d61a971874
Minor refactors
2019-06-10 09:55:52 +03:00
8a0f706cca
Merge branch 'master' of https://github.com/Neo23x0/sigma
2019-05-30 23:24:37 +02:00
1986bcb843
Sigma tools release 0.11
2019-05-30 22:56:38 +02:00
673973e523
Merge pull request #357 from agix/es_dsl_bug
...
fix missing condition when unique plus timeframe
2019-05-30 22:42:09 +02:00
8023011bb1
Merge branch 'elastalert_dsl_backend' of https://github.com/agix/sigma into agix-elastalert_dsl_backend
2019-05-30 22:33:57 +02:00
89c1d7b63d
Wrong fix, self.queries should be emptied after copied to rule_object
2019-05-29 16:10:14 +02:00
748ac2e206
Dont combine multiple queries
2019-05-29 16:05:53 +02:00
04d91573f3
Merge pull request #355 from agix/allow_empty_keyword
...
Allow empty keyword_field
2019-05-28 21:45:55 +02:00
2ecc55c13f
Merge pull request #351 from ipninichuck/master
...
added metadata field to the watcher alert
2019-05-28 21:42:27 +02:00
d866e75750
Be sure there is a key in the single condition
2019-05-27 17:27:16 +02:00
e8a7c5f7b9
fix missing condition when unique plus timeframe
2019-05-27 17:22:28 +02:00
6bf010fb4b
introduce elastalert-dsl
...
(cherry picked from commit 0235ec23200e62766d9f21fbd26ed834991a0b61)
2019-05-27 17:18:19 +02:00
4168c0ec64
Allow empty keyword_field
2019-05-27 15:08:33 +02:00
36ba9f78da
Improved message if configuration is missing
2019-05-27 13:18:36 +02:00
38f3966751
Changed backend list formatting to new method
2019-05-26 22:58:14 +02:00
eb9564557e
Moved generic class discovery code into new tools module
2019-05-26 22:29:07 +02:00
84690280c5
Improved behavior on missing configuration
...
Listing all configus usable with chosen backend
2019-05-24 22:41:47 +02:00
75ec169d5c
added metadata field to the watcher alert
...
While utilizing Kibana to track watches directly from the watch index it became quickly apparent that useful metadata was not available. In my project's case it was the title, description and tags from the sigma rule. By adding them to the metadata field it makes it easier to utilize them in visualizations of the watches themselves. In the future perhaps the contents of the metadata field could be given as an option for each user.
2019-05-22 04:30:47 -07:00
194afa739f
Generate rule name for each condition
...
In backends kibana and xpack-watcher.
Fixes #329
2019-05-21 00:36:19 +02:00
af0bd1b082
Removed debug code from backend option handling
...
Additionally: code simplification
2019-05-21 00:21:52 +02:00
97541ac267
Added -C shortcut for --backend-config
2019-05-21 00:15:01 +02:00
7e163d71eb
Added option to use old URL in xpack-watcher backend
2019-05-21 00:01:21 +02:00
4e63e925cf
Merge branch 'patch-1' of https://github.com/lliknart/sigma into lliknart-patch-1
2019-05-20 23:43:49 +02:00
11ed7e7ef8
Check for valid configuration/backend combinations
2019-05-20 01:00:33 +02:00
e271484eef
Load configurations via new config management
2019-05-20 00:27:35 +02:00
3d20e0bc98
Sigma configuration management with listing
...
Missing:
* Use config by identifier
2019-05-17 09:13:59 +02:00
71ff6bd943
Catch type errors in configuration handling
2019-05-16 23:34:44 +02:00
36aeb19721
Added title to all configurations
2019-05-16 23:33:51 +02:00
f86342012a
Update elasticsearch.py
...
From ElasticSearch 7.0, the URI to access to Watcher API changes
Deprecation: [PUT /_xpack/watcher/watch/{id}] is deprecated! Use [PUT /_watcher/watch/{id}] instead.
2019-05-16 16:17:57 +02:00
a6d2a5d79b
fix: more general fixes of the var type issue
2019-05-15 21:25:53 +02:00
9f1bbb0a0d
fix: missing type check in WDATP backend
2019-05-15 21:20:20 +02:00
526468bec3
Merge pull request #298 from christophetd/elastalert-allow-rules-without-http-post-url
...
Allow generating Elastalert rules with the http_post alert type without specifying a URL at generation time
2019-05-10 00:31:33 +02:00
a361664ed2
Merge pull request #318 from HacknowledgeCH/es-qs-not-parenthesis-fix
...
Correct parenthesization for NOT expressions in the ES-QS backend
2019-05-10 00:14:29 +02:00
763939a8ca
Hide --shoot-yourself-in-the-foot
2019-04-25 23:42:13 +02:00
eb022f3908
Conditional field mapping for null values
...
Fixes #326
2019-04-25 23:24:05 +02:00
cfb4f32651
Backend es-dsl tolerates rules without title and log source
2019-04-25 22:41:31 +02:00
17ae9ea91c
Renamed spark config in setup.py
2019-04-25 09:56:29 +02:00
8cf505fcb3
Accidentally removed windows-dhcp logsource in spark's config file
2019-04-25 08:23:48 +02:00
79f7edb6b4
Added logsources for generic sigma rules to spark config, renamed spark config to thor config
2019-04-25 08:15:50 +02:00
6918784e87
Configuration order checking
2019-04-23 00:54:10 +02:00
c90d3e811e
Formatted error code definitions
2019-04-23 00:53:52 +02:00
e9af99c147
Completed error codes
2019-04-23 00:52:31 +02:00
d0bd8a2a41
Mandatory configuration for most backends
2019-04-22 23:40:21 +02:00
34c426a95b
Moved error codes to constants defined centrally
2019-04-22 23:15:35 +02:00
4e16bbafa8
Correct parenthesization for NOT expressions in the ES-QS backend
2019-04-16 10:30:18 +02:00
5194e8778c
Fail on missing target selection
2019-04-14 23:50:07 +02:00
6351c5a350
Sigma ATT&CK coverage by @jmallette
2019-04-11 18:27:52 +02:00
cd456a1d2b
initial SIGMA ATTACK Navigator layer release
2019-04-09 22:49:28 -04:00
152febcea2
sumologic: fixing non-pushed cleannode()
2019-04-07 13:04:15 -04:00
d32e5c10b8
Allow generating Elastalert rules with the http_post alert type without specifying a URL at generation time
2019-04-03 17:22:58 +02:00
Tareq AlKhatib