blue-team-tools

Author	SHA1	Message	Date
$frack113$ frack113	d6059d801b	Filename normalisation	2023-01-07 08:52:11 +01:00
$frack113$ frack113	0c4d6f1d71	Merge pull request #3870 from frack113/check_logsource update logsource	2023-01-04 19:52:41 +01:00
$frack113$ frack113	ed1a91b53f	remove duplicate value	2023-01-04 19:42:16 +01:00
$frack113$ frack113	7d5fb8db30	update logsource	2023-01-04 19:36:37 +01:00
Nasreddine Bencherchali	be4d99d6dd	Merge pull request #3868 from nasbench/nasbench-rule-devel feat: updates and enhancements	2023-01-04 19:29:12 +01:00
$frack113$ frack113	756a248032	update logsource	2023-01-04 18:52:24 +01:00
Nasreddine Bencherchali	46f01f2f88	fix: typo in unknown	2023-01-04 18:46:34 +01:00
Hendrik Baecker	9985905f54	rule_tests: Rule directory relative to test_* file	2023-01-04 16:25:07 +01:00
Hendrik Baecker	c998945b34	test-rules: use cti directory relative to test file This little change will use 'cti/' relative to the executing test_*.py file and doesn't care if the testfile is executed from sigma/ or sigma/tests/.	2023-01-04 16:02:57 +01:00
Hendrik Baecker	3da07164ce	test-rules: Execute get_mitre_data() as part of unittest Catching the data as part of the unittest class is more IDE friendly cause they won't call __main__ but using the test methods directly.	2023-01-04 15:58:35 +01:00
Nasreddine Bencherchali	3bd12552bb	feat: add bitlocker channel	2023-01-02 22:19:32 +01:00
Nasreddine Bencherchali	15798527e2	fix: typo in message	2023-01-02 21:33:15 +01:00
$frack113$ frack113	c62d624892	Use W3C cs-uri-query	2023-01-02 18:56:34 +01:00
$frack113$ frack113	41c850e00b	Use W3C cs-uri-query	2023-01-02 18:45:50 +01:00
$frack113$ frack113	a1a94a0b66	Update W3C field name	2023-01-02 16:39:55 +01:00
$frack113$ frack113	8720356684	Update field name	2023-01-02 15:49:45 +01:00
$frack113$ frack113	014684ddcd	add win_dns_analytic_ prefix	2023-01-02 12:16:09 +01:00
$frack113$ frack113	b13a74adc9	Update from review	2023-01-02 12:05:54 +01:00
$frack113$ frack113	0e8d1f9b0d	Check field name	2023-01-02 10:59:51 +01:00
$frack113$ frack113	27f3ba9257	Add linux auditd	2023-01-01 13:18:51 +01:00
$frack113$ frack113	6d0b86aae3	Keep only sysmon linux used	2022-12-31 19:14:40 +01:00
$frack113$ frack113	c2ce5d01fc	Add sysmon linux v1.0.2	2022-12-31 18:08:11 +01:00
$frack113$ frack113	481ae23c3e	Make it more generic	2022-12-30 18:17:31 +01:00
$frack113$ frack113	4a0b571598	add new test	2022-12-30 16:31:41 +01:00
$frack113$ frack113	3c2e1a6a3e	add new test	2022-12-30 16:00:42 +01:00
Nasreddine Bencherchali	261bb8758a	Merge branch 'SigmaHQ:master' into nasbench-rule-devel	2022-12-30 11:49:08 +01:00
$frack113$ frack113	aee5ca7afc	Fix invalid field cast or name (#3841 )	2022-12-30 11:46:21 +01:00
Nasreddine Bencherchali	58f47b9875	fix: add known children appvlp	2022-12-30 10:24:25 +01:00
Nasreddine Bencherchali	5e22c69c3c	feat: add `file_access` case in test (#3836 ) Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>	2022-12-29 19:35:21 +01:00
Nasreddine Bencherchali	964da01186	fix: test logic	2022-12-29 18:27:58 +01:00
Nasreddine Bencherchali	c2e8283806	fix: add missing try/except	2022-12-29 17:30:26 +01:00
Nasreddine Bencherchali	d0920f0931	fix: small error in deletion	2022-12-29 17:23:38 +01:00
Nasreddine Bencherchali	e20cb470cc	fix: enhance element deletion Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>	2022-12-29 17:19:01 +01:00
Nasreddine Bencherchali	123202f112	feat: add file_access case in test	2022-12-29 15:30:57 +01:00
Nasreddine Bencherchali	03cc78e916	feat: filename test enhancements (#3812 )	2022-12-23 09:25:16 +01:00
$frack113$ frack113	a27dc6c43a	Check for issue 3724	2022-12-22 08:46:25 +01:00
$frack113$ frack113	44a25df15f	Check for issue 3724	2022-12-22 08:41:37 +01:00
Florian Roth	b157bef3de	fix: link to correct issue	2022-12-21 08:59:24 +01:00
Nasreddine Bencherchali	ba3e985bed	feat: multiple update and enhancements	2022-12-19 17:41:40 +01:00
Nasreddine Bencherchali	972720d42c	fix: apply code review suggestion Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2022-12-19 10:17:49 +01:00
Nasreddine Bencherchali	1ccee514e2	feat: add duplicate titles test	2022-12-18 20:55:32 +01:00
Nasreddine Bencherchali	a0e8019780	fix: issue raised by PR #3769	2022-12-09 10:33:33 +01:00
Nasreddine Bencherchali	fa318243c2	Merge branch 'SigmaHQ:master' into nasbench-rule-devel	2022-12-08 19:22:11 +01:00
Nasreddine Bencherchali	c560baf673	feat: enhance test	2022-12-08 16:23:48 +01:00
Nasreddine Bencherchali	2506d29bc9	feat: add more checks for the test	2022-12-08 11:57:26 +01:00
Nasreddine Bencherchali	9a5a0fed20	feat: update test to include more cases	2022-12-07 22:21:05 +01:00
Nasreddine Bencherchali	0d3cb52266	feat: enhance typos test	2022-12-07 01:04:25 +01:00
Nasreddine Bencherchali	e343d016e9	feat: change check to lower	2022-12-05 00:31:51 +01:00
Nasreddine Bencherchali	25c41ea73c	fix: update error message Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2022-11-30 10:21:24 +01:00
Nasreddine Bencherchali	c2e85f4080	feat: update the test to test for lowercase Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2022-11-30 10:06:10 +01:00

1 2 3 4 5

217 Commits