e91fc4486e
refactor: first bigger log source refactoring
...
see discussion here: https://github.com/SigmaHQ/sigma/discussions/2835
2022-03-22 17:58:29 +01:00
326cf05a74
Added AppLocker log source
2020-07-13 20:41:54 +00:00
43e5ae5d24
Added Windows NTLM log source + fixes
2020-07-02 23:20:36 +02:00
e8b956f575
Updated config
2020-05-20 12:35:00 +03:00
5dc30bd388
Carbonblack, Arcsight ESM, Elastic Rule
2020-02-24 19:29:45 +02:00
991108e64d
Further proxy field name fixes (config + rules)
2019-12-07 00:23:30 +01:00
11ed7e7ef8
Check for valid configuration/backend combinations
2019-05-20 01:00:33 +02:00
36aeb19721
Added title to all configurations
2019-05-16 23:33:51 +02:00
6918784e87
Configuration order checking
2019-04-23 00:54:10 +02:00
a276d3083d
DHCP log source in sigmac configs
2019-02-05 14:35:23 +01:00
44f18db80d
Fix YAML errors reported by yamllint
...
Especially the config for ArcSight, that was invalid:
tools/config/arcsight.yml
89:5 error duplication of key "product" in mapping (key-duplicates)
90:5 error duplication of key "conditions" in mapping (key-duplicates)
rules/windows/builtin/win_susp_commands_recon_activity.yml
10:9 error too many spaces after colon (colons)
2019-01-10 09:51:39 +01:00
d13e8d7bd3
Added ArcSight & Qualys backends
2018-06-07 16:18:23 +03:00
Florian Roth