blue-team-tools

Author	SHA1	Message	Date
Nasreddine Bencherchali	a67ab607a1	feat: add `Microsoft-Windows-LDAP-Client/Debug` provider	2022-11-15 11:39:42 +01:00
Nasreddine Bencherchali	a605380279	fix: fix broken mapping	2022-11-15 11:39:28 +01:00
tr0mb1r	27b8b85230	Update elasticsearch.py Example: 'threshold': { 'field': [ 'host.name', ], 'value': 10, 'cardinality': [ { 'field': 'process.parent.name', 'value': 1, }, ], }	2022-11-07 12:46:09 +04:00
Nasreddine Bencherchali	2f5fe64099	Update service to openssh	2022-10-25 20:01:02 +02:00
Nasreddine Bencherchali	9b7af82e23	Add OpenSSH/Operational	2022-10-25 19:07:53 +02:00
Nasreddine Bencherchali	14c08635ef	Add PowerShellCore Channel	2022-10-19 00:07:09 +02:00
phantinuss	40f64a6b69	fix: unneeded fieldmapping for THOR/Aurora	2022-10-12 16:17:18 +02:00
$frack113$ frack113	85d33e4af9	Merge pull request #3525 from vastlimits/feature/ame-7.0 Updated uberAgent backend to support version 7.0.	2022-10-06 06:42:57 +02:00
Tim Shelton	febeadfb4c	BACKEND: updating production config	2022-10-05 19:43:39 +00:00
mpgn	652447696b	Update datadog sigmac	2022-09-28 08:30:03 -04:00
Yamato Security	979502921f	define security-mitigations service	2022-09-28 06:23:50 +09:00
Sven Scharmentke	5d9edbbb28	Merge remote-tracking branch 'origin/master' into feature/ame-6.3	2022-09-27 09:48:24 +02:00
$frack113$ frack113	dd1fed29a0	Add shell-core service	2022-09-27 06:36:01 +02:00
Yamato Security	048de3fc81	add diagnosis-scripted to windows services file	2022-09-27 10:43:38 +09:00
David Hazekamp	ad6ddf5896	feat(backend): add support for linux.network_connection Also remove evaluatorId	2022-09-20 13:47:17 -05:00
$frack113$ frack113	b9c7b79847	Merge pull request #3477 from elhoim/sigmac_deprecation_warning Added deprecating warning in sigmac with color	2022-09-10 15:43:35 +02:00
$frack113$ frack113	97cecc6de7	Merge pull request #3479 from elhoim/add_sigmac_deprecation_readme Add deprecation notice in README page	2022-09-10 12:34:07 +02:00
Thomas Patzke	c6e633bf30	Release 0.22.1	2022-09-09 22:48:08 +02:00
Thomas Patzke	7afcf24d21	Splunk puts AND always into parentheses New fix for issue #3443	2022-09-09 22:30:00 +02:00
Thomas Patzke	3396414bda	Revert "Wrapped all-modifier result into NodeSubexpression" This reverts commit `1fbd2bba4d`.	2022-09-09 22:26:13 +02:00
David ANDRE	607521f6bd	Added depcration notice in README page	2022-09-09 12:33:00 +02:00
David ANDRE	6b9470f8e4	New message as requested.\n Only displayed on full help and when no arguments is passed	2022-09-09 12:24:30 +02:00
David ANDRE	9711afd0d6	Added deprecating warning in sigmac with color	2022-09-09 09:08:50 +02:00
Thomas Patzke	57243e91e7	Sigmatools release 0.22	2022-09-08 21:24:23 +02:00
Thomas Patzke	1fbd2bba4d	Wrapped all-modifier result into NodeSubexpression Fixes sigmac splunk backend: Wrong conversion for \|contains\|all #3443	2022-09-08 17:57:36 +02:00
Thomas Patzke	19dea55e2c	Merge branch 'windash'	2022-09-08 09:34:19 +02:00
phantinuss	119cfe9558	fix: missing WinEventLog prefix for splunk/thor logsources	2022-08-23 11:50:15 +02:00
