security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
4,110 Commits 1 Branch 57 Tags
e78d7e6aeefdfd6965705bb769cf5fb983eef4f7
Commit Graph

172 Commits

Author SHA1 Message Date
Florian Roth d1f7a206b9 Merge pull request #1289 from weslambert/master 
Fix typo
 2020-12-13 19:04:07 +01:00
findthebad ad899899ab Updated winlogbeat.yml config to include OriginalFileName 2020-11-26 14:48:14 -05:00
Helge Aksdal 3a7c114ca3 Fix field mapping for DestinationHostname 2020-11-26 04:17:28 +01:00
Thomas Patzke 0ed54a6cae Merge pull request #1290 from arollyson/helix_backend 
Backend: FireEye Helix
 2020-11-21 00:06:19 +01:00
Alek Rollyson 83b8af6cd2 Add FirEye Helix backend 2020-11-19 11:18:28 -05:00
weslambert 832e582b8d Fix typo 2020-11-17 17:44:40 -05:00
Florian Roth 9944c0e563 Merge branch 'master' into pr/1267 2020-11-17 14:33:55 +01:00
heyibrahimkhan@gmail.com eed4fe04d5 added role name field to ecs-cloudtrail. 2020-11-13 05:59:55 +05:00
Thomas Patzke 43b9b17767 Merge pull request #1281 from andurin/kibana-ndjson-configs 
kibana-ndjson for all configs which already have kibana
 2020-11-11 07:34:37 +01:00
Hendrik 7e742cc049 kibana-ndjson for all configs which already have kibana 2020-11-09 08:46:17 +01:00
Hendrik bf5d40eec3 New Backend - Kibana NDJSON 
Tested against 7.9.3
 2020-11-05 23:34:25 +01:00
Jonhnathan 90e211bad8 Create ecs-suricata.yml 2020-11-01 21:21:04 -03:00
vh 51df5ad876 Added: 
Sumo Logic CSE Rule Backend

Updated:
Mapping depence on logsource
Azure Sentinel Query Backend
MDATP: query with few logsources
CROWDSTRIKE: fix generateMapItemTypedNode
 2020-10-06 15:07:52 +03:00
snake-jump 64035fd799 initial commit for Netwitness-EPL backend 2020-09-10 17:12:12 +02:00
tung12 172f7b371e Change mapped Image to path 2020-08-17 15:05:44 +07:00
Dermott, Scott J 7e6828dd40 + Adding Mitre Sub-Techniques and python update script to fetch latest Pre, Enterprise & Mobile Tactics and Techniques from Mitre CTI 2020-08-13 10:24:44 +01:00
bar 8352eefe22 STIX Support keywords (value without field) 2020-07-28 18:52:02 +03:00
bar de475bb500 updated STIX mapping for more rule fields 2020-07-27 14:36:30 +03:00
bar 9643e01b54 extension should use '..' 2020-07-26 12:16:48 +03:00
bar 5019f2f160 added mapping for stix web, cloud, linux 2020-07-22 21:41:46 +03:00
bar 0543ec1ae3 mapping update, removed unused fields 2020-07-21 19:49:26 +03:00
bar 83623f396c Merge remote-tracking branch 'upstream/master' 2020-07-21 17:22:06 +03:00
bar da30266c60 ImageLoaded mapping added 2020-07-21 17:21:14 +03:00
Sander 94272c7770 Revert "Ref #933 - Added windows Process Creation to config" 
This reverts commit 6c35a7afa0.
 2020-07-16 14:30:17 +02:00
Sander 6c35a7afa0 Ref #933 - Added windows Process Creation to config 2020-07-16 13:16:57 +02:00
Pushkarev Dmitry 6c999df3b7 Added AppLocker log source 2020-07-13 20:48:06 +00:00
Pushkarev Dmitry 8e3f973e69 Added AppLocker log source 2020-07-13 20:46:49 +00:00
Pushkarev Dmitry bdfb646228 Added AppLocker log source 2020-07-13 20:45:30 +00:00
Pushkarev Dmitry 364af53902 Added AppLocker log source 2020-07-13 20:44:03 +00:00
Pushkarev Dmitry 326cf05a74 Added AppLocker log source 2020-07-13 20:41:54 +00:00
Pushkarev Dmitry 46a6183745 Added AppLocker log source 2020-07-13 20:32:03 +00:00
Pushkarev Dmitry a58e037509 Added AppLocker log source 2020-07-13 20:30:02 +00:00
Pushkarev Dmitry 7fb2e2b845 Added AppLocker log source 2020-07-13 20:29:13 +00:00
Pushkarev Dmitry e376948258 Added AppLocker log source 2020-07-13 20:27:52 +00:00
Pushkarev Dmitry 0d925896b9 Added AppLocker log source 2020-07-13 20:23:42 +00:00
Pushkarev Dmitry c30a256030 Added AppLocker log source 2020-07-13 20:21:46 +00:00
Pushkarev Dmitry 1da229e3a9 Added AppLocker log source 2020-07-13 20:20:28 +00:00
Pushkarev Dmitry 3a19e3cf23 Added AppLocker log source 2020-07-13 20:18:01 +00:00
bar ca7cf8478d - IntegrityLevel mapping to integritylevel 2020-07-08 19:37:24 +03:00
bar 8855a87dbf - TargetProcessAddress mapping should be as startaddress mapping 
- remove extra '-'
 2020-07-08 17:35:57 +03:00
bar 8889ae21ca DestinationPort to network-traffic:dst_port mapping fix 2020-07-08 14:31:04 +03:00
bar acbab2db4b stix backend + mapping configurations for windows logs and qradar 2020-07-07 15:04:16 +03:00
Florian Roth c8ca55b3e4 fix: duplicate wrong old key 2020-07-06 17:14:59 +02:00
Florian Roth cc31ed8b84 fix: missing NTLM log source in THOR 2020-07-06 17:07:06 +02:00
Thomas Patzke 939156fa6d Introduced dns_query log source category 2020-07-05 23:29:51 +02:00
Brad Kish 8b3b312c4e Proposed fix for https://github.com/Neo23x0/sigma/issues/889 
This change removes dns events from the network connection category. The
one change is that sysmon_regsvr32_network_activity.yml needs to test
the network connection category separately from the DNS event id.
 2020-07-03 16:28:19 -04:00
Thomas Patzke 43e5ae5d24 Added Windows NTLM log source + fixes 2020-07-02 23:20:36 +02:00
Florian Roth 9c0f9f398f refactor: sysmon rule cleanup > generlization 2020-07-01 10:58:39 +02:00
j91321 ae842a65cb Windows Defender rules and logsource 2020-06-28 10:55:32 +02:00
Thomas Patzke d1f37bdbd4 Merge pull request #828 from stevengoossensB/master 
Split rules based on Sysmon event ID
 2020-06-28 00:00:32 +02:00