d8b703462d
fix name of network_initiated
2020-01-13 00:12:04 -05:00
f7fd936433
update HELK config taxonomy/mapping for sigmac conversion
2019-10-01 10:14:54 -04:00
5ae46ac56d
rule: user added to local administrator: handle non english systems by using group sid instead of name
2019-09-06 06:21:42 -04:00
6bf010fb4b
introduce elastalert-dsl
...
(cherry picked from commit 0235ec23200e62766d9f21fbd26ed834991a0b61)
2019-05-27 17:18:19 +02:00
11ed7e7ef8
Check for valid configuration/backend combinations
2019-05-20 01:00:33 +02:00
36aeb19721
Added title to all configurations
2019-05-16 23:33:51 +02:00
6918784e87
Configuration order checking
2019-04-23 00:54:10 +02:00
046510f021
updated HELK Destination IP name
2019-02-05 13:11:06 -05:00
a276d3083d
DHCP log source in sigmac configs
2019-02-05 14:35:23 +01:00
a0486edeea
Field-Index Mapping File & SIGMA Rules Field names fix
...
+ Updated HELK field-index mapping file
+ After going through all the fields with 'fieldlist' output, I found a few rules that fixed.
2018-12-11 09:27:26 +03:00
8c577a329f
Improve Rule & Updated HELK SIGMA Standardization Config
...
Rule should be focusing on the 'process_command_line' field and not just on any value of any event generated by powershell.exe.
SIGMA HELK standardization config updated to match latest HELK Common Information Model
2018-12-08 11:30:21 +03:00
17c1c1adff
Added field name mappings to HELK configuration
2018-03-27 14:41:02 +02:00
e162ba0155
Added HELK configuration
2018-03-16 23:42:31 +01:00
neu5ron