e91fc4486e
refactor: first bigger log source refactoring
...
see discussion here: https://github.com/SigmaHQ/sigma/discussions/2835
2022-03-22 17:58:29 +01:00
eefd026037
Merging latest changes for HAWK.IO
2022-03-16 20:26:49 +00:00
c4efcae4e0
Merge branch 'master' of https://github.com/redsand/sigma into hawk
2022-01-28 00:24:07 +00:00
68f0cdf338
feat: new log channel windows-codeintegrity-operational
...
https://twitter.com/SBousseaden/status/1483810148602814466
2022-01-20 09:44:36 +01:00
3c115408b6
Adding translation for Imphash
2022-01-18 15:47:53 +00:00
4dc4d71afc
removing hawk translation of Details to object_target
2022-01-06 17:47:36 +00:00
1618f587ab
adding missing category entries
2022-01-03 22:22:35 +00:00
01c5a62941
adding additional ps that was missed
2022-01-03 22:19:33 +00:00
8b261d9a30
Adding ps_script to config
2022-01-03 22:09:50 +00:00
a4f601f53f
adding spring to config
2021-12-29 19:53:57 +00:00
db97b29e35
addding missing entry
2021-12-14 21:52:57 +00:00
2a96f239a5
adding additional translation fields for web based requests.
2021-12-14 20:54:32 +00:00
d1b7eda60c
adding translation for User, apparently its case sensitive
2021-12-09 20:04:20 +00:00
3b7ce140c1
adding ps_module to config.. currently not listed in any config yaml for backends, will trigger regex detection on all payloads
2021-12-07 16:18:00 +00:00
1937a90cbf
fixing yaml err
2021-12-06 23:03:24 +00:00
7a7cf4ede6
fix str err
2021-12-06 22:32:10 +00:00
8871898adf
fixing yaml fail
2021-12-06 22:05:13 +00:00
ea511bd761
adding file event filter
2021-12-06 20:50:20 +00:00
a38f98a3be
adding translation of provider_name to channel
2021-12-02 20:35:25 +00:00
48f592fc41
reducing scores for informational levels and adding field translation for user
2021-12-01 17:25:23 +00:00
790755e753
adding webserver as filter for sigma config
2021-11-30 16:33:54 +00:00
fff12a3461
adding antivirus filter for vendor_type.. was matching against our fim data
2021-11-23 18:14:51 +00:00
bc334ab456
Hawk backend support for wildcard in middle of string ( #2273 )
...
* updating yaml cfg for ms eventlog support
* update config and sigma backend, so that comments are not replaced, but rather the details of the record
* updating scriptblocktext to value
* adding a few missing ip address translations
* Fixing error when handling comparisons of null values, and additional fix of lack of support for not
* adding additional translations for missing category entries
* fixing error when handling list of ors with a not indicator
* finishes support for windows translations, pending qa
* adding dedupe feature and additional translation fix for dns-server
* adding image_loaded translation
* forced to pull back on the aggressive deduping, caused some inaccuracies
* adding more ux friendly formatting for regex
* adds support for wildcards in middle of strings
* adding a missing null check for supporting null matching
* adding cisco, av, and django cfg in yaml. updated apache in yaml and added another translation for ip_dport
2021-11-18 06:29:41 +01:00
a9b49679d3
Updates to hawk sigmac backend ( #2244 )
...
Updated HAWK sigma backend
2021-11-11 08:01:53 +01:00
8f22d418f3
fixing lingering item
2021-10-26 16:28:04 +00:00
893874d3a5
removing item with space, and removing duplicate item and fixing target field, thx to frack113
2021-10-26 16:25:50 +00:00
d5498eecbf
updating hawk backend, still pending aggregation support
2021-10-19 02:35:45 +00:00
ae2923bdd8
Initial commmit of hawk analytic score generator
2021-10-18 21:39:49 +00:00
Florian Roth