security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,303 Commits 1 Branch 57 Tags
87a0bed0ecb2ffafff6422ff7dba2ffb85fcbc41
Commit Graph

566 Commits

Author SHA1 Message Date
Wagga 0921857230 Add basic REGEX support in SQLite Backend (#2754) 2022-02-27 16:43:02 +01:00
wagga40 30ab88683c Replace double quoted string literals to single quoted (SQLite) 2022-02-12 19:49:30 +01:00
Maxime Lamothe-Brassard f49cdaee5b The LimaCharlie "exists" operator has no case param. 2022-02-08 11:33:26 -08:00
Tim Shelton fe95c8abaf setting minimum value of record score to zero 2022-02-07 14:15:16 +00:00
Tim Shelton 64c32fa566 Merge branch 'master' of https://github.com/redsand/sigma into hawk 2022-02-07 14:12:45 +00:00
Florian Roth f9fec99992 Merge pull request #2600 from calebstewart/issue/2599/es-eql-char-escaping 
Add reEscape config to ElasticsearchEQLBackend
 2022-02-03 22:04:50 +01:00
Tim Shelton b8f399d0ca Merge branch 'master' of https://github.com/redsand/sigma into hawk 2022-01-31 15:08:37 +00:00
Maxime Lamothe-Brassard be238b53ff Fix wildcard-only generation in LimaCharlie. 2022-01-29 13:22:48 -08:00
Tim Shelton 8dae288ff8 reducing medium scores 2022-01-28 00:24:20 +00:00
Caleb Stewart a6d1ca6c84 Add reEscape config to ElasticsearchEQLBackend 2022-01-24 16:52:59 -05:00
Tim Shelton a9ada32102 reducing scores 2022-01-11 15:05:52 +00:00
frack113 c19d87127e Add not_bound_keyword option for elastic 2022-01-06 12:43:04 +01:00
Anna Pauxberger 8fa714ca26 Merge branch 'SigmaHQ:master' into master 2022-01-03 20:20:08 +01:00
Anna Pauxberger d0560d1a65 Merge pull request #1 from DataDog/add-datadog-backend 
Add Datadog Backend
 2022-01-03 20:19:28 +01:00
Julien Doutre 63705cdccb Comments 2021-12-21 12:17:13 +01:00
Julien Doutre 860744594e No mutable default argument 2021-12-21 12:02:31 +01:00
David Hazekamp 03f6b3fa89 fix(lacework): value exists 
Use is not null for non-json fields
 2021-12-17 17:17:25 -06:00
Julien Doutre a21fe1eb58 Use tags instead of facets 2021-12-15 17:26:45 +01:00
Julien Doutre 6940bf4782 capture any number of whitespaces 2021-12-15 17:14:58 +01:00
frack113 87b2f45db6 Merge pull request #2401 from hazedav/master 
feat(sigma): Add support for Lacework agent data
 2021-12-10 18:04:07 +01:00
Tim Shelton d58bf20e4c fixing err where regex is mangled and should be left alone 2021-12-09 20:43:58 +00:00
David Hazekamp 5d46d5fe46 Merge remote-tracking branch 'upstream/master' 2021-12-07 11:17:32 -06:00
hazedav 73f69c6697 feat(sigma): Add support for Lacework agent data 
Support linux.file_create
Support linux.process_creation
 2021-12-07 11:16:26 -06:00
Tim Shelton 76a3dda786 fixes error when implementing regex type, data should not be escaped 2021-12-06 20:22:14 +00:00
Anna Pauxberger 309a5629ae address minor review comments 2021-12-03 12:41:49 -05:00
Julien Doutre 02e392c22a Add source as a backend option 2021-12-02 17:28:17 +01:00
Anna Pauxberger ce68ed67e2 Add Copyright 2021-12-02 10:26:51 -05:00
Anna Pauxberger aa20ec57ad Provide support for service backend-option 2021-12-02 10:21:40 -05:00
Anna Pauxberger 181ffb1933 Remove redundant escapes 2021-12-01 16:21:06 -05:00
Anna Pauxberger e86ddc0b36 fix naming and references 2021-12-01 16:08:00 -05:00
Anna Pauxberger ab1e1c5fe0 specify datadog-logs backend 2021-12-01 15:11:51 -05:00
Tim Shelton 48f592fc41 reducing scores for informational levels and adding field translation for user 2021-12-01 17:25:23 +00:00
Tim Shelton e0e3e42c77 adding fix to begins/ends with feature 2021-12-01 16:39:25 +00:00
Tim Shelton 621f629390 adds support for begins and ends with 2021-12-01 16:10:13 +00:00
Tim Shelton df315f5e08 enforcing snake case per hawk-analyticsd specs 2021-12-01 15:51:22 +00:00
Tim Shelton caf47a9e3d reducing score minus 5 for lows... will need a multitude 2021-12-01 14:33:28 +00:00
Tim Shelton 6927b0e69f Fixing added backslashes that are generated by sigma backend 2021-12-01 13:29:15 +00:00
Julien Doutre 3fc0d80280 Fix config init 2021-11-29 18:08:34 +01:00
Julien Doutre b2645eb017 Handle facets and attributes 2021-11-29 17:23:23 +01:00
Julien Doutre 230705d28c Support null values 2021-11-29 16:13:23 +01:00
Julien Doutre b114c76afe Consistent regexp 2021-11-29 15:20:05 +01:00
Julien Doutre beab887ad1 Escape queries 2021-11-29 15:11:29 +01:00
Julien Doutre 34d1729c5f unset service case handling 2021-11-29 11:55:50 +01:00
Julien Doutre 5c91a1ab42 fix attribute check logic 2021-11-25 16:14:02 +01:00
Julien Doutre 0abb360f99 Support index backend option 2021-11-23 18:11:46 +01:00
Tim Shelton ad75a9a5bf updating hawk backend to provide additional tag enrichment. helps manage the state of each sigma rule, if experimental or not 2021-11-23 16:57:43 +00:00
Julien Doutre 81d3756008 Simple rules support 2021-11-23 17:51:03 +01:00
Anna Pauxberger c2b91c58d9 add datadog backend structure 2021-11-23 11:08:27 -05:00
redsand (Tim Shelton) bc334ab456 Hawk backend support for wildcard in middle of string (#2273) 
* updating yaml cfg for ms eventlog support

* update config and sigma backend, so that comments are not replaced, but rather the details of the record

* updating scriptblocktext to value

* adding a few missing ip address translations

* Fixing error when handling comparisons of null values, and additional fix of lack of support for not

* adding additional translations for missing category entries

* fixing error when handling list of ors with a not indicator

* finishes support for windows translations, pending qa

* adding dedupe feature and additional translation fix for dns-server

* adding image_loaded translation

* forced to pull back on the aggressive deduping, caused some inaccuracies

* adding more ux friendly formatting for regex

* adds support for wildcards in middle of strings

* adding a missing null check for supporting null matching

* adding cisco, av, and django cfg in yaml. updated apache in yaml and added another translation for ip_dport
 2021-11-18 06:29:41 +01:00
Sven Scharmentke c09b1861ec Merge branch 'SigmaHQ:master' into feature/uberagent-compat-6.2 2021-11-17 16:30:05 +01:00