security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7,088 Commits 1 Branch 57 Tags
e098fc73cb2fb18c723fd9727e116e9dc9bcb22e
Commit Graph

1037 Commits

Author SHA1 Message Date
frack113 6b21a881ca Merge pull request #1700 from heyibrahimkhan/patch-5 
Create ala-azure-aws_cloudtrail.yml
 2021-08-09 10:21:34 +02:00
Florian Roth f67e372af6 Merge pull request #1766 from frack113/patch_elastalert 
Fix duplicate output in elastalert Backend
 2021-08-05 15:48:18 +02:00
frack113 4b44ee654b Fix missing a space 2021-08-05 13:36:18 +02:00
frack113 0b053e79cc fix syntax error 2021-08-05 13:33:39 +02:00
frack113 439b3cecc3 Add most of security EventID 2021-08-05 13:31:39 +02:00
frack113 ac43eecc36 Add eventid 4624 2021-08-05 11:20:22 +02:00
frack113 1d1b58d712 add sysmon mapping 2021-08-05 10:54:58 +02:00
frack113 481cd9aca1 add security 7045 2021-08-04 15:46:05 +02:00
frack113 47086d5d78 fix duplicate 2021-08-04 15:12:01 +02:00
frack113 21228a21c7 update SYSMON Hashes 2021-08-04 15:09:02 +02:00
frack113 359dd6bbb8 fix my code 2021-08-01 19:34:07 +02:00
frack113 186583f78f fix the output not the core 2021-08-01 16:14:51 +02:00
Florian Roth f06f8a1191 Merge pull request #1757 from wietze/fix/carbon-black-eedr/field_renames 
[CarbonBlack EEDR] Several updates to config file
 2021-07-29 18:13:47 +02:00
Wietze 687631ee20 Several updates to CarbonBlack EEDR config 2021-07-29 14:09:37 +01:00
Wietze e0d6856987 [CarbonBlack] Adding extra escape character 
Hyphens, especially when at the start of a query, need escaping since hyphens are also used to negate conditions
 2021-07-29 13:57:58 +01:00
Florian Roth 7c78f40372 Merge pull request #1744 from gliptak/patch-3 
Add yamllint to GHA
 2021-07-28 16:24:33 +02:00
Wietze 46da416ad1 Fixing exception caused by incorrect type of passed 'path' parameter 2021-07-28 14:43:51 +01:00
Gábor Lipták d2592ee0b6 Add yamllint to GHA 
Signed-off-by: Gábor Lipták <gliptak@gmail.com>
 2021-07-26 21:26:16 -04:00
Florian Roth ce58012608 Merge pull request #1584 from frack113/multi_output 
Update output arg options
 2021-07-24 10:07:10 +02:00
phantinuss 3b5f3d8bef fix: indentation 2021-07-22 10:18:03 +02:00
phantinuss e4880169d3 add sysmon_status and sysmon_error category to thor logsources 2021-07-22 09:59:16 +02:00
Florian Roth c905e61f7a Merge pull request #1705 from thegoatreich/logrhythm-support 
Logrhythm support
 2021-07-17 13:47:04 +02:00
Ibrahim Ali Khan dbf924635d Update ecs-suricata.yml 
metadata items tag and cve mapping added.
 2021-07-17 04:55:46 +05:00
thegoatreich d14e0f1aaa add logrhythm lucene backend 
Copied and modded the es-qs backend for logrhythm's lucene syntax.
 2021-07-16 13:02:05 +01:00
thegoatreich f0f1653e42 config file for logrhythm support 
a config file and field mappings Windows event logs for LogRhythm using Lucene. 
This uses a custom backend which is mostly based on the es-qs backend.
 2021-07-16 07:54:02 -04:00
Ibrahim Ali Khan ce0d84acd7 Create ala-azure-aws_cloudtrail.yml 
AWS CloudTrail Logs mapping for Azure Log Analytics
 2021-07-15 21:51:41 +05:00
Florian Roth 680e01d309 Merge pull request #1686 from leegengyu/patch-12 
Update winlogbeat-modules-enabled.yml
 2021-07-15 08:37:09 +02:00
Florian Roth 9fce0fb42d Merge pull request #1680 from phantinuss/master 
medium level Rule for Windows Defender Exclusions
 2021-07-14 08:18:39 +02:00
G Y aacb5f767c Update winlogbeat-modules-enabled.yml 
Update mapping for EventID and TargetObject.
 2021-07-14 11:01:45 +08:00
Jonhnathan f6e7fc446f Remove Wildcard 2021-07-13 11:21:12 -03:00
phantinuss bf9b82fc45 medium level rule for Windows Defender Exclusions 2021-07-13 13:16:25 +02:00
Thomas Patzke 82b8b6890f Merge pull request #1663 from heyibrahimkhan/patch-4 
Create ala-azure-ad_auditlogs.yml
 2021-07-12 23:37:55 +02:00
Thomas Patzke 294a405481 Merge pull request #1662 from heyibrahimkhan/patch-3 
Create ala-azure-activitylogs.yml
 2021-07-12 23:37:46 +02:00
Thomas Patzke 98165cdd09 Merge pull request #1661 from heyibrahimkhan/patch-2 
Create ecs-azure-ad_auditlogs.yml
 2021-07-12 23:37:37 +02:00
Thomas Patzke a73c371c66 Merge pull request #1672 from mf1d3l:splunkdm_backend 
SplunkDM Backend: Splunk datamodels accelerated searches support
 2021-07-12 23:05:51 +02:00
Florian Roth 3761cd1b34 Merge pull request #1660 from heyibrahimkhan/patch-1 
Create ecs-azure-activitylogs.yml
 2021-07-12 17:42:49 +02:00
Florian Roth 730e9eb883 Merge pull request #1667 from leegengyu/patch-10 
Update winlogbeat-modules-enabled.yml - Imphash Field
 2021-07-12 15:37:33 +02:00
Florian Roth ac7270ff32 Merge pull request #1669 from leegengyu/patch-11 
Update winlogbeat.yml - Imphash Field
 2021-07-12 15:37:00 +02:00
Florian Roth a16ce3b828 Merge pull request #1673 from frack113/ecs 
Add mapping for auditbeat and filebeat
 2021-07-12 15:36:07 +02:00
Thomas Patzke 0b83c12dd1 Merge branch 'devel-tp' 2021-07-12 10:21:19 +02:00
frack113 b6d2ec33cc Add mapping for auditbeat and filebeat 2021-07-12 09:00:57 +02:00
mf1d3l 9005b58649 extend cim 2021-07-10 23:06:29 +02:00
mf1d3l 681accf2ba add splunkdm to Makefile 2021-07-10 22:23:15 +02:00
mf1d3l 0271bc6b13 clean 2021-07-10 22:13:09 +02:00
mf1d3l b986ed0716 extend cim 2021-07-10 19:02:24 +02:00
G Y bdb77780b3 Update winlogbeat.yml 
Change Imphash's value as current one does not exist without the Sysmon processor module under Winlogbeat.
 2021-07-10 11:37:36 +08:00
G Y cb2985df75 Update winlogbeat-modules-enabled.yml 
Replaced mapping for Imphash (based on Winlogbeat's Sysmon processor module).
 2021-07-10 10:51:05 +08:00
mfidel ffadd110cb Update splunkdm.py 2021-07-10 00:03:41 +02:00
mfidel 82f8412988 Update splunkdm.py 2021-07-10 00:02:33 +02:00
mf1d3l 368388a7e6 Add Splunk Datamodel backend 2021-07-09 23:18:17 +02:00