security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,020 Commits 1 Branch 57 Tags
94540ea0b691bcbb54d4d4e2ddf63fc74e832741
Commit Graph

4020 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Florian Roth 94540ea0b6 Merge pull request #1284 from heyibrahimkhan/master 
added role name field to ecs-cloudtrail.
 2020-11-17 14:24:40 +01:00
heyibrahimkhan@gmail.com eed4fe04d5 added role name field to ecs-cloudtrail. 2020-11-13 05:59:55 +05:00
Thomas Patzke 43b9b17767 Merge pull request #1281 from andurin/kibana-ndjson-configs 
kibana-ndjson for all configs which already have kibana
 2020-11-11 07:34:37 +01:00
Florian Roth af4d546408 Merge pull request #1282 from Neo23x0/rule-devel 
fix: FPs with notepad++ GUP rule
 2020-11-10 13:39:28 +01:00
Florian Roth 2e9d7951a6 Merge pull request #1272 from bczyz1/patch-2 
Fix typo in win_apt_lazarus_session_hijack.yml
 2020-11-10 13:35:08 +01:00
Florian Roth 230562bdf6 Merge pull request #1278 from K-Yo/update-navigator-v4 
Update navigator v4
 2020-11-10 13:34:46 +01:00
Florian Roth c087e39698 Merge pull request #1277 from K-Yo/fix-unicode-error 
Fix unicode error in sigma2attack
 2020-11-10 13:34:05 +01:00
Florian Roth f6c0fb2d33 fix: FPs with notepad++ GUP rule 2020-11-09 16:34:12 +01:00
Hendrik 7e742cc049 kibana-ndjson for all configs which already have kibana 2020-11-09 08:46:17 +01:00
Thomas Patzke 485457ee55 Merge pull request #1280 from andurin/kibana-ndjson 
Elasticsearch Kibana ndjson backend
 2020-11-06 13:44:00 +01:00
Hendrik 96e90fbff2 Fix recursion of rules 2020-11-06 12:43:52 +01:00
Olivier Caillault 34f24a60a1 Updating attack navigator version to v4.0 2020-11-05 23:37:01 +01:00
Hendrik bf5d40eec3 New Backend - Kibana NDJSON 
Tested against 7.9.3
 2020-11-05 23:34:25 +01:00
K-Yo c17c1fa96b Merge pull request #1 from K-Yo/fix-unicode-error 
Fix unicode error in sigma2attack
 2020-11-05 22:39:54 +01:00
Olivier Caillault 31639366cd Fix unicode error in sigma2attack 2020-11-05 22:30:12 +01:00
Florian Roth 6dfeb6a63b Merge pull request #1276 from Neo23x0/rule-devel 
rule: FPs with WmiPrvSE rule
 2020-11-05 17:04:25 +01:00
Florian Roth c3785d6dc7 rule: FPs with WmiPrvSE rule 2020-11-05 16:44:33 +01:00
Florian Roth 784150b66c Merge pull request #1273 from Neo23x0/rule-devel 
rule: added second expression
 2020-11-04 17:09:47 +01:00
Florian Roth 908023fa66 rule: added second expression 2020-11-04 16:43:35 +01:00
bczyz1 4a5b2d642e Fix typo in win_apt_lazarus_session_hijack.yml 2020-11-03 14:46:29 +01:00
Florian Roth 413abf13cd Merge pull request #1270 from Neo23x0/rule-devel 
rule: reworked weblogic CVE-2020-14882 rule
 2020-11-03 10:40:39 +01:00
Florian Roth f848bb912c rule: reworked weblogic CVE-2020-14882 rule 2020-11-03 10:39:40 +01:00
Florian Roth b218264d47 Merge pull request #1268 from Neo23x0/rule-devel 
rule: WebLogic exploit CVE-2020-14882
 2020-11-03 10:35:05 +01:00
