security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,609 Commits 1 Branch 57 Tags
b424e699c091da17a316844f67cd00a894e4b211
Commit Graph

342 Commits

Author SHA1 Message Date
Nasreddine Bencherchali 1015d3fe68 Update winlogbeat-modules-enabled.yml 
- Fixed typos in FileVersion, Description, Product, and Company fields for image_load category.
- Added separate OriginalFileName fields for process_creation, image_load categories.
 2021-10-28 16:05:40 +01:00
frack113 781598351d Add SourceUser and TargetUser 2021-10-27 17:13:34 +02:00
frack113 ce5e4c45f1 Add sysmon 13.30 ParentUser 2021-10-27 12:58:10 +02:00
Tim Shelton 8f22d418f3 fixing lingering item 2021-10-26 16:28:04 +00:00
Tim Shelton 893874d3a5 removing item with space, and removing duplicate item and fixing target field, thx to frack113 2021-10-26 16:25:50 +00:00
Tim Shelton 6b5c63e485 Merge branch 'master' of https://github.com/redsand/sigma into HAWK_Backend 2021-10-25 18:39:48 +00:00
frack113 963f32063f Merge pull request #2148 from SigmaHQ/rule-devel 
First Linux Process Creation and Network Connection rules (Sysmon for Linux)
 2021-10-21 19:10:08 +02:00
V1D1AN a47645a084 Modify event.provider to event.module 2021-10-21 08:34:41 +02:00
al3t 7500346ce7 Update winlogbeat-modules-enabled.yml 
updating field mapping
 2021-10-20 17:06:55 +03:00
Tim Shelton d5498eecbf updating hawk backend, still pending aggregation support 2021-10-19 02:35:45 +00:00
Tim Shelton ae2923bdd8 Initial commmit of hawk analytic score generator 2021-10-18 21:39:49 +00:00
frack113 e5b3a1cc14 Merge pull request #2151 from frack113/ps_category 
Powershell category
 2021-10-17 07:15:31 +01:00
frack113 7fc6532665 fix yml 2021-10-16 22:49:20 +02:00
Thomas Patzke 76c02a14b2 Merge pull request #1558 from maketsi/splunk-search-ext 
Added ability to define free-text searches in the logsource mapping
 2021-10-16 20:49:14 +02:00
Thomas Patzke 4806a88427 Merge pull request #2029 from marcurdy/master 
Correct for proper output to Splunk and CarbonBlack. Add AWS Athena c…
 2021-10-16 20:37:59 +02:00
Florian Roth 6660be9753 config: network connection linux 2021-10-16 14:22:48 +02:00
frack113 fc796df654 add references 2021-10-16 08:37:51 +02:00
frack113 690b26fb90 change order to chain sysmon 2021-10-16 08:19:25 +02:00
Florian Roth 5a144e1864 sysmon for linux - process_creation mapping 2021-10-15 14:46:13 +02:00
phantinuss 81b4a0eb98 feat: adapt logsources for field names without spaces 2021-10-13 14:36:10 +02:00
phantinuss 1099d40473 rename the field 'Provider Name' to 'Provider_Name' 2021-10-13 13:04:11 +02:00
phantinuss 3d8002a237 fix: Use 'Provider Name' for windows eventlog log sources 2021-10-13 11:40:24 +02:00
frack113 f1d5605f10 fix yml space 2021-10-11 07:44:48 +02:00
frack113 9810a9fe73 add powershell.yml 2021-10-11 07:42:04 +02:00
frack113 424b0263df add EventID 26 2021-09-29 08:53:22 +02:00
frack113 6782a7af4d fix TargetUserName and TargetUserSid for detection 2021-09-27 09:27:01 +02:00
frack113 74c2d39d53 Merge pull request #2081 from austinsonger/ecs-ms365_defender.yml 
ecs-ms365_defender.yml
 2021-09-27 08:03:36 +02:00
Austin Songer 00f4773eeb Create ecs-ms365_defender.yml 2021-09-24 20:02:39 -05:00
Austin Songer 696f343ac3 Delete ecs-ms365_defender.yml 2021-09-24 20:02:04 -05:00
Austin Songer 176b9662fc Update ecs-ms365_defender.yml 2021-09-24 20:01:00 -05:00
Austin Songer dd2f3e50db Create ecs-ms365_defender.yml 2021-09-24 19:53:21 -05:00
Austin Songer 527975c02f Update ecs-azure-ad_signinlogs.yml 2021-09-24 19:33:01 -05:00
Austin Songer 9ca1ea993d Create ecs-azure-ad_signinlogs.yml 2021-09-24 19:29:40 -05:00
Steven 9cb826b0d1 Rename auditbeat.yml to ecs-auditbeat-modules-enabled.yml 2021-09-24 09:00:26 +02:00
Steven bf1a8c2415 Fix yamllint 2021-09-23 18:56:29 +02:00
Steven 35a710eec6 Added configuration for auditbeat, mapping to Elastic ECS 2021-09-23 14:59:51 +02:00
frack113 72d301ba20 remove bad cb 2021-09-18 15:55:01 +02:00
frack113 365db5abbc fix bad elasticsearch-rule 2021-09-18 15:54:08 +02:00
Austin Songer 7ff0ff104a Update ecs-okta.yml 2021-09-14 01:52:03 -05:00
Austin Songer 2a52cef62e Update ecs-okta.yml 2021-09-13 22:29:19 -05:00
Austin Songer 1895906580 Update ecs-okta.yml 2021-09-13 22:16:43 -05:00
Austin Songer 15bd61ed9f Update ecs-okta.yml 2021-09-13 21:45:14 -05:00
Mark McCurdy 94e47dcbb3 removing duplicate mappings due to yamllint 2021-09-13 21:34:52 -05:00
Austin Songer 87affad990 Create ecs-okta.yml 2021-09-13 21:31:25 -05:00
Mark McCurdy 58d9e4180a Correct for proper output to Splunk and CarbonBlack. Add AWS Athena config/backend support 2021-09-13 14:17:33 -05:00
Preston Young 4a98d68977 Merge branch 'SigmaHQ:master' into master 2021-09-09 10:28:16 -07:00
Thomas Patzke 51bc036dbf Merge pull request #1921 from roysjosh/azure-sentinel-arm-output 
Azure Sentinel support
 2021-09-01 22:26:42 +02:00
frack113 6aae623f45 Remove duplicate file 2021-08-28 08:42:02 +02:00
Joshua Roys 294bb432d0 Add Azure Sentinel backend 
The web interface expects ARM templates.
 2021-08-24 16:01:23 -04:00
Austin Songer 579a80411d Update m365.yml 2021-08-21 15:03:31 -05:00