security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,089 Commits 1 Branch 57 Tags
d14e287cdf91e2a8b995de5bfbc3fa8540c1922b
Commit Graph

65 Commits

Author SHA1 Message Date
Nasreddine Bencherchali e5fe4d5f46 feat: update config files 
- Update indentation of config files to 4
- Add new event logs
 2023-01-17 01:00:24 +01:00
frack113 deeac89f36 Add lsa-server 2023-01-13 17:56:02 +01:00
Nasreddine Bencherchali acf4a404d5 feat: add Microsoft-Windows-AppXDeploymentServer/Operational 2023-01-11 22:23:52 +01:00
frack113 9b550f6858 Add win_vhdmp_mount_iso 2023-01-09 10:19:41 +01:00
frack113 a1a94a0b66 Update W3C field name 2023-01-02 16:39:55 +01:00
frack113 aee5ca7afc Fix invalid field cast or name (#3841) 2022-12-30 11:46:21 +01:00
frack113 316aa03efd Update hawk.yml 2022-12-23 20:59:40 +01:00
redsand (Tim Shelton) b53f534d2f Merge branch 'SigmaHQ:master' into hawk_backend_update 2022-11-15 11:39:46 -06:00
Tim Shelton 9e26ad75da HAWK backend configuration update and bug fix. 2022-11-15 17:38:29 +00:00
Nasreddine Bencherchali a605380279 fix: fix broken mapping 2022-11-15 11:39:28 +01:00
Tim Shelton febeadfb4c BACKEND: updating production config 2022-10-05 19:43:39 +00:00
Florian Roth fbc7519b94 Merge pull request #3385 from nasbench/nasbench-rule-devel 
Update Sysmon Config
 2022-08-17 09:29:54 +02:00
Tim Shelton 726406f64d Backend: hawk. last udpate to config until pySigma migration (hopefully) 2022-08-16 19:58:16 +00:00
Nasreddine Bencherchali f37fd2375b Update config 2022-08-16 20:18:46 +01:00
Tim Shelton 5f0347d94d Backend: adjusting http_path to match, along with expanding event_channel, since channel key has collisions 2022-08-02 23:39:49 +00:00
Tim Shelton 4d7d0b3235 backend - updating hawk backend with additional translations 2022-06-08 19:04:37 +00:00
Tim Shelton 6ca03d741b adding additional file hash column translation 2022-05-23 21:11:34 +00:00
Tim Shelton 605a0bc678 Backend: adding additional entries to hawk.yml 2022-05-23 18:46:50 +00:00
Tim Shelton 232fd9ad17 removing duplicate 2022-05-10 13:19:22 +00:00
Tim Shelton ad727e11e9 adding additional zeek categories to sort out false positive matching 2022-05-10 03:39:16 +00:00
Tim Shelton 278e825794 fixing hawk backend fields for zeek. wrong character 2022-05-10 01:45:17 +00:00
Tim Shelton 0709758651 Adding updates for zeek, as well as some missing sections for windows. internal review of rules will continue. 2022-05-09 23:23:35 +00:00
Tim Shelton ad003de3fb Fixing mismatch of sigs when using system/app/security and additional matching against provider name 2022-05-04 14:58:02 +00:00
Tim Shelton 102a45a215 adding support for terminal services-localsessionmanager 2022-04-29 14:29:05 +00:00
Florian Roth f695443c4c Merge pull request #2969 from SigmaHQ/new-source-terminalservices 
New source terminalservices
 2022-04-29 13:25:12 +02:00
Florian Roth 43f3a31d19 feat: new service definition - terminal services 2022-04-29 12:26:26 +02:00
Tim Shelton eb0bcd7c9f updating hawk field translation, and bug when an author field is not present in a sig 2022-04-28 19:54:00 +00:00
Tim Shelton 3f08d37a0e adding linux-auditd support and alignment 2022-04-20 14:31:32 +00:00
Tim Shelton 83ece8c9ca adding missing file_ entries 2022-04-13 15:57:54 +00:00
Tim Shelton bca687a1ad adding a couple more missing entries 2022-04-13 15:15:15 +00:00
Tim Shelton 500c97020f Backend: updating hawk backend config, still pending file_rename and other file_ categories 2022-04-13 14:38:18 +00:00
Tim Shelton 0a9d8fd614 Fixing missed entry for registry_set 2022-03-30 15:56:31 +00:00
frack113 fbc9e8c2df Update new registry category 2022-03-26 11:46:52 +01:00
frack113 e2fbbb319d Categorie registry_set 2022-03-26 10:55:05 +01:00
Florian Roth 213f7fff5c refactor: make antivirus a category 2022-03-24 11:59:33 +01:00
Florian Roth 40f6361069 fix: adding product azure to tighten log source 2022-03-22 18:16:51 +01:00
Florian Roth 66b74a9b76 fix: bugs in configs 2022-03-22 18:10:35 +01:00
Florian Roth e91fc4486e refactor: first bigger log source refactoring 
see discussion here: https://github.com/SigmaHQ/sigma/discussions/2835
 2022-03-22 17:58:29 +01:00
Tim Shelton eefd026037 Merging latest changes for HAWK.IO 2022-03-16 20:26:49 +00:00
Tim Shelton c4efcae4e0 Merge branch 'master' of https://github.com/redsand/sigma into hawk 2022-01-28 00:24:07 +00:00
Florian Roth 68f0cdf338 feat: new log channel windows-codeintegrity-operational 
https://twitter.com/SBousseaden/status/1483810148602814466
 2022-01-20 09:44:36 +01:00
Tim Shelton 3c115408b6 Adding translation for Imphash 2022-01-18 15:47:53 +00:00
Tim Shelton 4dc4d71afc removing hawk translation of Details to object_target 2022-01-06 17:47:36 +00:00
Tim Shelton 1618f587ab adding missing category entries 2022-01-03 22:22:35 +00:00
Tim Shelton 01c5a62941 adding additional ps that was missed 2022-01-03 22:19:33 +00:00
Tim Shelton 8b261d9a30 Adding ps_script to config 2022-01-03 22:09:50 +00:00
Tim Shelton a4f601f53f adding spring to config 2021-12-29 19:53:57 +00:00
Tim Shelton db97b29e35 addding missing entry 2021-12-14 21:52:57 +00:00
Tim Shelton 2a96f239a5 adding additional translation fields for web based requests. 2021-12-14 20:54:32 +00:00
Tim Shelton d1b7eda60c adding translation for User, apparently its case sensitive 2021-12-09 20:04:20 +00:00