security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,410 Commits 1 Branch 57 Tags
a0bad54dbda170d5369f54ccede5f11f999da4de
Commit Graph

314 Commits

Author SHA1 Message Date
Thomas Patzke b85aec6157 Merging backend split branches 2018-07-21 00:59:50 +02:00
Thomas Patzke 3e2184ac61 Removal from sigma.backends.elasticsearch 2018-07-21 00:37:36 +02:00
nikotin b5f27d75be Added Qradar backend 2018-07-17 15:25:06 +03:00
Thomas Patzke c2b1a58813 Removal from sigma.backends.wdatp 2018-07-10 23:49:39 +02:00
Thomas Patzke 45782c6328 Removal from sigma.backends.splunk 2018-07-10 23:48:47 +02:00
Thomas Patzke 46f29d2eb2 Removal from sigma.backends.output 2018-07-10 23:47:41 +02:00
Thomas Patzke 2d4145cfe8 Removal from sigma.backends.discovery 2018-07-10 23:46:52 +02:00
Thomas Patzke 83acff6859 Splitting backends - Copy discovery.py 2018-07-10 23:46:16 +02:00
Thomas Patzke d340487e94 Removal from sigma.backends.base 2018-07-10 23:44:14 +02:00
Thomas Patzke 2e7d366da5 Removal from sigma.backends.mixins 2018-07-10 23:42:38 +02:00
Thomas Patzke bb78c1428e Removal from sigma.backends.logpoint 2018-07-10 23:41:15 +02:00
Thomas Patzke 2edeaee748 Removal from sigma.backends.graylog 2018-07-10 23:40:17 +02:00
Thomas Patzke e5baca0ac4 Removal from sigma.backends.qualys 2018-07-10 23:39:18 +02:00
Thomas Patzke fdfe346adc Removal from sigma.backends.exceptions 2018-07-10 23:37:59 +02:00
Thomas Patzke 7fbc3a35a3 Removal from sigma.backends.cli 2018-07-10 23:33:40 +02:00
Thomas Patzke 881f72e418 Removal from sigma.backends.tools 2018-07-10 23:32:42 +02:00
Thomas Patzke 09ac41949c Removal from sigma.backends.archsight 2018-07-10 23:22:36 +02:00
Thomas Patzke 04b89befce Splitting backends - Copy elasticsearch.py 2018-07-10 23:15:04 +02:00
Thomas Patzke bb9bef4deb Splitting backends - Copy wdatp.py 2018-07-10 23:15:04 +02:00
Thomas Patzke 72480d304b Splitting backends - Copy splunk.py 2018-07-10 23:15:04 +02:00
Thomas Patzke c5d5c52850 Splitting backends - Copy output.py 2018-07-10 23:15:04 +02:00
Thomas Patzke 0c93040da5 Splitting backends - Copy base.py 2018-07-10 23:15:04 +02:00
Thomas Patzke a8e19bb4ba Splitting backends - Copy mixins.py 2018-07-10 23:15:04 +02:00
Thomas Patzke 116fe16512 Splitting backends - Copy logpoint.py 2018-07-10 23:15:04 +02:00
Thomas Patzke b621e9c3a8 Splitting backends - Copy graylog.py 2018-07-10 23:15:04 +02:00
Thomas Patzke a2ee36eac7 Splitting backends - Copy qualys.py 2018-07-10 23:15:04 +02:00
Thomas Patzke 32c70b26d8 Splitting backends - Copy exceptions.py 2018-07-10 23:15:04 +02:00
Thomas Patzke 43d951b173 Splitting backends - Copy cli.py 2018-07-10 23:15:04 +02:00
Thomas Patzke a6cd7a3d6b Splitting backends - Copy tools.py 2018-07-10 23:15:04 +02:00
Thomas Patzke 7a2b1ae790 Splitting backends - Copy arcsight.py 2018-07-10 23:15:04 +02:00
Thomas Patzke d064d24fbe Sigmac WDATP backend: renamed action types 2018-07-10 22:49:38 +02:00
Roey 14464f8c79 Added support of splunk dashboards (xml) 2018-06-22 14:17:58 +02:00
Thomas Patzke 7d1b801858 Merge branch 'devel-sigmac-wdatp' 2018-06-22 00:43:23 +02:00
Thomas Patzke 31727b3b25 Added Windows Defender ATP backend 
Missing:
* Aggregations
 2018-06-22 00:03:10 +02:00
Thomas Patzke e72c0d5de4 SingleTextQueryBackend ignores empty components in composed queries 
Example: one component of a AND-composition is ignored if invoked
generate* call returns None.
 2018-06-21 23:59:41 +02:00
Thomas Patzke d8a7bcad39 Reordered rule generation 
Generation of query parts before and after main query gives access to
information possibly gathered while main query generation.
 2018-06-21 23:50:13 +02:00
Thomas Patzke 8ddb369df3 Integration of Qualys backend 
* Changed description text to one-liner
* Output to intended class
* Minor code optimizations
 2018-06-07 23:31:09 +02:00
Thomas Patzke ce9db548ff Integration of ArcSight backend 
* Rename
* Changed description to one line to beautify output of backend list
* Small bugfix in handling of numeric values
 2018-06-07 23:04:36 +02:00
nikotin d13e8d7bd3 Added ArcSight & Qualys backends 2018-06-07 16:18:23 +03:00
Paul Dutot 715a88542d Graylog backend added 2018-05-17 15:51:25 +01:00
milkmix 37ee355a77 patched es-dsl 2018-05-17 08:44:50 +02:00
Thomas Patzke 738d03c751 Fixed position of line separation if rulecomment and verbose is active 2018-05-13 22:36:51 +02:00
Thomas Patzke 7647587a8b Fixed quoting of backslashes in generated queries 2018-05-01 00:45:59 +02:00
Thomas Patzke de2ed08695 Merge branch 'ci-es' 2018-05-01 00:34:11 +02:00
Thomas Patzke e411039b56 Fixed escaping of \u in Elasticsearch Query String queries 2018-05-01 00:05:16 +02:00
milkmix 0b3b0c3aaf imported es-dsl code from repo 2018-04-06 17:36:11 +02:00
Thomas Patzke 22ee6f4521 sigmac: escaped wildcards (\* and \?) are passed in generated query 2018-03-29 11:15:20 +02:00
Thomas Patzke 5f8b60cc24 sigmac: Improved fieldlist backend 
* Unique list of fields for multiple rules
* Aggregation support
 2018-03-22 00:03:51 +01:00
Thomas Patzke 0018503501 sigmac: Fixed rulecommend backend option 2018-03-21 01:13:10 +01:00
Thomas Patzke 4a9849b161 sigmac: improved backend options 
* parsing in main class
* help
 2018-03-21 00:53:44 +01:00