security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,511 Commits 1 Branch 57 Tags
e91fc4486e57fc40e30d12253694de4c80a9e4ea
Commit Graph

1373 Commits

Author SHA1 Message Date
Thomas Patzke 3b1cbe529e Elasticsearch keyword field name blacklisting with wildcards 2019-09-05 12:38:32 +02:00
Thomas Patzke 2a60c71b9d Merge pull request #437 from svent/qradar_regex_modifier 
QRadar backend: add support for re type modifiers
 2019-09-05 10:30:18 +02:00
Thomas Patzke de5e2045f0 Merge pull request #428 from stevengoossensB/master 
AQL field selection from signatures
 2019-09-05 10:28:02 +02:00
Thomas Patzke 37e179b6a7 Merge pull request #390 from juju4/devel-sumo2 
sumologic backend: fix index and full mapping coverage
 2019-09-05 10:27:19 +02:00
svent 467c8f694c QRadar backend: add support for re type modifiers 2019-09-03 22:55:48 +02:00
Steven Goossens cb088e4911 Remove quotes from around the fields to make the query semantically correct 2019-08-26 12:43:26 +00:00
Steven Goossens ad19f05e2c Include mapped names rather then signature names 2019-08-26 12:06:20 +00:00
Steven Goossens 37caccd52e Includes the trial condition so generic query is generated whenever the fields are not defined 2019-08-26 11:48:40 +00:00
Steven Goossens 895682aef2 Implementing the fields to be selected 2019-08-26 10:57:43 +00:00
agold 0984293d0c Support for Malicious cmdlets in ATP 2019-08-20 14:33:08 -07:00
svent 1ea6d00a39 Fix QRadar field name escaping and handling 2019-08-12 23:47:43 +02:00
svent 826c1e3942 Fix QRadar backend config 2019-08-12 23:47:43 +02:00
Michiel Meersmans 0708fdd28e Correctly escape slashes within es-dsl wildcard queries 2019-08-07 12:56:19 +02:00
Florian Roth 9c85d5e80f Merge pull request #406 from tuckner/master 
Fix ala parsing issues
 2019-08-06 10:28:07 +02:00
Thomas Patzke 940c36a4cd Fixed build 
Missing package specification
 2019-08-05 23:42:33 +02:00
Thomas Patzke d5885686fc Sigmatools release 0.12 
* Value modifiers
* Config name cleanup
 2019-08-01 23:45:07 +02:00
Thomas Patzke 805c739611 Merge branch 'devel-modifiers' 2019-07-31 23:44:10 +02:00
Thomas Patzke 31c6ffcb61 No escaping for typed values 2019-07-31 23:43:29 +02:00
tuckner 8f2f1922c6 Merge pull request #1 from Neo23x0/master 
update fork
 2019-07-27 21:27:52 -05:00
Thomas Patzke 8a3117d73e Nested list handling for chained value modifiers 2019-07-16 23:03:19 +02:00
Thomas Patzke 6881967889 Further modifiers 
* base64
* base64offset
 2019-07-16 00:00:35 +02:00
Thomas Patzke 1bb29dca26 Implemented type modifiers and regular expressions 2019-07-15 22:52:10 +02:00
Thomas Patzke b9ff280209 Cleanup of configuration names 2019-07-14 00:50:15 +02:00
Thomas Patzke 5489f870cc Merge pull request #393 from HacknowledgeCH/master 
Explicit OR for list elements
 2019-07-13 23:11:44 +02:00
Thomas Patzke 134bfebe57 Ignore "timeframe" detection keyword in "all/any of" conditions 
Fixes #395
 2019-07-13 00:35:35 +02:00
christophetd 576912eb7a Support OR queries for Elasticsearch 6 and above 2019-07-08 17:12:53 +02:00
juju4 10290beb54 config/sumologic: more index mappings 2019-07-06 12:42:12 -04:00
juju4 7b0cace217 config/sumologic: more index mappings 2019-07-06 12:42:05 -04:00
juju4 2b5a77db53 add sumologic _sourceCategory and _view in aFL 2019-07-06 12:41:56 -04:00
juju4 b358d38e68 _index in aFL and mappings working! 2019-07-06 12:41:40 -04:00
Florian Roth f7ba2b3976 fix: bug in sumologic backend with 'null' values 2019-07-02 22:31:10 +02:00
Thomas Patzke 337681cfce Value modifiers 
* First transformation modfiers: contains, all
* Sigma converter modifier list
 2019-06-30 23:41:28 +02:00
Thomas Patzke 161965d14c Added version information to Winlogbeat configs 2019-06-30 22:44:12 +02:00
herrBez 74021d53d8 Modified winlogbeat config to adhere to winlogbeat 7 field names breaking changes 
ref: https://www.elastic.co/guide/en/beats/libbeat/current/breaking-changes-7.0.html
 2019-06-30 12:13:21 +02:00
Thomas Patzke 6fab5d7f23 Improved testing and removed dead&debug code 2019-06-29 00:09:53 +02:00
Thomas Patzke 377872c91e Merge branch 'devel-sumo' of https://github.com/juju4/sigma into juju4-devel-sumo 2019-06-28 23:39:15 +02:00
Thomas Patzke 0c7151c901 Watcher backend default options, refactoring and testing 2019-06-28 23:22:16 +02:00
Adrian Constantin Stanila feac0be8a4 Added 2 more actions on Elasticsearch X-pack Watcher: index and webhook 
Added timestamp filter query.
 2019-06-27 08:54:59 +03:00
juju4 654a009c9e sumologic backend: remove TypeError 2019-06-22 16:49:46 -04:00
juju4 559d0f4ba8 sumologic backend: force as string 2019-06-22 16:43:50 -04:00
juju4 2df0e9765c sumologic backend: pycodestyle review - E501 2019-06-22 16:41:57 -04:00
juju4 49533a5909 sumologic backend: pycodestyle review 2019-06-22 16:39:13 -04:00
juju4 84de12635e self.debug option, fix multiple keyvalue escapings/cleanValue, inline index for now 2019-06-22 16:19:45 -04:00
juju4 a11d800353 Merge branch 'master' into devel-sumo 2019-06-22 09:18:23 -04:00
Thomas Patzke f4da0c5540 Added field SecurityID to Winlogbeat config 2019-06-19 23:35:50 +02:00
Thomas Patzke f271685f59 Merge pull request #372 from dvas0004/patch-2 
Addition of KeyLength field
 2019-06-19 23:28:31 +02:00
Thomas Patzke d82df83ef1 Merge pull request #369 from TareqAlKhatib/refactors 
Refactors
 2019-06-19 23:16:19 +02:00
David Vassallo fdce7ad9bf Addition of KeyLength field 2019-06-14 17:58:47 +03:00
Thomas Patzke 5715413da9 Usage of Channel field name in ELK Windows config 2019-06-11 13:15:43 +02:00
John Tuckner 3529b717cb fixed backend errors in ala 2019-06-10 09:25:59 -05:00