security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,511 Commits 1 Branch 57 Tags
e91fc4486e57fc40e30d12253694de4c80a9e4ea
Commit Graph

1373 Commits

Author SHA1 Message Date
Thomas Patzke 0ed54a6cae Merge pull request #1290 from arollyson/helix_backend 
Backend: FireEye Helix
 2020-11-21 00:06:19 +01:00
Lionel 7ca368d1ed fix issue 1285 
https://github.com/Neo23x0/sigma/issues/1285
 2020-11-20 16:42:20 +01:00
Alek Rollyson 83b8af6cd2 Add FirEye Helix backend 2020-11-19 11:18:28 -05:00
weslambert 832e582b8d Fix typo 2020-11-17 17:44:40 -05:00
Florian Roth 9944c0e563 Merge branch 'master' into pr/1267 2020-11-17 14:33:55 +01:00
Florian Roth c5c6557ca2 Merge pull request #1256 from vastlimits/master 
Backend: uberAgent ESA converter backend
 2020-11-17 14:29:01 +01:00
heyibrahimkhan@gmail.com eed4fe04d5 added role name field to ecs-cloudtrail. 2020-11-13 05:59:55 +05:00
Simen Lybekk c0a7cdc3de mdatp: Use case-insensitive searches by default 
This sohuld match the draft Sigma specification as well as other backends
 2020-11-12 14:09:30 +01:00
Simen Lybekk a75d4fb561 mdatp: Add more field mappings and table<->generic event mappings, skip IMPHASH as it's not supported 2020-11-12 13:15:38 +01:00
Sven Scharmentke 446b0b7f9d Merge branch 'master_origin' 2020-11-11 12:32:53 +01:00
Sven Scharmentke a58d04e4df Rules: Support image_load 2020-11-11 12:31:55 +01:00
Thomas Patzke 43b9b17767 Merge pull request #1281 from andurin/kibana-ndjson-configs 
kibana-ndjson for all configs which already have kibana
 2020-11-11 07:34:37 +01:00
Florian Roth 230562bdf6 Merge pull request #1278 from K-Yo/update-navigator-v4 
Update navigator v4
 2020-11-10 13:34:46 +01:00
Florian Roth c087e39698 Merge pull request #1277 from K-Yo/fix-unicode-error 
Fix unicode error in sigma2attack
 2020-11-10 13:34:05 +01:00
Hendrik 7e742cc049 kibana-ndjson for all configs which already have kibana 2020-11-09 08:46:17 +01:00
Hendrik 96e90fbff2 Fix recursion of rules 2020-11-06 12:43:52 +01:00
Olivier Caillault 34f24a60a1 Updating attack navigator version to v4.0 2020-11-05 23:37:01 +01:00
Hendrik bf5d40eec3 New Backend - Kibana NDJSON 
Tested against 7.9.3
 2020-11-05 23:34:25 +01:00
Olivier Caillault 31639366cd Fix unicode error in sigma2attack 2020-11-05 22:30:12 +01:00
Jonhnathan 90e211bad8 Create ecs-suricata.yml 2020-11-01 21:21:04 -03:00
Thomas Patzke f0e89b0c8c Fixed: typecheck in sumologig-cse 2020-10-23 19:49:55 +02:00
Thomas Patzke 2fb7dd5e99 Fixes 
* Removed Splunk regex query
* Added test for sumologic-cse backend
 2020-10-23 15:31:00 +02:00
Thomas Patzke 9dc806448c Merge branch 'master' of https://github.com/socprime/sigma into pr-1049 2020-10-23 14:57:25 +02:00
vh 383823f49a Fix: added default value of current_table 2020-10-21 10:12:17 +03:00
Sven Scharmentke ca852eca0e PR Review: Minor fixes 2020-10-21 08:54:50 +02:00
vh f45e45d736 Fix: Import SigmaRegularExpressionModifier in the splunk backend. 2020-10-20 18:13:53 +03:00
Sven Scharmentke 03ad9e22e1 Backend: uberAgent ESA converter backend 
This commit adds the first version of the uberAgent ESA converter backend for sigma. This backend generates ESA compatible query rules for uberAgent ESA Activity Monitoring.
 2020-10-20 13:23:05 +02:00
Thomas Patzke 976fc92b22 Merge pull request #971 from alan8trend/parse_nested_parentheses 
Add support nested parentheses for Sigma condition
 2020-10-12 23:30:36 +02:00
Thomas Patzke e8cdd4777a Merge pull request #1026 from ryanplasma/fix-pymisp-error 
Fix error with pymisp in sigma2misp
 2020-10-12 23:14:13 +02:00
vh 51df5ad876 Added: 
Sumo Logic CSE Rule Backend

