security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,188 Commits 1 Branch 57 Tags
91c4c4ecc51de7a7ac5e2fb3e11dd45f4ddfbb2a
Commit Graph

369 Commits

Author SHA1 Message Date
Remco Hofman 37b08543ac Updated author reference in license 2020-05-11 11:47:56 +02:00
Remco Hofman dc96b7ffb3 Removed dependency on slugify 2020-05-08 11:40:16 +02:00
Remco Hofman c5be83eb01 Added ee-outliers backend 2020-05-08 10:18:35 +02:00
Remco Hofman 24029a8f27 Fix for broken endswith modifier 2020-05-06 17:10:54 +02:00
Thomas Patzke 2fafff3278 Fixed: escaping of backslashes before added * 
Fixes issue #722.
 2020-05-02 00:13:15 +02:00
Thomas Patzke 1c5c8047fd Fixes 
* Removed commented debug print statements
* Defined nullExpression
* Removed unneeded generateMapItemNode method
* Value cleaning bug on matching of wildcard at first character
 2020-04-08 23:43:46 +02:00
Thomas Patzke cf896c3093 Merge branch 'master' of https://github.com/abhikhnvasara/sigma into pr-630 2020-04-08 23:16:39 +02:00
Thomas Patzke 551a94af04 Merge branch 'master' of https://github.com/tileo/sigma into pr-658 2020-04-08 22:43:48 +02:00
Thomas Patzke 7224af54b2 Merge pull request #664 from j91321/es-rule-options 
es-rule backend options for index-patterns and time interval
 2020-04-08 22:39:45 +02:00
Thomas Patzke 1b7f33f5e2 Fixed undefined value in exception handling 
Fixes issue #702.
 2020-04-08 22:28:47 +02:00
j91321 3470011ac3 Revert time interval, use index values provided by sigmaparser 2020-04-05 20:30:57 +02:00
Thomas Patzke 693830fa83 Merge pull request 659 2020-04-03 23:46:53 +02:00
Maxime Lamothe-Brassard f92c5e9b18 Remove generation of LC rules with timeframe. 2020-04-02 15:25:30 -07:00
Thomas Patzke 004eaf0615 Revert "do not escape u" 
This reverts commit aa112cbd44.

This was a fix for a previous bug.
 2020-03-24 23:36:12 +01:00
vunx2 1025930e04 merge 2020-03-19 11:05:52 +07:00
vunx2 2107d86900 merge 2020-03-19 10:58:30 +07:00
vunx2 0356178c50 eventdict 2020-03-19 10:49:40 +07:00
vunx2 1b12a6b261 modified: tools/sigma/backends/carbonblack.py 2020-03-19 09:00:24 +07:00
neu5ron aa112cbd44 do not escape u 2020-03-18 08:51:38 -04:00
neu5ron 17318b48bf - fix agg_option keyword 
- remove (now) unnecessary other hardcoded `.keyword` locations
 2020-03-18 08:50:37 -04:00
vunx2 e228d42b97 clean IP subnet 2020-03-18 16:49:44 +07:00
vunx2 1df5620a14 fix cleanValue + leading wildcard + EventID Intergration 2020-03-18 16:02:44 +07:00
j91321 f0c83ae3b4 Added es-rule backend options 2020-03-15 13:03:20 +01:00
neu5ron 55bf39a2ac keyword, analyzed field, case insensitivity 2020-03-11 11:38:56 -04:00
David Szili 0947538228 MDATP schema changes 
WDATP was renamed to MDATP (Microsoft Defendre ATP).
MDATP also had schema changes recently: https://techcommunity.microsoft.com/t5/microsoft-defender-atp/advanced-hunting-data-schema-changes/ba-p/1043914
The updates reflect these changes
 2020-03-09 17:12:41 +01:00
Abhijit Khinvasara 9cb395823c Rework according to review comments. 2020-03-04 14:54:49 -08:00
vunx2 b070ffab74 Merge branch 'master' of https://github.com/Neo23x0/sigma 2020-03-03 10:08:31 +07:00
Thomas Patzke a0f7da8c03 Splunk XML backend rule title 
Fixes #645
 2020-03-01 22:23:35 +01:00
vunx2 58f5fa1b8e change to github 2020-02-28 16:56:48 +07:00
vunx2 139600009b conflict 2020-02-28 16:50:30 +07:00
Thomas Patzke 5a2ccbd040 Fixed ArcSight backend visibility 2020-02-24 23:27:22 +01:00
Thomas Patzke d9b48ea747 Fixes in es-rule backend 2020-02-24 23:20:19 +01:00
vh 5dc30bd388 Carbonblack, Arcsight ESM, Elastic Rule 2020-02-24 19:29:45 +02:00
vh 516e61fdb0 t 2020-02-24 19:23:11 +02:00
Abhijit Khinvasara 612df1666b add LOGIQ backend. 2020-02-22 20:50:30 -08:00
Thomas Patzke 746f957a63 Merge branch 'patch-1' of https://github.com/fuseyjz/sigma into fuseyjz-patch-1 2020-02-21 22:24:44 +01:00
vunx2 d0e9af171f cleanIPRange 2020-02-06 17:20:52 +07:00
vunx2 627f46abc2 backslash fix 2020-02-06 16:28:27 +07:00
vunx2 bc4c6ce8db cleanValue 2020-02-06 11:02:22 +07:00
vunx2 579e7481c7 cleanValue + eventID list 2020-02-04 18:14:40 +07:00
Thomas Patzke 1bc2c0b930 Deduplication of backend list 
Fixes issue #609. Added backend list debug output (class name).
 2020-02-03 22:16:00 +01:00
vunx2 2930df17d6 update sigma 2020-02-03 09:47:06 +07:00
vh dc5a31aebc Updated Azure Sentinel backend 2020-01-31 17:17:24 +02:00
Thomas Patzke 7b4ec734a8 Using rule ids as Kibana object id 2020-01-30 11:30:01 +01:00
Thomas Patzke 7b62b931ce Moved ala-rule backend code into ala backend module 2020-01-13 11:24:46 +01:00
Thomas Patzke de690cbfbf Merge branch 'master' of https://github.com/socprime/sigma into socprime-master 2020-01-13 11:19:39 +01:00
Maxime Lamothe-Brassard a3ad7cb1c5 Fixed actual event tag 2019-12-30 18:15:12 -08:00
Maxime Lamothe-Brassard 9b32086d92 Mapping OriginalFileName to event/INTERNAL_NAME now that it's available. 2019-12-30 15:58:18 -08:00
SOC Prime 92bc96a308 Update ala-rule.py 2019-12-30 16:26:30 +02:00
vh f2117f798a Fix ala-rule 2019-12-30 16:24:08 +02:00