rule-devel' of https://github.com/SigmaHQ/sigma into rule-devel	2022-01-20 09:45:03 +01:00
Florian Roth	68f0cdf338	feat: new log channel windows-codeintegrity-operational https://twitter.com/SBousseaden/status/1483810148602814466	2022-01-20 09:44:36 +01:00
Florian Roth	6835381e6a	Merge branch 'master' into rule-devel	2022-01-19 19:42:14 +01:00
Florian Roth	2a118e900a	refactor: added requirement, debug output for MITRE ATTCK eval	2022-01-19 15:21:50 +01:00
Tim Shelton	3c115408b6	Adding translation for Imphash	2022-01-18 15:47:53 +00:00
$frack113$ frack113	5890c1bb20	Fix logsource	2022-01-16 08:56:51 +01:00
$frack113$ frack113	0828ff098f	Fix windows-dns-server	2022-01-15 09:07:26 +01:00
Tim Shelton	a9ada32102	reducing scores	2022-01-11 15:05:52 +00:00
Tim Shelton	2732c76d66	Merge branch 'master' of https://github.com/redsand/sigma into hawk	2022-01-11 00:40:32 +00:00
Florian Roth	392175e467	Merge pull request #2529 from SigmaHQ/aurora-false-positive-fixing fix: add field mapping for provider name	2022-01-07 14:15:09 +01:00
Florian Roth	683c1b59cb	fix: add field mapping for provider name	2022-01-07 13:08:14 +01:00
Tim Shelton	4dc4d71afc	removing hawk translation of Details to object_target	2022-01-06 17:47:36 +00:00
$frack113$ frack113	c19d87127e	Add not_bound_keyword option for elastic	2022-01-06 12:43:04 +01:00
Thomas Patzke	d0c7f54794	Merge pull request #2514 from DataDog/master Add Datadog Backend	2022-01-04 07:43:43 +01:00
Tim Shelton	1618f587ab	adding missing category entries	2022-01-03 22:22:35 +00:00
Tim Shelton	01c5a62941	adding additional ps that was missed	2022-01-03 22:19:33 +00:00
Tim Shelton	8b261d9a30	Adding ps_script to config	2022-01-03 22:09:50 +00:00
Anna Pauxberger	007a951e7c	edit README	2022-01-03 15:00:14 -05:00
Anna Pauxberger	8fa714ca26	Merge branch 'SigmaHQ:master' into master	2022-01-03 20:20:08 +01:00
Anna Pauxberger	d0560d1a65	Merge pull request #1 from DataDog/add-datadog-backend Add Datadog Backend	2022-01-03 20:19:28 +01:00
Tim Shelton	a4f601f53f	adding spring to config	2021-12-29 19:53:57 +00:00
Julien Doutre	63705cdccb	Comments	2021-12-21 12:17:13 +01:00
Julien Doutre	860744594e	No mutable default argument	2021-12-21 12:02:31 +01:00
David Hazekamp	03f6b3fa89	fix(lacework): value exists Use is not null for non-json fields	2021-12-17 17:17:25 -06:00
Julien Doutre	a21fe1eb58	Use tags instead of facets	2021-12-15 17:26:45 +01:00
Julien Doutre	6940bf4782	capture any number of whitespaces	2021-12-15 17:14:58 +01:00
Julien Doutre	851e237240	test list selection logic	2021-12-15 16:52:48 +01:00
Julien Doutre	620cbe9293	Fix test name	2021-12-15 16:50:43 +01:00

1 2 3 4 5 ...

1351 Commits