Updated:
Mapping depence on logsource
Azure Sentinel Query Backend
MDATP: query with few logsources
CROWDSTRIKE: fix generateMapItemTypedNode
 2020-10-06 15:07:52 +03:00
Steven 8b74abe0bc - Created new categories for sysmon events 
- Replaced the explicit EventIDs with the reference to the category
- Moved the rules to the corresponding directories
 2020-09-30 20:44:14 +02:00
Florian Roth d3ee1aba66 docs: MITRE ATT&CK(R) trademark references removed or adjusted 
https://github.com/Neo23x0/sigma/issues/1028
 2020-09-30 08:53:52 +02:00
Ryan Plas cdbee4b531 Fix error with pymisp in sigma2misp 2020-09-29 12:01:33 -04:00
Thomas Patzke 378d9c94cf Merge branch 'master' of https://github.com/socprime/sigma into pr-981 2020-09-15 12:14:49 +02:00
snake-jump 5119f887c8 add Regular expression support 
Add Regular expression support for netwitness-epl backend
 2020-09-14 22:04:47 +02:00
snake-jump 531557465c delete raise exception in case of sigma key is keyword(s) 2020-09-14 16:00:03 +02:00
snake-jump 09f25cf992 delete sqlparse module usage 2020-09-10 19:05:55 +02:00
snake-jump e74846b767 modify comment 2020-09-10 18:09:15 +02:00
snake-jump 64035fd799 initial commit for Netwitness-EPL backend 2020-09-10 17:12:12 +02:00
vh a2fec9f3b9 Fix sysmon backend 2020-08-28 12:26:40 +03:00
Thomas Patzke bae09e9447 Sigmatools release 0.18.1 2020-08-26 00:06:25 +02:00
Nate Guagenti f21b3c50c6 control whether to use an analyzed field or different type if a query/value contains a wildcard. 
Signed-off-by: Nate Guagenti <neu5ron@users.noreply.github.com>
 2020-08-25 13:13:18 -04:00
Nate Guagenti a7ffb96b6b elasticsearch regex escape of '.' for case insensitivity backend options 
Signed-off-by: Nate Guagenti <neu5ron@users.noreply.github.com>
 2020-08-25 13:10:25 -04:00
Nate Guagenti 474e04dfe3 add new options to readme for elasticbackend 
Signed-off-by: Nate Guagenti <neu5ron@users.noreply.github.com>
 2020-08-25 13:00:22 -04:00
Nate Guagenti 76910eaee4 fix sub field name usage if there are 3 or more fields.. 
Signed-off-by: Nate Guagenti <neu5ron@users.noreply.github.com>
 2020-08-25 12:56:57 -04:00
Nate Guagenti 0d713e4544 control whether to use an analyzed field or different type if a query/value contains a wildcard. 
Signed-off-by: Nate Guagenti <neu5ron@users.noreply.github.com>
 2020-08-25 12:56:33 -04:00
tung12 1921e9dd89 Fix wild card and some escaped characters 2020-08-18 15:57:13 +07:00
SOC Prime d3ba1e4fb8 Add sysmon backend 2020-08-18 11:20:22 +03:00
tung12 172f7b371e Change mapped Image to path 2020-08-17 15:05:44 +07:00
Dermott, Scott J 7e6828dd40 + Adding Mitre Sub-Techniques and python update script to fetch latest Pre, Enterprise & Mobile Tactics and Techniques from Mitre CTI 2020-08-13 10:24:44 +01:00