security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,609 Commits 1 Branch 57 Tags
b424e699c091da17a316844f67cd00a894e4b211
Commit Graph

686 Commits

Author SHA1 Message Date
frack113 7f087797d6 Merge pull request #2175 from frack113/elastic_is_bad_in_regex 
manage start end regex for Elastic
 2021-11-05 12:27:18 +01:00
Jordi Schoots 23ed626287 Change location value=str(value) 2021-11-01 16:05:34 +01:00
Jordi Schoots 9d0123e782 Fix errors introduced at commit 58d9e41 2021-11-01 12:40:41 +01:00
frack113 f4b1dcfc72 cleanup code 2021-10-28 20:56:19 +02:00
frack113 c49b0d49fa Add deprecated status 2021-10-28 20:08:27 +02:00
frack113 e9d163cdd1 add filter not status 2021-10-28 19:46:36 +02:00
Tim Shelton 9b6be31c8d commenting out exceptions output from handling 2021-10-26 18:25:23 +00:00
Tim Shelton 7fc2a6f00d missed one 2021-10-26 15:25:11 +00:00
Tim Shelton 0d65dcdc28 fixx err 2021-10-26 15:12:03 +00:00
Tim Shelton 22b64644ef updating hawk backend to fix open ended backslash for regex 2021-10-26 15:09:47 +00:00
Tim Shelton bacdf53236 updating hawk backend to fix or list map missing an outer and operator 2021-10-26 15:05:27 +00:00
Tim Shelton 6b5c63e485 Merge branch 'master' of https://github.com/redsand/sigma into HAWK_Backend 2021-10-25 18:39:48 +00:00
davedhoff e772dbf0a9 Import Iterable from collections.abc 2021-10-22 13:56:47 -05:00
frack113 bb758bdb0f manage start end regex 2021-10-20 21:20:04 +02:00
Tim Shelton e97fa8fc75 merging from upstream 2021-10-19 02:37:53 +00:00
Tim Shelton d5498eecbf updating hawk backend, still pending aggregation support 2021-10-19 02:35:45 +00:00
Tim Shelton 16a78187bd updating hawk json format record 2021-10-18 21:39:49 +00:00
Tim Shelton 6e35c031de Add additional information to the analytic record, including tags, author info, rule id and references 2021-10-18 21:39:49 +00:00
Tim Shelton f2d9cf0964 Initial commmit of hawk analytic score generator 2021-10-18 21:39:49 +00:00
Tim Shelton ae2923bdd8 Initial commmit of hawk analytic score generator 2021-10-18 21:39:49 +00:00
Tim Shelton b30abd5c12 updating hawk json format record 2021-10-18 21:34:48 +00:00
Wagga 17d78a5c4c Fix a missing var reset in SQLite backend 2021-10-17 16:21:59 +02:00
Thomas Patzke 76c02a14b2 Merge pull request #1558 from maketsi/splunk-search-ext 
Added ability to define free-text searches in the logsource mapping
 2021-10-16 20:49:14 +02:00
Thomas Patzke 9d8828a0ed Merge pull request #1696 from denny-lclin/lclin/fix-ada-wildcard 
Fix [ALA] Convesion of wildcard not as expected for ada backend #1689
 2021-10-16 20:46:23 +02:00
Thomas Patzke f3c01a3f65 Merge pull request #1948 from zazzzSec/fix_cb_paths 
fixing cb path wildcards that don't work
 2021-10-16 20:44:14 +02:00
Thomas Patzke 4806a88427 Merge pull request #2029 from marcurdy/master 
Correct for proper output to Splunk and CarbonBlack. Add AWS Athena c…
 2021-10-16 20:37:59 +02:00
Thomas Patzke e6881e41a6 Merge pull request #2090 from roysjosh/ala-near 
Implement "near" support for ALA/Sentinel
 2021-10-16 20:34:32 +02:00
Thomas Patzke 00dd72acf2 Merge pull request #2118 from albchen/patch-3 
Add generateAggregation
 2021-10-16 20:33:11 +02:00
Tim Shelton 6d6a57a3b4 Add additional information to the analytic record, including tags, author info, rule id and references 2021-10-14 15:05:05 +00:00
Tim Shelton 1a9f106d34 Initial commmit of hawk analytic score generator 2021-10-14 14:17:03 +00:00
frack113 468cac031d fix status 2021-10-14 07:19:41 +02:00
Tim Shelton 1f5d9d8adc Initial commmit of hawk analytic score generator 2021-10-13 14:36:49 +00:00
albchen 62025971c7 Add generateAggregation 
Adds aggregation function for rules such as win_multiple_suspicious_cli.yml or win_dnscat2_powershell_implementation.yml. Modeled after splunk.py backend, converted to use MDE's count() and dcount() instead of Splunk's count() and dc(). Requires a valid config for converting aggfields and groupfields.
 2021-10-03 17:37:05 -07:00
frack113 94bff8e5ea Merge pull request #2108 from hazedav/master 
fix(backend): add remediation for lacework policy
 2021-09-30 17:38:38 +02:00
hazedav 67818f125a fix(backend): add remediation for lacework policy 2021-09-30 09:27:18 -05:00
frack113 41f0fe6b52 Merge pull request #2095 from frack113/update_help 
Update filter help
 2021-09-28 16:23:29 +02:00
frack113 11dc276185 Update filter help 2021-09-28 10:33:10 +02:00
Joshua Roys 0f3b169c45 Implement "near" support for ALA/Sentinel 2021-09-27 15:01:32 -04:00
frack113 bcdf164b4c fix space 2021-09-27 19:17:14 +02:00
frack113 a0b48b96d4 Fix 'NoneType' object has no attribute 'lower' 2021-09-27 18:49:58 +02:00
frack113 d08d3712be Add more debug info 2021-09-25 19:33:30 +02:00
frack113 88a59be69c Add options and return error code 2021-09-18 18:13:16 +02:00
frack113 5081c210b7 add simple script 2021-09-18 15:51:05 +02:00
Maxime Lamothe-Brassard 314fa5aaa5 Add validation for logical sub operators. 2021-09-14 18:00:09 -07:00
Thomas Patzke c7ecf6da65 Merge pull request #2009 from Preston-Young/master 
Added New OpenSearch Monitor Backend
 2021-09-13 23:07:35 +02:00
Mark McCurdy 58d9e4180a Correct for proper output to Splunk and CarbonBlack. Add AWS Athena config/backend support 2021-09-13 14:17:33 -05:00
albchen 1dec1a49fa Mapped OriginalFileName in DeviceProcessEvents 
Mapped OriginalFileName to ProcessVersionInfoOriginalFileName in DeviceProcessEvents. Tested and works for rules such as https://github.com/SigmaHQ/sigma/blob/master/rules/windows/process_creation/win_renamed_binary.yml
 2021-09-10 15:51:32 -07:00
Austin Songer a798469961 Update lacework.py 2021-09-10 09:46:57 -05:00
Young fe53f6dd5d moved default values to backend file 2021-09-09 15:02:59 -07:00
Young 647f81d128 reverted changes in base.py to upstream 2021-09-09 10:55:36 -07:00