eefd026037
Merging latest changes for HAWK.IO
2022-03-16 20:26:49 +00:00
fe95c8abaf
setting minimum value of record score to zero
2022-02-07 14:15:16 +00:00
8dae288ff8
reducing medium scores
2022-01-28 00:24:20 +00:00
a9ada32102
reducing scores
2022-01-11 15:05:52 +00:00
d58bf20e4c
fixing err where regex is mangled and should be left alone
2021-12-09 20:43:58 +00:00
76a3dda786
fixes error when implementing regex type, data should not be escaped
2021-12-06 20:22:14 +00:00
48f592fc41
reducing scores for informational levels and adding field translation for user
2021-12-01 17:25:23 +00:00
e0e3e42c77
adding fix to begins/ends with feature
2021-12-01 16:39:25 +00:00
621f629390
adds support for begins and ends with
2021-12-01 16:10:13 +00:00
df315f5e08
enforcing snake case per hawk-analyticsd specs
2021-12-01 15:51:22 +00:00
caf47a9e3d
reducing score minus 5 for lows... will need a multitude
2021-12-01 14:33:28 +00:00
6927b0e69f
Fixing added backslashes that are generated by sigma backend
2021-12-01 13:29:15 +00:00
ad75a9a5bf
updating hawk backend to provide additional tag enrichment. helps manage the state of each sigma rule, if experimental or not
2021-11-23 16:57:43 +00:00
bc334ab456
Hawk backend support for wildcard in middle of string ( #2273 )
...
* updating yaml cfg for ms eventlog support
* update config and sigma backend, so that comments are not replaced, but rather the details of the record
* updating scriptblocktext to value
* adding a few missing ip address translations
* Fixing error when handling comparisons of null values, and additional fix of lack of support for not
* adding additional translations for missing category entries
* fixing error when handling list of ors with a not indicator
* finishes support for windows translations, pending qa
* adding dedupe feature and additional translation fix for dns-server
* adding image_loaded translation
* forced to pull back on the aggressive deduping, caused some inaccuracies
* adding more ux friendly formatting for regex
* adds support for wildcards in middle of strings
* adding a missing null check for supporting null matching
* adding cisco, av, and django cfg in yaml. updated apache in yaml and added another translation for ip_dport
2021-11-18 06:29:41 +01:00
a9b49679d3
Updates to hawk sigmac backend ( #2244 )
...
Updated HAWK sigma backend
2021-11-11 08:01:53 +01:00
7fc2a6f00d
missed one
2021-10-26 15:25:11 +00:00
0d65dcdc28
fixx err
2021-10-26 15:12:03 +00:00
22b64644ef
updating hawk backend to fix open ended backslash for regex
2021-10-26 15:09:47 +00:00
bacdf53236
updating hawk backend to fix or list map missing an outer and operator
2021-10-26 15:05:27 +00:00
e97fa8fc75
merging from upstream
2021-10-19 02:37:53 +00:00
d5498eecbf
updating hawk backend, still pending aggregation support
2021-10-19 02:35:45 +00:00
16a78187bd
updating hawk json format record
2021-10-18 21:39:49 +00:00
6e35c031de
Add additional information to the analytic record, including tags, author info, rule id and references
2021-10-18 21:39:49 +00:00
f2d9cf0964
Initial commmit of hawk analytic score generator
2021-10-18 21:39:49 +00:00
ae2923bdd8
Initial commmit of hawk analytic score generator
2021-10-18 21:39:49 +00:00
b30abd5c12
updating hawk json format record
2021-10-18 21:34:48 +00:00
6d6a57a3b4
Add additional information to the analytic record, including tags, author info, rule id and references
2021-10-14 15:05:05 +00:00
1a9f106d34
Initial commmit of hawk analytic score generator
2021-10-14 14:17:03 +00:00
1f5d9d8adc
Initial commmit of hawk analytic score generator
2021-10-13 14:36:49 +00:00
Tim Shelton