security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,511 Commits 1 Branch 57 Tags
e91fc4486e57fc40e30d12253694de4c80a9e4ea
Commit Graph

766 Commits

Author SHA1 Message Date
Joshua Roys 93be8471ec Fix tactics/techniques in ALA backend 2021-08-24 15:58:21 -04:00
Young d1c7ee0830 cleaned up backend class and re-added support for threshold rules 2021-08-23 15:53:43 -07:00
Young f51c462439 finished building and translating AST, asupporting nested queries 2021-08-22 21:58:04 -07:00
Thomas Patzke 3396d72d81 Merge pull request #1887 from frack113/fix_NodeSubexpression_len 
fix sigmac error "has no len()"
 2021-08-22 12:11:16 +02:00
Thomas Patzke cbf1fd213b Merge pull request #1856 from theoguidoux/sql-sqlite-fields-selection 
[Ready] SQL & SQLite rule fields selection
 2021-08-22 12:09:07 +02:00
frack113 7cd71b2240 fix yaml error 2021-08-22 08:57:07 +02:00
frack113 f6fe5e7d02 fix when backend support error 2021-08-20 13:58:57 +02:00
frack113 4e895da471 fix error "has no len()" 2021-08-20 09:20:56 +02:00
frack113 08324a5a56 Merge pull request #1875 from frack113/fix_sigma_similarity 
sigma_similarity fix start errors
 2021-08-19 14:16:52 +02:00
frack113 2cdab46ee4 fix start errors 2021-08-19 09:37:00 +02:00
Young 6ccff2cff5 Added support for threshold rules 2021-08-18 18:15:18 -07:00
Austin Songer e039f91272 Spelling 2021-08-18 19:00:57 +00:00
Theo Guidoux 2a3acd7d11 add selection flag for backward compatibility 2021-08-16 19:32:54 +02:00
Theo Guidoux c1876b9ff6 add fields from rules to query + sqlite 2021-08-16 13:33:43 +02:00
Theo Guidoux 16269c0d63 cleaner default value handling 2021-08-16 10:47:05 +02:00
Theo Guidoux 40018eef7f edit help + case where 'select=' 2021-08-16 10:44:01 +02:00
Thomas Patzke 607724278a Merge pull request #1580 from codyswanson4:master 
Update Elasticsearch Watcher backend to populate name column in Kibana
 2021-08-13 23:33:47 +02:00
Thomas Patzke f9c9f73b09 Merge pull request #1772 from eocete-devo:master 
[Devo backend] Added support for multicondition rules using Devo subqueries
 2021-08-13 23:30:04 +02:00
Thomas Patzke 32400e5d55 Merge pull request #1785 from theoguidoux:theoguidoux/sql-backend-field-selection 
Add fields selection to sql backend option
 2021-08-13 23:29:24 +02:00
Thomas Patzke 62a53ca895 Merge pull request #1835 from wietze:fix/mdatp/linux_support 
Enabling Linux/macOS support on MDATP
 2021-08-13 23:28:06 +02:00
Young 900d149512 finished functionality for building flat queries 2021-08-13 00:42:26 -07:00
Young 3f37ee3964 created build query method 2021-08-12 22:40:45 -07:00
Wagga 4d53e4b040 Merge branch 'master' into master 2021-08-12 22:49:11 +02:00
Thomas Patzke 1b215e3aaf Merge pull request #1828 from wietze/optimisation/nesting_reduction 
Optimising lists/subexpressions with only one item
 2021-08-12 22:41:17 +02:00
Thomas Patzke 8694afe023 Merge pull request #1779 from frack113/elastalert 
Fix elastalert multi output file
 2021-08-12 22:40:36 +02:00
Wietze 17595e2443 Enabling Linux/macOS support on MDATP, fixing incorrect parent cmd mappings 2021-08-12 18:07:13 +01:00
wagga40 13a3e78184 Fix options : removed "raw" 2021-08-12 15:54:02 +02:00
wagga40 cbb03db2dd Fix the way YAML is dumped 2021-08-12 15:28:45 +02:00
wagga40 c165783fff Add an option to enhance default output by choosing fields 
Add an option to output in JSON or YAML
 2021-08-12 15:26:46 +02:00
Florian Roth 80e686994c Merge pull request #1824 from frack113/add_list_test_warning 
Sigma Schema add new Attribute and test
 2021-08-12 12:18:29 +02:00
Wietze 7ba375dea0 Optimising lists/subexpressions with length 1 
Should reduce brackets on some output targets
 2021-08-11 18:00:09 +01:00
frack113 5e5ac8479c Add tlp and target Attribute 2021-08-11 14:26:20 +02:00
Young 13c868d3fd Added more helper functions and comments 2021-08-10 15:34:52 -07:00
Young 6474968615 added helper functions to clean up code 2021-08-09 14:42:17 -07:00
frack113 f6980edc66 fix english : normalize 2021-08-07 11:16:24 +02:00
frack113 2333defde7 add hash_normalise option 2021-08-07 08:24:36 +02:00
Theo Guidoux b7e301b639 add field selection to sql backend option 2021-08-06 11:46:00 +02:00
Young faba4f481b initial commit 2021-08-05 18:50:18 -07:00
frack113 4a8192fecc fix typo mono 2021-08-05 22:38:48 +02:00
RedKyper b353a10643 elastalert multi output file 2021-08-05 20:37:07 +02:00
eocete 692bc9a63a Added support for multicondition rules using Devo subqueries 2021-08-04 08:52:32 +02:00
frack113 359dd6bbb8 fix my code 2021-08-01 19:34:07 +02:00
frack113 186583f78f fix the output not the core 2021-08-01 16:14:51 +02:00
Wietze e0d6856987 [CarbonBlack] Adding extra escape character 
Hyphens, especially when at the start of a query, need escaping since hyphens are also used to negate conditions
 2021-07-29 13:57:58 +01:00
Wietze 46da416ad1 Fixing exception caused by incorrect type of passed 'path' parameter 2021-07-28 14:43:51 +01:00
Florian Roth ce58012608 Merge pull request #1584 from frack113/multi_output 
Update output arg options
 2021-07-24 10:07:10 +02:00
thegoatreich d14e0f1aaa add logrhythm lucene backend 
Copied and modded the es-qs backend for logrhythm's lucene syntax.
 2021-07-16 13:02:05 +01:00
Denny Lin 7b001b6b91 Fix issue [ADA] Convesion of wildcard not as expected for ada backend. #1689 2021-07-15 18:04:08 +08:00
Jonhnathan f6e7fc446f Remove Wildcard 2021-07-13 11:21:12 -03:00
mf1d3l 9005b58649 extend cim 2021-07-10 23:06:29 +02:00