security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
10,511 Commits 1 Branch 57 Tags
e91fc4486e57fc40e30d12253694de4c80a9e4ea
Commit Graph

1373 Commits

Author SHA1 Message Date
frack113 0828ff098f Fix windows-dns-server 2022-01-15 09:07:26 +01:00
Tim Shelton a9ada32102 reducing scores 2022-01-11 15:05:52 +00:00
Tim Shelton 2732c76d66 Merge branch 'master' of https://github.com/redsand/sigma into hawk 2022-01-11 00:40:32 +00:00
Florian Roth 392175e467 Merge pull request #2529 from SigmaHQ/aurora-false-positive-fixing 
fix: add field mapping for provider name
 2022-01-07 14:15:09 +01:00
Florian Roth 683c1b59cb fix: add field mapping for provider name 2022-01-07 13:08:14 +01:00
Tim Shelton 4dc4d71afc removing hawk translation of Details to object_target 2022-01-06 17:47:36 +00:00
frack113 c19d87127e Add not_bound_keyword option for elastic 2022-01-06 12:43:04 +01:00
Thomas Patzke d0c7f54794 Merge pull request #2514 from DataDog/master 
Add Datadog Backend
 2022-01-04 07:43:43 +01:00
Tim Shelton 1618f587ab adding missing category entries 2022-01-03 22:22:35 +00:00
Tim Shelton 01c5a62941 adding additional ps that was missed 2022-01-03 22:19:33 +00:00
Tim Shelton 8b261d9a30 Adding ps_script to config 2022-01-03 22:09:50 +00:00
Anna Pauxberger 007a951e7c edit README 2022-01-03 15:00:14 -05:00
Anna Pauxberger 8fa714ca26 Merge branch 'SigmaHQ:master' into master 2022-01-03 20:20:08 +01:00
Anna Pauxberger d0560d1a65 Merge pull request #1 from DataDog/add-datadog-backend 
Add Datadog Backend
 2022-01-03 20:19:28 +01:00
Tim Shelton a4f601f53f adding spring to config 2021-12-29 19:53:57 +00:00
Julien Doutre 63705cdccb Comments 2021-12-21 12:17:13 +01:00
Julien Doutre 860744594e No mutable default argument 2021-12-21 12:02:31 +01:00
David Hazekamp 03f6b3fa89 fix(lacework): value exists 
Use is not null for non-json fields
 2021-12-17 17:17:25 -06:00
Julien Doutre a21fe1eb58 Use tags instead of facets 2021-12-15 17:26:45 +01:00
Julien Doutre 6940bf4782 capture any number of whitespaces 2021-12-15 17:14:58 +01:00
Julien Doutre 851e237240 test list selection logic 2021-12-15 16:52:48 +01:00
Julien Doutre 620cbe9293 Fix test name 2021-12-15 16:50:43 +01:00
Julien Doutre 1712e9d0a1 Move coverage test to dedicated script 2021-12-15 16:46:42 +01:00
Julien Doutre 477c9cf048 Refactor tests basic rule 2021-12-15 16:26:31 +01:00
Tim Shelton db97b29e35 addding missing entry 2021-12-14 21:52:57 +00:00
Tim Shelton 2a96f239a5 adding additional translation fields for web based requests. 2021-12-14 20:54:32 +00:00
Florian Roth baa5d3758d Merge branch 'master' into rule-devel 2021-12-13 18:05:17 +01:00
Florian Roth 51a4315ab9 fix: referrer > referer adjustments 2021-12-13 15:47:43 +01:00
Max Altgelt b4553dcd9d feat: Add finer powershell log source distinguation 
Credits for this go to @frack113
 2021-12-13 09:49:28 +01:00
frack113 87b2f45db6 Merge pull request #2401 from hazedav/master 
feat(sigma): Add support for Lacework agent data
 2021-12-10 18:04:07 +01:00
frack113 bd90531f65 Merge pull request #2424 from redsand/hawk_add_translate 
hawk backend: fixing err where regex is mangled and should be left alone
 2021-12-10 06:45:25 +01:00
Tim Shelton d58bf20e4c fixing err where regex is mangled and should be left alone 2021-12-09 20:43:58 +00:00
Tim Shelton d1b7eda60c adding translation for User, apparently its case sensitive 2021-12-09 20:04:20 +00:00
David Hazekamp 5d46d5fe46 Merge remote-tracking branch 'upstream/master' 2021-12-07 11:17:32 -06:00
hazedav 73f69c6697 feat(sigma): Add support for Lacework agent data 
Support linux.file_create
Support linux.process_creation
 2021-12-07 11:16:26 -06:00
Tim Shelton 3b7ce140c1 adding ps_module to config.. currently not listed in any config yaml for backends, will trigger regex detection on all payloads 2021-12-07 16:18:00 +00:00
Florian Roth d2e77a5cd0 Merge pull request #2392 from redsand/hawk_fix_regex_type 
fixes error when implementing regex type, data should not be escaped
 2021-12-07 06:15:10 +01:00
Tim Shelton 1937a90cbf fixing yaml err 2021-12-06 23:03:24 +00:00
Tim Shelton 7a7cf4ede6 fix str err 2021-12-06 22:32:10 +00:00
Tim Shelton 8871898adf fixing yaml fail 2021-12-06 22:05:13 +00:00
Tim Shelton ea511bd761 adding file event filter 2021-12-06 20:50:20 +00:00
Tim Shelton 76a3dda786 fixes error when implementing regex type, data should not be escaped 2021-12-06 20:22:14 +00:00
stbe be579910bb Logsource condition applied once in nested expression 2021-12-06 14:23:51 +01:00
Anna Pauxberger 309a5629ae address minor review comments 2021-12-03 12:41:49 -05:00
Tim Shelton a38f98a3be adding translation of provider_name to channel 2021-12-02 20:35:25 +00:00
Julien Doutre 02e392c22a Add source as a backend option 2021-12-02 17:28:17 +01:00
Julien Doutre 184e88ddaf Less verbose integration test output 2021-12-02 16:38:40 +01:00
Anna Pauxberger ce68ed67e2 Add Copyright 2021-12-02 10:26:51 -05:00
Anna Pauxberger aa20ec57ad Provide support for service backend-option 2021-12-02 10:21:40 -05:00
Anna Pauxberger 3cf68587a4 Merge remote-tracking branch 'origin/add-datadog-backend' into add-datadog-backend 2021-12-02 10:21:00 -05:00