security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,609 Commits 1 Branch 57 Tags
b424e699c091da17a316844f67cd00a894e4b211
Commit Graph

1212 Commits

Author SHA1 Message Date
frack113 7f087797d6 Merge pull request #2175 from frack113/elastic_is_bad_in_regex 
manage start end regex for Elastic
 2021-11-05 12:27:18 +01:00
Jordi Schoots 23ed626287 Change location value=str(value) 2021-11-01 16:05:34 +01:00
Jordi Schoots 9d0123e782 Fix errors introduced at commit 58d9e41 2021-11-01 12:40:41 +01:00
frack113 fb750721b2 Merge pull request #2212 from frack113/new_status 
New status from discussions
 2021-10-31 20:38:28 +01:00
frack113 f4b1dcfc72 cleanup code 2021-10-28 20:56:19 +02:00
frack113 c49b0d49fa Add deprecated status 2021-10-28 20:08:27 +02:00
frack113 e9d163cdd1 add filter not status 2021-10-28 19:46:36 +02:00
Nasreddine Bencherchali 1015d3fe68 Update winlogbeat-modules-enabled.yml 
- Fixed typos in FileVersion, Description, Product, and Company fields for image_load category.
- Added separate OriginalFileName fields for process_creation, image_load categories.
 2021-10-28 16:05:40 +01:00
frack113 781598351d Add SourceUser and TargetUser 2021-10-27 17:13:34 +02:00
frack113 ce5e4c45f1 Add sysmon 13.30 ParentUser 2021-10-27 12:58:10 +02:00
Tim Shelton 9b6be31c8d commenting out exceptions output from handling 2021-10-26 18:25:23 +00:00
Tim Shelton 8f22d418f3 fixing lingering item 2021-10-26 16:28:04 +00:00
Tim Shelton 893874d3a5 removing item with space, and removing duplicate item and fixing target field, thx to frack113 2021-10-26 16:25:50 +00:00
Tim Shelton 7fc2a6f00d missed one 2021-10-26 15:25:11 +00:00
Tim Shelton 0d65dcdc28 fixx err 2021-10-26 15:12:03 +00:00
Tim Shelton 22b64644ef updating hawk backend to fix open ended backslash for regex 2021-10-26 15:09:47 +00:00
Tim Shelton bacdf53236 updating hawk backend to fix or list map missing an outer and operator 2021-10-26 15:05:27 +00:00
Tim Shelton 6b5c63e485 Merge branch 'master' of https://github.com/redsand/sigma into HAWK_Backend 2021-10-25 18:39:48 +00:00
davedhoff e772dbf0a9 Import Iterable from collections.abc 2021-10-22 13:56:47 -05:00
frack113 963f32063f Merge pull request #2148 from SigmaHQ/rule-devel 
First Linux Process Creation and Network Connection rules (Sysmon for Linux)
 2021-10-21 19:10:08 +02:00
V1D1AN a47645a084 Modify event.provider to event.module 2021-10-21 08:34:41 +02:00
frack113 bb758bdb0f manage start end regex 2021-10-20 21:20:04 +02:00
al3t 7500346ce7 Update winlogbeat-modules-enabled.yml 
updating field mapping
 2021-10-20 17:06:55 +03:00
Tim Shelton e97fa8fc75 merging from upstream 2021-10-19 02:37:53 +00:00
Tim Shelton d5498eecbf updating hawk backend, still pending aggregation support 2021-10-19 02:35:45 +00:00
Tim Shelton 16a78187bd updating hawk json format record 2021-10-18 21:39:49 +00:00
Tim Shelton 6e35c031de Add additional information to the analytic record, including tags, author info, rule id and references 2021-10-18 21:39:49 +00:00
Tim Shelton f2d9cf0964 Initial commmit of hawk analytic score generator 2021-10-18 21:39:49 +00:00
Tim Shelton ae2923bdd8 Initial commmit of hawk analytic score generator 2021-10-18 21:39:49 +00:00
Tim Shelton b30abd5c12 updating hawk json format record 2021-10-18 21:34:48 +00:00
Wagga 17d78a5c4c Fix a missing var reset in SQLite backend 2021-10-17 16:21:59 +02:00
frack113 e5b3a1cc14 Merge pull request #2151 from frack113/ps_category 
Powershell category
 2021-10-17 07:15:31 +01:00
frack113 7fc6532665 fix yml 2021-10-16 22:49:20 +02:00
Thomas Patzke 76c02a14b2 Merge pull request #1558 from maketsi/splunk-search-ext 
Added ability to define free-text searches in the logsource mapping
 2021-10-16 20:49:14 +02:00
Thomas Patzke 9d8828a0ed Merge pull request #1696 from denny-lclin/lclin/fix-ada-wildcard 
Fix [ALA] Convesion of wildcard not as expected for ada backend #1689
 2021-10-16 20:46:23 +02:00
Thomas Patzke f3c01a3f65 Merge pull request #1948 from zazzzSec/fix_cb_paths 
fixing cb path wildcards that don't work
 2021-10-16 20:44:14 +02:00
Thomas Patzke 4806a88427 Merge pull request #2029 from marcurdy/master 
Correct for proper output to Splunk and CarbonBlack. Add AWS Athena c…
 2021-10-16 20:37:59 +02:00
Thomas Patzke e6881e41a6 Merge pull request #2090 from roysjosh/ala-near 
Implement "near" support for ALA/Sentinel
 2021-10-16 20:34:32 +02:00
Thomas Patzke 00dd72acf2 Merge pull request #2118 from albchen/patch-3 
Add generateAggregation
 2021-10-16 20:33:11 +02:00
frack113 94fe989f11 Merge pull request #2139 from phantinuss/providername 
Introducing the field 'Provider Name' for Windows Eventlog Log Sources
 2021-10-16 18:05:10 +01:00
Florian Roth 6660be9753 config: network connection linux 2021-10-16 14:22:48 +02:00
frack113 fc796df654 add references 2021-10-16 08:37:51 +02:00
frack113 690b26fb90 change order to chain sysmon 2021-10-16 08:19:25 +02:00
Florian Roth 5a144e1864 sysmon for linux - process_creation mapping 2021-10-15 14:46:13 +02:00
Tim Shelton 6d6a57a3b4 Add additional information to the analytic record, including tags, author info, rule id and references 2021-10-14 15:05:05 +00:00
Tim Shelton 1a9f106d34 Initial commmit of hawk analytic score generator 2021-10-14 14:17:03 +00:00
frack113 468cac031d fix status 2021-10-14 07:19:41 +02:00
Tim Shelton 1f5d9d8adc Initial commmit of hawk analytic score generator 2021-10-13 14:36:49 +00:00
phantinuss 81b4a0eb98 feat: adapt logsources for field names without spaces 2021-10-13 14:36:10 +02:00
phantinuss 1099d40473 rename the field 'Provider Name' to 'Provider_Name' 2021-10-13 13:04:11 +02:00