security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,511 Commits 1 Branch 57 Tags
e91fc4486e57fc40e30d12253694de4c80a9e4ea
Commit Graph

1373 Commits

Author SHA1 Message Date
Thomas Patzke 24b08bbf30 Merge branch 'master' of https://github.com/socprime/sigma into socprime-master 2020-05-24 17:06:32 +02:00
Thomas Patzke 8d9b706d6a Merge pull request #727 from 3CORESec/master 
Override Features
 2020-05-20 19:11:56 +02:00
vh e8b956f575 Updated config 2020-05-20 12:35:00 +03:00
neu5ron 9e272d37b7 zeek category update and minor field updates 2020-05-19 05:02:45 -04:00
neu5ron 177f0a783b winlogbeat forward (at a snails pace) ECS field names 2020-05-19 04:58:51 -04:00
~noyan 2b72ee7b84 partial(?) fix of #762 2020-05-16 14:51:58 +03:00
Tiago Faria 2893becf8c Merge remote-tracking branch 'upstream/master' 2020-05-14 14:02:20 +01:00
Remco Hofman 37b08543ac Updated author reference in license 2020-05-11 11:47:56 +02:00
vh fb9c5841f4 Added Humio, Crowdstrike, Corelight 2020-05-08 13:41:52 +03:00
Remco Hofman dc96b7ffb3 Removed dependency on slugify 2020-05-08 11:40:16 +02:00
Remco Hofman c5be83eb01 Added ee-outliers backend 2020-05-08 10:18:35 +02:00
Thomas Patzke 3b96b5e497 Merge pull request #723 from neu5ron/socprime_add_zeek_and_corelight 
sigmacs for Zeek and Corelight(Zeek)
 2020-05-06 23:22:14 +02:00
Remco Hofman 24029a8f27 Fix for broken endswith modifier 2020-05-06 17:10:54 +02:00
pdr9rc 31ad81874f capitalized titles 
corrected capitalization of titles and removed literals from config
 2020-05-05 11:32:18 +01:00
pdr9rc aa175a7d5b wip 
wip
 2020-05-04 18:02:27 +01:00
pdr9rc dd9e128a15 kibana target update 
kibana target now compatible with overrides
 2020-05-04 17:35:12 +01:00
pdr9rc b32093e734 Merge remote-tracking branch 'upstream/master' 
Keeping up with the sigmas.
 2020-05-04 17:26:51 +01:00
pdr9rc b3194e66c4 Update base.py 2020-05-04 16:37:36 +01:00
Wietze 2b3828730c Reversed disabling FileDelete 2020-05-02 17:31:50 +01:00
Wietze e5574e07f2 Disabled FileDelete event (Sysmon 11 - no rules available yet) 2020-05-02 16:21:56 +01:00
Wietze 5abf4cbea9 Reordered fields 2020-05-02 14:46:55 +01:00
Wietze 661108903b Minor consistency fix 2020-05-02 14:37:37 +01:00
Wietze 46737cbfd3 Improved Microsoft ATP mapping, using Advanced Hunting Schema 
See https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference
 2020-05-02 14:31:02 +01:00
neu5ron cbe5af01a1 on behalf of @socprime [SOC Prime Inc.](https://my.socprime.com/en/tdm/) 
add a total of 5 sigmac's (sigma configs) for 3 different backends. full git message to follow in PR.
 2020-05-02 07:23:11 -04:00
Thomas Patzke 2fafff3278 Fixed: escaping of backslashes before added * 
Fixes issue #722.
 2020-05-02 00:13:15 +02:00
pdr9rc bc0a2c7ab9 wip 
wip
 2020-05-01 19:20:05 +01:00
pdr9rc 98391f985a wip 
wip
 2020-04-30 15:19:38 +01:00
Tiago Faria dfdb5b9550 better description and event.outcome 2020-04-29 23:59:26 +01:00
pdr9rc ac4a2b1f26 wip 
wip
 2020-04-29 22:55:46 +01:00
pdr9rc 9ce84a38e5 overrides section support + one example rule + cloudtrail config 
ditto
 2020-04-29 20:36:45 +01:00
alm8i 7ac685882c comments for usage 2020-04-11 15:47:23 +02:00
Danijel Grah 6312f381bf C# backend 
Converts Sigma rule into C# Regex in LINQ query
 2020-04-10 16:12:05 +02:00
Thomas Patzke 1c5c8047fd Fixes 
* Removed commented debug print statements
* Defined nullExpression
* Removed unneeded generateMapItemNode method
* Value cleaning bug on matching of wildcard at first character
 2020-04-08 23:43:46 +02:00
Thomas Patzke 3277cec7aa Reverted list sorting 
This was already implemented meanwhile in a previous commit.
 2020-04-08 23:23:44 +02:00
Thomas Patzke cf896c3093 Merge branch 'master' of https://github.com/abhikhnvasara/sigma into pr-630 2020-04-08 23:16:39 +02:00
Thomas Patzke 551a94af04 Merge branch 'master' of https://github.com/tileo/sigma into pr-658 2020-04-08 22:43:48 +02:00
Thomas Patzke 7224af54b2 Merge pull request #664 from j91321/es-rule-options 
es-rule backend options for index-patterns and time interval
 2020-04-08 22:39:45 +02:00
Thomas Patzke 1b7f33f5e2 Fixed undefined value in exception handling 
Fixes issue #702.
 2020-04-08 22:28:47 +02:00
j91321 3470011ac3 Revert time interval, use index values provided by sigmaparser 2020-04-05 20:30:57 +02:00
Thomas Patzke 693830fa83 Merge pull request 659 2020-04-03 23:46:53 +02:00
Maxime Lamothe-Brassard f92c5e9b18 Remove generation of LC rules with timeframe. 2020-04-02 15:25:30 -07:00
Florian Roth ee7babd8cb fix: security vulnerability with pyyaml < 4.2b1 2020-04-02 12:27:53 +02:00
Thomas Patzke 13dbb4cdbd Moved tools into sigma namespace 2020-03-31 23:46:58 +02:00
Florian Roth 6aba430de6 fix: sigma_uuid occurances 2020-03-31 16:29:58 +02:00
Florian Roth 4d67dff89a fix: renamed tools to allow for console_scripts list entries 2020-03-31 14:07:34 +02:00
Florian Roth 18e505c458 fix: list_configurations default values 2020-03-31 12:42:02 +02:00
Florian Roth c82156a3c9 fix: second list_configurations function params 2020-03-31 11:46:05 +02:00
Florian Roth 23ce69eaae fix: functions parameters outside of main 2020-03-31 11:42:16 +02:00
Florian Roth bb50571b13 fix: print_verbose scope 2020-03-31 11:35:21 +02:00
Florian Roth c83b4fd37c fix: fixing script install for Windows end systems 2020-03-31 11:30:47 +02:00