security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,511 Commits 1 Branch 57 Tags
e91fc4486e57fc40e30d12253694de4c80a9e4ea
Commit Graph

413 Commits

Author SHA1 Message Date
Austin Songer 176b9662fc Update ecs-ms365_defender.yml 2021-09-24 20:01:00 -05:00
Austin Songer dd2f3e50db Create ecs-ms365_defender.yml 2021-09-24 19:53:21 -05:00
Austin Songer 527975c02f Update ecs-azure-ad_signinlogs.yml 2021-09-24 19:33:01 -05:00
Austin Songer 9ca1ea993d Create ecs-azure-ad_signinlogs.yml 2021-09-24 19:29:40 -05:00
Steven 9cb826b0d1 Rename auditbeat.yml to ecs-auditbeat-modules-enabled.yml 2021-09-24 09:00:26 +02:00
Steven bf1a8c2415 Fix yamllint 2021-09-23 18:56:29 +02:00
Steven 35a710eec6 Added configuration for auditbeat, mapping to Elastic ECS 2021-09-23 14:59:51 +02:00
frack113 72d301ba20 remove bad cb 2021-09-18 15:55:01 +02:00
frack113 365db5abbc fix bad elasticsearch-rule 2021-09-18 15:54:08 +02:00
Austin Songer 7ff0ff104a Update ecs-okta.yml 2021-09-14 01:52:03 -05:00
Austin Songer 2a52cef62e Update ecs-okta.yml 2021-09-13 22:29:19 -05:00
Austin Songer 1895906580 Update ecs-okta.yml 2021-09-13 22:16:43 -05:00
Austin Songer 15bd61ed9f Update ecs-okta.yml 2021-09-13 21:45:14 -05:00
Mark McCurdy 94e47dcbb3 removing duplicate mappings due to yamllint 2021-09-13 21:34:52 -05:00
Austin Songer 87affad990 Create ecs-okta.yml 2021-09-13 21:31:25 -05:00
Mark McCurdy 58d9e4180a Correct for proper output to Splunk and CarbonBlack. Add AWS Athena config/backend support 2021-09-13 14:17:33 -05:00
Preston Young 4a98d68977 Merge branch 'SigmaHQ:master' into master 2021-09-09 10:28:16 -07:00
Thomas Patzke 51bc036dbf Merge pull request #1921 from roysjosh/azure-sentinel-arm-output 
Azure Sentinel support
 2021-09-01 22:26:42 +02:00
frack113 6aae623f45 Remove duplicate file 2021-08-28 08:42:02 +02:00
Joshua Roys 294bb432d0 Add Azure Sentinel backend 
The web interface expects ARM templates.
 2021-08-24 16:01:23 -04:00
Austin Songer 579a80411d Update m365.yml 2021-08-21 15:03:31 -05:00
Austin Songer 645492cef5 Update m365.yml 
just working on expanding this.
 2021-08-21 14:57:38 -05:00
Austin Songer e6457531dd Create m365.yml 2021-08-20 00:29:29 -05:00
Young 6ccff2cff5 Added support for threshold rules 2021-08-18 18:15:18 -07:00
frack113 62e541ec7f Merge pull request #1784 from frack113/winlogbeat-modules-enabled 
Update Mapping Winlogbeat modules enabled
 2021-08-12 19:14:17 +02:00
frack113 f4268d8054 Merge pull request #1707 from heyibrahimkhan/patch-6 
Create ala-suricata.yml
 2021-08-11 15:55:44 +02:00
frack113 e43b917dab fix space error 2021-08-10 17:35:32 +02:00
frack113 6b21a881ca Merge pull request #1700 from heyibrahimkhan/patch-5 
Create ala-azure-aws_cloudtrail.yml
 2021-08-09 10:21:34 +02:00
frack113 f4bef0fc39 Add Microsoft-Windows-Windows Defender/Operational 2021-08-06 11:12:34 +02:00
frack113 65251e13e9 Add missing system field 2021-08-06 10:52:24 +02:00
Young faba4f481b initial commit 2021-08-05 18:50:18 -07:00
frack113 4b44ee654b Fix missing a space 2021-08-05 13:36:18 +02:00
frack113 0b053e79cc fix syntax error 2021-08-05 13:33:39 +02:00
frack113 439b3cecc3 Add most of security EventID 2021-08-05 13:31:39 +02:00
frack113 ac43eecc36 Add eventid 4624 2021-08-05 11:20:22 +02:00
frack113 1d1b58d712 add sysmon mapping 2021-08-05 10:54:58 +02:00
frack113 481cd9aca1 add security 7045 2021-08-04 15:46:05 +02:00
frack113 47086d5d78 fix duplicate 2021-08-04 15:12:01 +02:00
frack113 21228a21c7 update SYSMON Hashes 2021-08-04 15:09:02 +02:00
Wietze 687631ee20 Several updates to CarbonBlack EEDR config 2021-07-29 14:09:37 +01:00
Gábor Lipták d2592ee0b6 Add yamllint to GHA 
Signed-off-by: Gábor Lipták <gliptak@gmail.com>
 2021-07-26 21:26:16 -04:00
phantinuss 3b5f3d8bef fix: indentation 2021-07-22 10:18:03 +02:00
phantinuss e4880169d3 add sysmon_status and sysmon_error category to thor logsources 2021-07-22 09:59:16 +02:00
Florian Roth c905e61f7a Merge pull request #1705 from thegoatreich/logrhythm-support 
Logrhythm support
 2021-07-17 13:47:04 +02:00
Ibrahim Ali Khan dbf924635d Update ecs-suricata.yml 
metadata items tag and cve mapping added.
 2021-07-17 04:55:46 +05:00
Ibrahim Ali Khan 7c6ef062c5 Create ala-suricata.yml 
Suricata logs mapping for Azure Log Analytics added
 2021-07-16 23:08:03 +05:00
thegoatreich f0f1653e42 config file for logrhythm support 
a config file and field mappings Windows event logs for LogRhythm using Lucene. 
This uses a custom backend which is mostly based on the es-qs backend.
 2021-07-16 07:54:02 -04:00
Ibrahim Ali Khan ce0d84acd7 Create ala-azure-aws_cloudtrail.yml 
AWS CloudTrail Logs mapping for Azure Log Analytics
 2021-07-15 21:51:41 +05:00
Florian Roth 680e01d309 Merge pull request #1686 from leegengyu/patch-12 
Update winlogbeat-modules-enabled.yml
 2021-07-15 08:37:09 +02:00
Florian Roth 9fce0fb42d Merge pull request #1680 from phantinuss/master 
medium level Rule for Windows Defender Exclusions
 2021-07-14 08:18:39 +02:00