security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,511 Commits 1 Branch 57 Tags
e91fc4486e57fc40e30d12253694de4c80a9e4ea
Commit Graph

30 Commits

Author SHA1 Message Date
Thomas Patzke 9d8828a0ed Merge pull request #1696 from denny-lclin/lclin/fix-ada-wildcard 
Fix [ALA] Convesion of wildcard not as expected for ada backend #1689
 2021-10-16 20:46:23 +02:00
Joshua Roys 0f3b169c45 Implement "near" support for ALA/Sentinel 2021-09-27 15:01:32 -04:00
Joshua Roys 294bb432d0 Add Azure Sentinel backend 
The web interface expects ARM templates.
 2021-08-24 16:01:23 -04:00
Joshua Roys 829117ca7f Allow ints as values in ALA backend 
Without this, LogonType set as an int caused sigmac to abort the rule.
 2021-08-24 16:00:08 -04:00
Joshua Roys 93be8471ec Fix tactics/techniques in ALA backend 2021-08-24 15:58:21 -04:00
Denny Lin 7b001b6b91 Fix issue [ADA] Convesion of wildcard not as expected for ada backend. #1689 2021-07-15 18:04:08 +08:00
Jonhnathan f6e7fc446f Remove Wildcard 2021-07-13 11:21:12 -03:00
vh 51df5ad876 Added: 
Sumo Logic CSE Rule Backend

Updated:
Mapping depence on logsource
Azure Sentinel Query Backend
MDATP: query with few logsources
CROWDSTRIKE: fix generateMapItemTypedNode
 2020-10-06 15:07:52 +03:00
Thomas Patzke f907c49ab5 Improved test coverage 
* Added test case
* Removed unused code
 2020-06-13 01:11:08 +02:00
Thomas Patzke 32e4998c49 Removed dead code from ALA backend. 2020-05-24 21:45:37 +02:00
vh fb9c5841f4 Added Humio, Crowdstrike, Corelight 2020-05-08 13:41:52 +03:00
vh 5dc30bd388 Carbonblack, Arcsight ESM, Elastic Rule 2020-02-24 19:29:45 +02:00
vh 516e61fdb0 t 2020-02-24 19:23:11 +02:00
vh dc5a31aebc Updated Azure Sentinel backend 2020-01-31 17:17:24 +02:00
Thomas Patzke 7b62b931ce Moved ala-rule backend code into ala backend module 2020-01-13 11:24:46 +01:00
vh f9570a48cb Azure Sentinel backend (ala) - Fixed path in query 
Added new backend Azure Sentinel Rule (ala-rule)
 2019-12-30 16:11:53 +02:00
vh d42409372c Azure Sentinel backend (ala) - Fixed path in query 
Added new backend Azure Sentinel Rule (ala-rule)
 2019-12-30 16:09:19 +02:00
John Tuckner 3529b717cb fixed backend errors in ala 2019-06-10 09:25:59 -05:00
Florian Roth a6d2a5d79b fix: more general fixes of the var type issue 2019-05-15 21:25:53 +02:00
Thomas Patzke d0bd8a2a41 Mandatory configuration for most backends 2019-04-22 23:40:21 +02:00
Thomas Patzke 2dda9a7b77 Moved Sysmon schema XML from contrib directory into module 2019-03-16 00:59:29 +01:00
Thomas Patzke 3f7e08733a Added backend option 'sysmon' for ala backend 2019-03-15 23:26:15 +01:00
John Tuckner a1ba04aec8 modified process creation logic 2019-03-08 00:01:43 -06:00
tuckner e9ddd933f8 more fixes for process creation 2019-03-07 16:28:35 -06:00
John Tuckner 5a64f572e3 update 2019-03-07 10:32:59 -06:00
John Tuckner 283bd278f4 added eventid to sysmon process creation 2019-03-05 20:58:23 -06:00
John Tuckner 971bd49071 accomodated process creation and slash escapes 2019-03-05 20:50:30 -06:00
tuckner cf186387af Added schema file checking 2019-03-04 11:53:51 -06:00
tuckner c5796d7853 Added Azure Log Analytics backend 2019-03-04 10:49:50 -06:00
tuckner 8179d182c4 added azure log analytics 2019-03-04 10:44:45 -06:00