87a0bed0ec
Add missing WinEventLog prefix
2022-03-05 11:35:49 +01:00
335ed24751
fix: wrong channel prefix
2022-03-05 11:21:00 +01:00
53651cdd2f
Add Bits-Client rules
2022-03-03 06:27:00 +01:00
1fbb9a9b29
Add missing fields
...
Add missing fields
2022-03-01 15:36:39 +01:00
d3dff083f2
fix channel
2022-02-23 17:50:23 +01:00
8cfab22acb
Add firewall-as basic rules
2022-02-19 10:18:49 +01:00
c4efcae4e0
Merge branch 'master' of https://github.com/redsand/sigma into hawk
2022-01-28 00:24:07 +00:00
43690233fb
Merge pull request #2572 from zeronetworks/master
...
feat(rules): Adding rules for the rpc_firewall
2022-01-24 18:18:22 +01:00
41baa3c4c5
fix(rules): misshap in "test_rules", and also updated the splunk-windows.yml configuration
2022-01-23 10:35:46 +02:00
2c6b779fa3
fix(rules): misshap in "test_rules", and also updated the splunk-windows.yml configuration
2022-01-23 10:18:17 +02:00
eb5578fa33
fix(rules): fixed capital in rule names, removed unknown mitre tags, removed unknown tag in logsource.
2022-01-20 16:53:01 +02:00
9b7b48c0e6
Merge branch 'rule-devel' of https://github.com/SigmaHQ/sigma into rule-devel
2022-01-20 09:45:03 +01:00
68f0cdf338
feat: new log channel windows-codeintegrity-operational
...
https://twitter.com/SBousseaden/status/1483810148602814466
2022-01-20 09:44:36 +01:00
3c115408b6
Adding translation for Imphash
2022-01-18 15:47:53 +00:00
5890c1bb20
Fix logsource
2022-01-16 08:56:51 +01:00
0828ff098f
Fix windows-dns-server
2022-01-15 09:07:26 +01:00
2732c76d66
Merge branch 'master' of https://github.com/redsand/sigma into hawk
2022-01-11 00:40:32 +00:00
683c1b59cb
fix: add field mapping for provider name
2022-01-07 13:08:14 +01:00
4dc4d71afc
removing hawk translation of Details to object_target
2022-01-06 17:47:36 +00:00
d0c7f54794
Merge pull request #2514 from DataDog/master
...
Add Datadog Backend
2022-01-04 07:43:43 +01:00
1618f587ab
adding missing category entries
2022-01-03 22:22:35 +00:00
01c5a62941
adding additional ps that was missed
2022-01-03 22:19:33 +00:00
8b261d9a30
Adding ps_script to config
2022-01-03 22:09:50 +00:00
8fa714ca26
Merge branch 'SigmaHQ:master' into master
2022-01-03 20:20:08 +01:00
d0560d1a65
Merge pull request #1 from DataDog/add-datadog-backend
...
Add Datadog Backend
2022-01-03 20:19:28 +01:00
a4f601f53f
adding spring to config
2021-12-29 19:53:57 +00:00
a21fe1eb58
Use tags instead of facets
2021-12-15 17:26:45 +01:00
db97b29e35
addding missing entry
2021-12-14 21:52:57 +00:00
2a96f239a5
adding additional translation fields for web based requests.
2021-12-14 20:54:32 +00:00
baa5d3758d
Merge branch 'master' into rule-devel
2021-12-13 18:05:17 +01:00
51a4315ab9
fix: referrer > referer adjustments
2021-12-13 15:47:43 +01:00
b4553dcd9d
feat: Add finer powershell log source distinguation
...
Credits for this go to @frack113
2021-12-13 09:49:28 +01:00
d1b7eda60c
adding translation for User, apparently its case sensitive
2021-12-09 20:04:20 +00:00
3b7ce140c1
adding ps_module to config.. currently not listed in any config yaml for backends, will trigger regex detection on all payloads
2021-12-07 16:18:00 +00:00
1937a90cbf
fixing yaml err
2021-12-06 23:03:24 +00:00
7a7cf4ede6
fix str err
2021-12-06 22:32:10 +00:00
8871898adf
fixing yaml fail
2021-12-06 22:05:13 +00:00
ea511bd761
adding file event filter
2021-12-06 20:50:20 +00:00
a38f98a3be
adding translation of provider_name to channel
2021-12-02 20:35:25 +00:00
e86ddc0b36
fix naming and references
2021-12-01 16:08:00 -05:00
48f592fc41
reducing scores for informational levels and adding field translation for user
2021-12-01 17:25:23 +00:00
b3a9e05a59
Merge branch 'master' of https://github.com/redsand/sigma into hawk_webserver_category
2021-12-01 14:26:35 +00:00
00560f3162
Add zircolite config
2021-11-30 19:10:14 +01:00
790755e753
adding webserver as filter for sigma config
2021-11-30 16:33:54 +00:00
b2645eb017
Handle facets and attributes
2021-11-29 17:23:23 +01:00
fff12a3461
adding antivirus filter for vendor_type.. was matching against our fim data
2021-11-23 18:14:51 +00:00
dca139d298
Example backend config file
2021-11-23 18:11:27 +01:00
bc334ab456
Hawk backend support for wildcard in middle of string ( #2273 )
...
* updating yaml cfg for ms eventlog support
* update config and sigma backend, so that comments are not replaced, but rather the details of the record
* updating scriptblocktext to value
* adding a few missing ip address translations
* Fixing error when handling comparisons of null values, and additional fix of lack of support for not
* adding additional translations for missing category entries
* fixing error when handling list of ors with a not indicator
* finishes support for windows translations, pending qa
* adding dedupe feature and additional translation fix for dns-server
* adding image_loaded translation
* forced to pull back on the aggressive deduping, caused some inaccuracies
* adding more ux friendly formatting for regex
* adds support for wildcards in middle of strings
* adding a missing null check for supporting null matching
* adding cisco, av, and django cfg in yaml. updated apache in yaml and added another translation for ip_dport
2021-11-18 06:29:41 +01:00
8b419b8f07
Merge pull request #2247 from frack113/fix_field
...
Fix rule field name
2021-11-11 08:51:52 +01:00
a9b49679d3
Updates to hawk sigmac backend ( #2244 )
...
Updated HAWK sigma backend
2021-11-11 08:01:53 +01:00
frack113