Wagga	03a6a5b48b	Update Sqlite backend to handle null values	2022-08-20 12:23:00 +02:00
Florian Roth	fbc7519b94	Merge pull request #3385 from nasbench/nasbench-rule-devel Update Sysmon Config	2022-08-17 09:29:54 +02:00
$frack113$ frack113	4abd506a4c	Merge pull request #3387 from redsand/backend_hawk_config_update_before_pysigma_migration Backend: hawk. last update to config until pySigma migration (hopefully)	2022-08-16 22:13:29 +02:00
Tim Shelton	726406f64d	Backend: hawk. last udpate to config until pySigma migration (hopefully)	2022-08-16 19:58:16 +00:00
Nasreddine Bencherchali	f37fd2375b	Update config	2022-08-16 20:18:46 +01:00
Nasreddine Bencherchali	d5133bcdd7	Update Sysmon	2022-08-16 19:47:44 +01:00
Nasreddine Bencherchali	6407089a40	Change service to diagnosis scripted	2022-08-15 12:45:12 +01:00
Nasreddine Bencherchali	d09037c9ad	Add 2 New EventLog Sources - Microsoft-Windows-Shell-Core/Operational - Microsoft-Windows-Diagnosis-Scripted/Operational	2022-08-14 21:38:36 +01:00
Wagga	ac203f99b5	Restore ruamel in sigmac to allow output in YAML This commit definitely fix the #3337 issue. The commit #3349 restored the commented lines but the ruamel import was not in it.	2022-08-10 11:42:27 +02:00
$frack113$ frack113	b13c37ad75	Fix issue 3337	2022-08-10 07:42:50 +02:00
Florian Roth	8041ab5130	Merge pull request #3325 from nasbench/nasbench-rule-devel Update+New Rules	2022-08-05 23:42:09 +02:00
Nasreddine Bencherchali	f2bec5c6af	Update provider + rules	2022-08-04 21:58:07 +01:00
Nasreddine Bencherchali	a073590c2f	Add Security-Mitigations-User Mode log	2022-08-04 13:44:55 +01:00
Sven Scharmentke	b3088d45b4	Merge branch 'master' into feature/ame-6.3	2022-08-04 09:43:23 +02:00
Phrozyn	b9e78e4656	mitre_update: updates resulting json to current state	2022-08-03 14:05:34 -05:00
Florian Roth	3f402e3007	Merge pull request #3304 from d4rk-d4nph3/master Added rule for Defender DLL sideloading	2022-08-03 10:46:37 +02:00
$frack113$ frack113	41bbb39f99	Merge pull request #3317 from redsand/backend_hawk_http_path_resolve Backend: adjusting http_path to match, along with expanding event_cha…	2022-08-03 06:30:25 +02:00
Tim Shelton	5f0347d94d	Backend: adjusting http_path to match, along with expanding event_channel, since channel key has collisions	2022-08-02 23:39:49 +00:00
Florian Roth	87a0c9e1b9	Merge branch 'master' into master	2022-08-02 18:10:24 +02:00
Florian Roth	afa0d77025	refactor: adding new channel to all backends	2022-08-02 18:08:29 +02:00
Bhabesh	4bbc1bc119	Support for Security-Mitigations provider	2022-08-02 13:32:22 +05:45
Rachel Rice	d47f32cb0f	chore: Remove DEFAULT_EVAL_FREQUENCY global Signed-off-by: Rachel Rice <rachel.rice@lacework.net>	2022-08-01 16:26:58 +01:00
Rachel Rice	197953e816	chore: Remove evalFrequency from Lacework backend evalFrequency has been deprecated; it is no longer required for policies. Signed-off-by: Rachel Rice <rachel.rice@lacework.net>	2022-08-01 16:12:13 +01:00

1 2 3 4 5 ...

1500 Commits