security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,511 Commits 1 Branch 57 Tags
e91fc4486e57fc40e30d12253694de4c80a9e4ea
Commit Graph

1373 Commits

Author SHA1 Message Date
Anna Pauxberger 9cd6e4f3d7 Change README 2021-12-02 10:20:17 -05:00
Julien Doutre 39cc870334 test field mapping 2021-12-02 16:15:08 +01:00
Anna Pauxberger 181ffb1933 Remove redundant escapes 2021-12-01 16:21:06 -05:00
Anna Pauxberger 68ac5c01ef Fix DatadogLogsBackend in Tests 2021-12-01 16:20:46 -05:00
Anna Pauxberger b0fa982605 add Datadog to README 2021-12-01 16:08:39 -05:00
Anna Pauxberger e86ddc0b36 fix naming and references 2021-12-01 16:08:00 -05:00
Anna Pauxberger ab1e1c5fe0 specify datadog-logs backend 2021-12-01 15:11:51 -05:00
Tim Shelton 48f592fc41 reducing scores for informational levels and adding field translation for user 2021-12-01 17:25:23 +00:00
Tim Shelton e0e3e42c77 adding fix to begins/ends with feature 2021-12-01 16:39:25 +00:00
Tim Shelton 621f629390 adds support for begins and ends with 2021-12-01 16:10:13 +00:00
Tim Shelton df315f5e08 enforcing snake case per hawk-analyticsd specs 2021-12-01 15:51:22 +00:00
Tim Shelton caf47a9e3d reducing score minus 5 for lows... will need a multitude 2021-12-01 14:33:28 +00:00
Tim Shelton b3a9e05a59 Merge branch 'master' of https://github.com/redsand/sigma into hawk_webserver_category 2021-12-01 14:26:35 +00:00
Florian Roth e43d7f7e0e Merge pull request #2357 from redsand/hawk_backend_fix_added_double_backslash_from_sigmac 
Fixing added backslashes that are generated by sigma backend
 2021-12-01 15:11:32 +01:00
Tim Shelton 6927b0e69f Fixing added backslashes that are generated by sigma backend 2021-12-01 13:29:15 +00:00
Julien Doutre f042480c63 Factor test query generation logic 2021-12-01 11:38:38 +01:00
Julien Doutre 4989be3923 consolidate test names 2021-12-01 11:24:57 +01:00
Julien Doutre 8bf814b3c0 Fix failing test 2021-12-01 11:10:06 +01:00
Julien Doutre c4b4703cf2 unittest assert statements 2021-12-01 11:00:27 +01:00
Anna Pauxberger 34c4f5dbb3 add tests 2021-12-01 00:28:09 -05:00
frack113 00560f3162 Add zircolite config 2021-11-30 19:10:14 +01:00
Tim Shelton 790755e753 adding webserver as filter for sigma config 2021-11-30 16:33:54 +00:00
Julien Doutre fe1b4cf48a Integration test over all the rules 2021-11-30 16:10:56 +01:00
Julien Doutre 3fc0d80280 Fix config init 2021-11-29 18:08:34 +01:00
Julien Doutre b2645eb017 Handle facets and attributes 2021-11-29 17:23:23 +01:00
Julien Doutre 230705d28c Support null values 2021-11-29 16:13:23 +01:00
Julien Doutre b114c76afe Consistent regexp 2021-11-29 15:20:05 +01:00
Julien Doutre beab887ad1 Escape queries 2021-11-29 15:11:29 +01:00
Julien Doutre 34d1729c5f unset service case handling 2021-11-29 11:55:50 +01:00
Julien Doutre 5c91a1ab42 fix attribute check logic 2021-11-25 16:14:02 +01:00
Tim Shelton fff12a3461 adding antivirus filter for vendor_type.. was matching against our fim data 2021-11-23 18:14:51 +00:00
Julien Doutre 0abb360f99 Support index backend option 2021-11-23 18:11:46 +01:00
Julien Doutre dca139d298 Example backend config file 2021-11-23 18:11:27 +01:00
Tim Shelton ad75a9a5bf updating hawk backend to provide additional tag enrichment. helps manage the state of each sigma rule, if experimental or not 2021-11-23 16:57:43 +00:00
Julien Doutre 81d3756008 Simple rules support 2021-11-23 17:51:03 +01:00
Anna Pauxberger c2b91c58d9 add datadog backend structure 2021-11-23 11:08:27 -05:00
frack113 4425f9cbcd Update sigma2attack.py 2021-11-20 19:59:57 +01:00
frack113 17296b4f5c Fix score error 2021-11-20 11:13:18 +01:00
frack113 1186982172 Add missing info 2021-11-20 10:10:17 +01:00
frack113 64d7386b9d Update and fix sigma2attack 2021-11-20 09:55:51 +01:00
redsand (Tim Shelton) bc334ab456 Hawk backend support for wildcard in middle of string (#2273) 
* updating yaml cfg for ms eventlog support

* update config and sigma backend, so that comments are not replaced, but rather the details of the record

* updating scriptblocktext to value

* adding a few missing ip address translations

* Fixing error when handling comparisons of null values, and additional fix of lack of support for not

* adding additional translations for missing category entries

* fixing error when handling list of ors with a not indicator

* finishes support for windows translations, pending qa

* adding dedupe feature and additional translation fix for dns-server

* adding image_loaded translation

* forced to pull back on the aggressive deduping, caused some inaccuracies

* adding more ux friendly formatting for regex

* adds support for wildcards in middle of strings

* adding a missing null check for supporting null matching

* adding cisco, av, and django cfg in yaml. updated apache in yaml and added another translation for ip_dport
 2021-11-18 06:29:41 +01:00
Sven Scharmentke c09b1861ec Merge branch 'SigmaHQ:master' into feature/uberagent-compat-6.2 2021-11-17 16:30:05 +01:00
Thomas Patzke ad647a6ecb Merge pull request #2240 from Entropy0/bugfix/condition-type-inheritance 
fix condition token inheritance
 2021-11-15 23:43:53 +01:00
Thomas Patzke cdaefbff69 Merge pull request #2265 from SigmaHQ/fix-ids 
Additional characters in identifier token
 2021-11-15 23:26:28 +01:00
Thomas Patzke aa47b88326 Merge pull request #2264 from roysjosh/fix-agg-ge-le 
Fix aggregation GE/LE
 2021-11-15 22:51:14 +01:00
Thomas Patzke 068255fc82 Additional characters in identifier token 2021-11-15 22:46:22 +01:00
Joshua Roys 87f919d0bc Fix aggregation GE/LE 
List longest matches first otherwise they will never match.
 2021-11-15 15:57:46 -05:00
wagga40 a8d00385c3 Fix double quotes escaping and values with commas in SQLite/SQL backends 2021-11-11 20:55:01 +01:00
frack113 8b419b8f07 Merge pull request #2247 from frack113/fix_field 
Fix rule field name
 2021-11-11 08:51:52 +01:00
redsand (Tim Shelton) a9b49679d3 Updates to hawk sigmac backend (#2244) 
Updated HAWK sigma backend
 2021-11-11 08:01:53 +01:00