security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,511 Commits 1 Branch 57 Tags
e91fc4486e57fc40e30d12253694de4c80a9e4ea
Commit Graph

1373 Commits

Author SHA1 Message Date
ZikyHD 510da0085e Update sysmon.py (#2234) 
Update sysmon.py  and merge from master
 2021-11-10 20:43:13 +01:00
frack113 b7b1ebf772 Fix LogonId - SubjectLogonId 2021-11-10 19:12:51 +01:00
frack113 ee4082b50d Merge pull request #2242 from frack113/fix_ProcessCommandLine 
Fix process command line
 2021-11-10 08:09:06 +01:00
frack113 a089a83794 Merge pull request #2238 from frack113/fix_logsource 
Fix logsource
 2021-11-10 08:08:40 +01:00
frack113 ca17949d85 Merge pull request #2237 from frack113/m365 
standardization m365
 2021-11-10 08:08:10 +01:00
frack113 c5fa73c328 fix ProcessCommandLine to ParentCommandLine 2021-11-09 16:13:29 +01:00
Entropy0 c7259b6196 fix condition token inheritance 
Without this fix, isinstance(ConditionOR(), ConditionAND) yields True
 2021-11-09 13:19:53 +01:00
David Vassallo e1ecd379fa Update elk-winlogbeat.yml 
Adding "RelativeTargetName" since it's used by `win_lm_namedpipe.yml`
 2021-11-09 13:38:31 +02:00
frack113 6c19303aa4 normalize logsource 2021-11-09 10:48:13 +01:00
frack113 3430943746 standardization 2021-11-09 07:27:25 +01:00
Sven Scharmentke 075419da38 Initial commit of pending changes providing uberAgent 6.2 compatibilitz. 2021-11-09 03:38:12 +01:00
frack113 7f087797d6 Merge pull request #2175 from frack113/elastic_is_bad_in_regex 
manage start end regex for Elastic
 2021-11-05 12:27:18 +01:00
Jordi Schoots 23ed626287 Change location value=str(value) 2021-11-01 16:05:34 +01:00
Jordi Schoots 9d0123e782 Fix errors introduced at commit 58d9e41 2021-11-01 12:40:41 +01:00
frack113 fb750721b2 Merge pull request #2212 from frack113/new_status 
New status from discussions
 2021-10-31 20:38:28 +01:00
frack113 f4b1dcfc72 cleanup code 2021-10-28 20:56:19 +02:00
frack113 c49b0d49fa Add deprecated status 2021-10-28 20:08:27 +02:00
frack113 e9d163cdd1 add filter not status 2021-10-28 19:46:36 +02:00
Nasreddine Bencherchali 1015d3fe68 Update winlogbeat-modules-enabled.yml 
- Fixed typos in FileVersion, Description, Product, and Company fields for image_load category.
- Added separate OriginalFileName fields for process_creation, image_load categories.
 2021-10-28 16:05:40 +01:00
frack113 781598351d Add SourceUser and TargetUser 2021-10-27 17:13:34 +02:00
frack113 ce5e4c45f1 Add sysmon 13.30 ParentUser 2021-10-27 12:58:10 +02:00
Tim Shelton 9b6be31c8d commenting out exceptions output from handling 2021-10-26 18:25:23 +00:00
Tim Shelton 8f22d418f3 fixing lingering item 2021-10-26 16:28:04 +00:00
Tim Shelton 893874d3a5 removing item with space, and removing duplicate item and fixing target field, thx to frack113 2021-10-26 16:25:50 +00:00
Tim Shelton 7fc2a6f00d missed one 2021-10-26 15:25:11 +00:00
Tim Shelton 0d65dcdc28 fixx err 2021-10-26 15:12:03 +00:00
Tim Shelton 22b64644ef updating hawk backend to fix open ended backslash for regex 2021-10-26 15:09:47 +00:00
Tim Shelton bacdf53236 updating hawk backend to fix or list map missing an outer and operator 2021-10-26 15:05:27 +00:00
Tim Shelton 6b5c63e485 Merge branch 'master' of https://github.com/redsand/sigma into HAWK_Backend 2021-10-25 18:39:48 +00:00
davedhoff e772dbf0a9 Import Iterable from collections.abc 2021-10-22 13:56:47 -05:00
frack113 963f32063f Merge pull request #2148 from SigmaHQ/rule-devel 
First Linux Process Creation and Network Connection rules (Sysmon for Linux)
 2021-10-21 19:10:08 +02:00
V1D1AN a47645a084 Modify event.provider to event.module 2021-10-21 08:34:41 +02:00
frack113 bb758bdb0f manage start end regex 2021-10-20 21:20:04 +02:00
al3t 7500346ce7 Update winlogbeat-modules-enabled.yml 
updating field mapping
 2021-10-20 17:06:55 +03:00
Tim Shelton e97fa8fc75 merging from upstream 2021-10-19 02:37:53 +00:00
Tim Shelton d5498eecbf updating hawk backend, still pending aggregation support 2021-10-19 02:35:45 +00:00
Tim Shelton 16a78187bd updating hawk json format record 2021-10-18 21:39:49 +00:00
Tim Shelton 6e35c031de Add additional information to the analytic record, including tags, author info, rule id and references 2021-10-18 21:39:49 +00:00
Tim Shelton f2d9cf0964 Initial commmit of hawk analytic score generator 2021-10-18 21:39:49 +00:00
Tim Shelton ae2923bdd8 Initial commmit of hawk analytic score generator 2021-10-18 21:39:49 +00:00
Tim Shelton b30abd5c12 updating hawk json format record 2021-10-18 21:34:48 +00:00
Wagga 17d78a5c4c Fix a missing var reset in SQLite backend 2021-10-17 16:21:59 +02:00
frack113 e5b3a1cc14 Merge pull request #2151 from frack113/ps_category 
Powershell category
 2021-10-17 07:15:31 +01:00
frack113 7fc6532665 fix yml 2021-10-16 22:49:20 +02:00
Thomas Patzke 76c02a14b2 Merge pull request #1558 from maketsi/splunk-search-ext 
Added ability to define free-text searches in the logsource mapping
 2021-10-16 20:49:14 +02:00
Thomas Patzke 9d8828a0ed Merge pull request #1696 from denny-lclin/lclin/fix-ada-wildcard 
Fix [ALA] Convesion of wildcard not as expected for ada backend #1689
 2021-10-16 20:46:23 +02:00
Thomas Patzke f3c01a3f65 Merge pull request #1948 from zazzzSec/fix_cb_paths 
fixing cb path wildcards that don't work
 2021-10-16 20:44:14 +02:00
Thomas Patzke 4806a88427 Merge pull request #2029 from marcurdy/master 
Correct for proper output to Splunk and CarbonBlack. Add AWS Athena c…
 2021-10-16 20:37:59 +02:00
Thomas Patzke e6881e41a6 Merge pull request #2090 from roysjosh/ala-near 
Implement "near" support for ALA/Sentinel
 2021-10-16 20:34:32 +02:00
Thomas Patzke 00dd72acf2 Merge pull request #2118 from albchen/patch-3 
Add generateAggregation
 2021-10-16 20:33:11 +02:00