security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,511 Commits 1 Branch 57 Tags
e91fc4486e57fc40e30d12253694de4c80a9e4ea
Commit Graph

26 Commits

Author SHA1 Message Date
davedhoff e772dbf0a9 Import Iterable from collections.abc 2021-10-22 13:56:47 -05:00
Wietze 46da416ad1 Fixing exception caused by incorrect type of passed 'path' parameter 2021-07-28 14:43:51 +01:00
jaegeral e1f43f17c2 fixed various spelling errors all over rules and source code 2021-02-24 14:43:13 +00:00
vh 51df5ad876 Added: 
Sumo Logic CSE Rule Backend

Updated:
Mapping depence on logsource
Azure Sentinel Query Backend
MDATP: query with few logsources
CROWDSTRIKE: fix generateMapItemTypedNode
 2020-10-06 15:07:52 +03:00
Thomas Patzke 09378b5ebf Fixed unsupported attempt to index a set 2020-06-28 00:27:33 +02:00
Brad Kish 203aa192c7 Fix multiple references to default field mapping in same rule 
If there is a default mapping specified for a fieldmapping and that field is
referenced multiple times in the rule, the default mapping will be "pop"ped
and return the unmapped key on subsequent uses.

Don't pop the value. Just return the first entry.
 2020-06-18 13:01:31 -04:00
vunx2 0356178c50 eventdict 2020-03-19 10:49:40 +07:00
lep 7219e0b0f1 module carbonblack 2019-10-18 14:04:38 +07:00
Thomas Patzke 84690280c5 Improved behavior on missing configuration 
Listing all configus usable with chosen backend
 2019-05-24 22:41:47 +02:00
Thomas Patzke e271484eef Load configurations via new config management 2019-05-20 00:27:35 +02:00
Thomas Patzke 3d20e0bc98 Sigma configuration management with listing 
Missing:
* Use config by identifier
 2019-05-17 09:13:59 +02:00
Thomas Patzke eb022f3908 Conditional field mapping for null values 
Fixes #326
 2019-04-25 23:24:05 +02:00
Thomas Patzke 4e83bfeb16 Fixed merge bugs 2019-01-14 22:54:26 +01:00
Thomas Patzke 42ed8acec9 Improved test coverage 
* Adding tests
* Removal of coverage measurement for debugging code
 2018-11-04 23:28:40 +01:00
Thomas Patzke 418f8d10a3 Wrap conditions generated by mappings into sub-expression 2018-11-04 23:00:04 +01:00
Thomas Patzke 0e4842962b Added tests 2018-11-04 22:16:20 +01:00
Thomas Patzke 265ce115a0 Fixed conditional field mapping usage in mapping chains 2018-10-16 13:57:51 +02:00
Thomas Patzke 2fbf17ff34 Addition and resolution of field mapping chains explicitely checks for list 2018-09-13 16:22:29 +02:00
Thomas Patzke 41a8ef2fd9 Implemented resolve_fieldname in FieldMappingChain 2018-09-13 14:56:31 +02:00
Thomas Patzke 1d7722c1cb Added configuration and field mapping chains 
Missing: field name mapping of log source conditions.
 2018-08-27 00:17:27 +02:00
Thomas Patzke df74460629 Fixed imports after config split 2018-07-27 23:54:18 +02:00
Thomas Patzke e02af9aa37 Merge config split branches 2018-07-27 23:16:50 +02:00
Thomas Patzke 50a6a92d20 Split config - code removal from exceptions 2018-07-27 00:17:35 +02:00
Thomas Patzke 405bc4a0d1 Split config - Copy exception 2018-07-27 00:17:13 +02:00
Thomas Patzke 096bc35447 Split config - code removal from mapping 2018-07-27 00:15:14 +02:00
Thomas Patzke 4ffbb25960 Split config - Copy mapping 2018-07-27 00:13:19 +02:00