Thomas Patzke c202feaf87 Merge pull request #1269 from Neo23x0/ci 
Removed ES query tests
 2020-11-02 23:11:05 +01:00
Thomas Patzke 31241d9bbd Removed ES query tests 2020-11-02 22:57:01 +01:00
Florian Roth dd0d1d053c rule: WebLogic exploit CVE-2020-14882 2020-11-02 11:11:37 +01:00
Florian Roth 6f9aeb5ea9 Merge pull request #1263 from Neo23x0/rule-devel 
feat: cover newest emotet campaigns
 2020-10-24 00:02:39 +02:00
Florian Roth 75637324e0 feat: cover newest emotet campaigns 2020-10-23 23:44:48 +02:00
Thomas Patzke 16d63cc5d2 Decreased coverage requirement 2020-10-23 20:17:58 +02:00
Thomas Patzke f0e89b0c8c Fixed: typecheck in sumologig-cse 2020-10-23 19:49:55 +02:00
Thomas Patzke e30237c5c5 Fixed test configuration 2020-10-23 19:30:59 +02:00
Thomas Patzke 2fb7dd5e99 Fixes 
* Removed Splunk regex query
* Added test for sumologic-cse backend
 2020-10-23 15:31:00 +02:00
Thomas Patzke 9dc806448c Merge branch 'master' of https://github.com/socprime/sigma into pr-1049 2020-10-23 14:57:25 +02:00
vh 383823f49a Fix: added default value of current_table 2020-10-21 10:12:17 +03:00
vh f45e45d736 Fix: Import SigmaRegularExpressionModifier in the splunk backend. 2020-10-20 18:13:53 +03:00
Florian Roth e7462be5b9 Merge pull request #1254 from Neo23x0/rule-devel 
Rule devel
 2020-10-20 13:53:30 +02:00
Florian Roth ee789a309c fix: FP with expression 2020-10-20 13:11:10 +02:00
Florian Roth 198b292c26 rule: emotet encoded commands 2020-10-20 12:51:58 +02:00
Florian Roth 75f177210e Merge pull request #1205 from Neo23x0/rule-devel 
fix: ping hex ip rule
 2020-10-16 12:33:03 +02:00
Florian Roth 986b711de6 Merge branch 'master' into rule-devel 2020-10-16 12:01:29 +02:00
Florian Roth 48f1be04d4 fix: ping hex ip rule 2020-10-16 10:06:24 +02:00
Thomas Patzke f064102399 Merge pull request #996 from fryguy04/master 
removed leading slash and allow for mult spaces
 2020-10-12 23:32:17 +02:00
Thomas Patzke 976fc92b22 Merge pull request #971 from alan8trend/parse_nested_parentheses 
Add support nested parentheses for Sigma condition
 2020-10-12 23:30:36 +02:00
Thomas Patzke e8cdd4777a Merge pull request #1026 from ryanplasma/fix-pymisp-error 
Fix error with pymisp in sigma2misp
 2020-10-12 23:14:13 +02:00
Florian Roth d30502cdab Merge pull request #1134 from Neo23x0/rule-devel 
Rule devel
 2020-10-12 10:25:13 +02:00
Florian Roth 3affdd12e0 fix: rule title casing 2020-10-12 09:51:35 +02:00
Florian Roth 0d0cda0f86 docs: improved false positive notes 2020-10-12 09:18:42 +02:00
Florian Roth e7c6794ecd rule: suspicious wmic process call create + rundll32 2020-10-12 09:18:30 +02:00
Florian Roth 2e732eb01f Merge branch 'master' into rule-devel 2020-10-12 09:13:24 +02:00
vh 51df5ad876 Added: 
Sumo Logic CSE Rule Backend

Updated:
Mapping depence on logsource
Azure Sentinel Query Backend
MDATP: query with few logsources
CROWDSTRIKE: fix generateMapItemTypedNode
 2020-10-06 15:07:52 +03:00