7177e32e5e
fix: issues with new sources in old THOR versions
2022-03-16 12:52:15 +01:00
1044a20149
feat: Add log sources for process listing within THOR
2022-03-15 11:51:59 +01:00
979d25ed67
fix: casing in thor config
2022-03-07 18:18:57 +01:00
53651cdd2f
Add Bits-Client rules
2022-03-03 06:27:00 +01:00
8cfab22acb
Add firewall-as basic rules
2022-02-19 10:18:49 +01:00
68f0cdf338
feat: new log channel windows-codeintegrity-operational
...
https://twitter.com/SBousseaden/status/1483810148602814466
2022-01-20 09:44:36 +01:00
683c1b59cb
fix: add field mapping for provider name
2022-01-07 13:08:14 +01:00
b4553dcd9d
feat: Add finer powershell log source distinguation
...
Credits for this go to @frack113
2021-12-13 09:49:28 +01:00
3b5f3d8bef
fix: indentation
2021-07-22 10:18:03 +02:00
e4880169d3
add sysmon_status and sysmon_error category to thor logsources
2021-07-22 09:59:16 +02:00
9fce0fb42d
Merge pull request #1680 from phantinuss/master
...
medium level Rule for Windows Defender Exclusions
2021-07-14 08:18:39 +02:00
bf9b82fc45
medium level rule for Windows Defender Exclusions
2021-07-13 13:16:25 +02:00
5e7f1f3a36
refactor: THOR config adjustments
2021-07-08 14:51:49 +02:00
ba94b8396c
config: thor - powershell classic
2021-07-02 14:14:48 +02:00
63f3fd7e73
config: add PrintService Operational
2021-07-01 09:55:15 +02:00
a49bfb14dd
refactor: Admin log - not Operational
2021-06-30 14:22:40 +02:00
26cfbb9c34
config: mapping for Microsoft SMBClient service - security
2021-06-30 14:16:26 +02:00
8262a1d98b
config: mappings for Microsoft print service
2021-06-30 14:09:44 +02:00
2f12c5c540
fix: too broad definition of *.log on linux
2021-05-03 17:04:55 +02:00
7c8cca744f
chore: Revert log file changes for THOR sigma configuration
...
Revert recent changes for Windows / Linux .log files for THOR
because of massive performance impacts.
2021-04-28 17:48:17 +02:00
de2cedf213
fix: Distinguish Windows and Linux logfiles by path separator
...
A previous commit added a log source detailing *.log files with
product: linux. This caused linux specific Sigma rules to apply to
all *.log file, including those on Windows. To distinguish these
cases, expand the file path pattern to include the typical start
for unix / windows paths ( / vs [A-Z]:\ )
2021-04-28 11:45:19 +02:00
d766c12888
feat: generic categories - thor config
2021-04-23 17:47:09 +02:00
95fa99b4a3
search generic log files for product: linux
2021-04-23 12:00:48 +02:00
e47ee24889
Merge branch 'master' into rule-devel
2021-03-20 08:52:55 +01:00
9e287a1b89
feat: MSExchange Management log mapping
2021-03-20 08:49:59 +01:00
6d626456f2
fix: syntax error in THOR's config file
2021-03-17 11:49:50 +01:00
11c216629b
fix: thor sources for applocker with wrong prefix
2021-01-07 12:27:37 +01:00
0d925896b9
Added AppLocker log source
2020-07-13 20:23:42 +00:00
c8ca55b3e4
fix: duplicate wrong old key
2020-07-06 17:14:59 +02:00
cc31ed8b84
fix: missing NTLM log source in THOR
2020-07-06 17:07:06 +02:00
43e5ae5d24
Added Windows NTLM log source + fixes
2020-07-02 23:20:36 +02:00
991108e64d
Further proxy field name fixes (config + rules)
2019-12-07 00:23:30 +01:00
e2628d6df6
fix: wrong mapping on thor.cfg
2019-11-11 09:20:20 +01:00
11ed7e7ef8
Check for valid configuration/backend combinations
2019-05-20 01:00:33 +02:00
36aeb19721
Added title to all configurations
2019-05-16 23:33:51 +02:00
8cf505fcb3
Accidentally removed windows-dhcp logsource in spark's config file
2019-04-25 08:23:48 +02:00
79f7edb6b4
Added logsources for generic sigma rules to spark config, renamed spark config to thor config
2019-04-25 08:15:50 +02:00
Florian Roth