security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,779 Commits 1 Branch 57 Tags
da54e89f3045fdf23daa2dbdfd712aceb393ae90
Commit Graph

769 Commits

Author SHA1 Message Date
bar 32cf352236 Merge remote-tracking branch 'upstream/master' 2020-07-26 14:56:06 +03:00
bar 9643e01b54 extension should use '..' 2020-07-26 12:16:48 +03:00
Thomas Patzke dcb07bab2f Merge pull request #949 from 0xballistics/powershell_backend_fix 
partial(?) fix of #762
 2020-07-25 10:18:05 +02:00
Simran Soin c329f6412d Fix bug with NOT handling 2020-07-23 11:47:55 -04:00
Simran Soin 6c7b4cf408 Revert additional change in base.py 2020-07-23 10:47:22 -04:00
Simran Soin ef9af3730a Remove unnecessary edits from qradar.py 2020-07-23 10:34:29 -04:00
Simran Soin 0e49a6acdf Default NOT to false for all functions 2020-07-23 10:18:16 -04:00
Simran Soin 0fac21f4a3 Remove modifications from base file and override in stix.py 2020-07-23 10:13:30 -04:00
Simran Soin 30ff22776a Fix NOT bug 2020-07-23 09:41:33 -04:00
bar 5019f2f160 added mapping for stix web, cloud, linux 2020-07-22 21:41:46 +03:00
bar 0543ec1ae3 mapping update, removed unused fields 2020-07-21 19:49:26 +03:00
bar 83623f396c Merge remote-tracking branch 'upstream/master' 2020-07-21 17:22:06 +03:00
bar da30266c60 ImageLoaded mapping added 2020-07-21 17:21:14 +03:00
David Straßegger 875360f373 fixed wrong function call for elastalert aggregation. fixes #940 2020-07-20 14:32:30 +02:00
Florian Roth ae05e8eb11 Merge pull request #935 from SanWieb/933-EventID-process_creation 
Revert "Ref #933 - Added windows Process Creation to config"
 2020-07-16 14:32:19 +02:00
Sander 94272c7770 Revert "Ref #933 - Added windows Process Creation to config" 
This reverts commit 6c35a7afa0.
 2020-07-16 14:30:17 +02:00
Florian Roth 80e6e933a9 Merge pull request #934 from SanWieb/933-EventID-process_creation 
Proposed fix for #933
 2020-07-16 13:38:12 +02:00
Sander 6c35a7afa0 Ref #933 - Added windows Process Creation to config 2020-07-16 13:16:57 +02:00
Aidan Bracher e0476d5ce6 Merge branch 'master' of git://github.com/Neo23x0/sigma 2020-07-15 16:35:29 +01:00
Aidan Bracher 1e5ee5823c Fix for indentation issue 
Wrong indentation of line 182 meant that even where config options
were given, the default per backend was being used, rendering
custom config useless.
 2020-07-15 16:29:27 +01:00
Florian Roth c7e412788a Merge pull request #924 from Neo23x0/devel 
Live MITRE ATT&CK data from TAXI service in Test Scripts
 2020-07-14 18:15:29 +02:00
Florian Roth 71e66ea9ba refactor: tests use live data from MITRE's TAXI service 2020-07-14 17:54:02 +02:00
Pushkarev Dmitry 6c999df3b7 Added AppLocker log source 2020-07-13 20:48:06 +00:00
Pushkarev Dmitry 8e3f973e69 Added AppLocker log source 2020-07-13 20:46:49 +00:00
Pushkarev Dmitry bdfb646228 Added AppLocker log source 2020-07-13 20:45:30 +00:00
Pushkarev Dmitry 364af53902 Added AppLocker log source 2020-07-13 20:44:03 +00:00
Pushkarev Dmitry 326cf05a74 Added AppLocker log source 2020-07-13 20:41:54 +00:00
Pushkarev Dmitry 46a6183745 Added AppLocker log source 2020-07-13 20:32:03 +00:00
Pushkarev Dmitry a58e037509 Added AppLocker log source 2020-07-13 20:30:02 +00:00
Pushkarev Dmitry 7fb2e2b845 Added AppLocker log source 2020-07-13 20:29:13 +00:00
Pushkarev Dmitry e376948258 Added AppLocker log source 2020-07-13 20:27:52 +00:00
Pushkarev Dmitry 0d925896b9 Added AppLocker log source 2020-07-13 20:23:42 +00:00
Pushkarev Dmitry c30a256030 Added AppLocker log source 2020-07-13 20:21:46 +00:00
Pushkarev Dmitry 1da229e3a9 Added AppLocker log source 2020-07-13 20:20:28 +00:00
Pushkarev Dmitry 3a19e3cf23 Added AppLocker log source 2020-07-13 20:18:01 +00:00
bar ca7cf8478d - IntegrityLevel mapping to integritylevel 2020-07-08 19:37:24 +03:00
bar 8855a87dbf - TargetProcessAddress mapping should be as startaddress mapping 
- remove extra '-'
 2020-07-08 17:35:57 +03:00
bar 8889ae21ca DestinationPort to network-traffic:dst_port mapping fix 2020-07-08 14:31:04 +03:00
bar 50ef79b398 Custom STIX object "x-sigma" for fields that missing mapping, so the pattern is STIX valid 2020-07-08 14:09:26 +03:00
Thomas Patzke 9bcff522b6 Merge branch 'master' of https://github.com/rashimo/sigma into pr-709 2020-07-07 23:12:03 +02:00
bar acbab2db4b stix backend + mapping configurations for windows logs and qradar 2020-07-07 15:04:16 +03:00
Florian Roth c8ca55b3e4 fix: duplicate wrong old key 2020-07-06 17:14:59 +02:00
Florian Roth cc31ed8b84 fix: missing NTLM log source in THOR 2020-07-06 17:07:06 +02:00
Thomas Patzke 939156fa6d Introduced dns_query log source category 2020-07-05 23:29:51 +02:00
Thomas Patzke 0df21289a0 Merge branch 'dns-fixes' of https://github.com/rtkbkish/sigma into pr-893 2020-07-05 23:24:56 +02:00
Thomas Patzke 57cb255208 Merge pull request #864 from cclauss/patch-3 
Fix undefined names in sigma2misp.py
 2020-07-05 23:16:22 +02:00
Brad Kish 8b3b312c4e Proposed fix for https://github.com/Neo23x0/sigma/issues/889 
This change removes dns events from the network connection category. The
one change is that sysmon_regsvr32_network_activity.yml needs to test
the network connection category separately from the DNS event id.
 2020-07-03 16:28:19 -04:00
Florian Roth 6420820eb2 Merge pull request #871 from Christopolos94/master 
Update to mdatp backend
 2020-07-03 11:29:01 +02:00
Thomas Patzke 43e5ae5d24 Added Windows NTLM log source + fixes 2020-07-02 23:20:36 +02:00
Florian Roth 9c0f9f398f refactor: sysmon rule cleanup > generlization 2020-07-01 10:58:39 +02:00