security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,511 Commits 1 Branch 57 Tags
e91fc4486e57fc40e30d12253694de4c80a9e4ea
Commit Graph

1373 Commits

Author SHA1 Message Date
Austin Songer a798469961 Update lacework.py 2021-09-10 09:46:57 -05:00
Young fe53f6dd5d moved default values to backend file 2021-09-09 15:02:59 -07:00
Young 647f81d128 reverted changes in base.py to upstream 2021-09-09 10:55:36 -07:00
Young 03a8d93a54 Merge branch 'master' of https://github.com/Preston-Young/sigma 2021-09-09 10:41:10 -07:00
Young c2c1b21a27 cleaning up changed files 2021-09-09 10:40:48 -07:00
Preston Young 4a98d68977 Merge branch 'SigmaHQ:master' into master 2021-09-09 10:28:16 -07:00
frack113 dc88ad7c73 fix sigma_uuid assign id 2021-09-05 17:50:54 +02:00
frack113 acf2bfbd27 Update sigma_uuid verify 
Make a better verify code
 2021-09-05 10:43:42 +02:00
frack113 11e4b900e4 Update global id 2021-09-03 06:59:40 +02:00
frack113 086a15fc45 Update global ID 2021-09-02 20:07:03 +02:00
Thomas Patzke 51bc036dbf Merge pull request #1921 from roysjosh/azure-sentinel-arm-output 
Azure Sentinel support
 2021-09-01 22:26:42 +02:00
Thomas Patzke 3d6ad1bc0f Merge pull request #1944 from ncrqnt/elastic-subtechniques 
[Elastic] Add support for authors and subtechniques
 2021-09-01 22:25:10 +02:00
Young b0efaf5a51 changed adjustMatches function to combine aall atomic matches into a single bool statement 2021-08-31 18:15:46 -07:00
zazzzSec b36db223b1 fixing path wildcards that don't adhear to tool specifications 2021-08-30 21:06:57 -04:00
neu5ron 96c7e180fe Merge branch 'master' of https://github.com/SigmaHQ/sigma into qoutes_and_wildcards 
Signed-off-by: neu5ron <neu5ron@users.noreply.github.com>
 2021-08-30 16:33:33 -04:00
neu5ron 61897fa2e0 Merge branch 'master' of https://github.com/SigmaHQ/sigma into qoutes_and_wildcards 
Signed-off-by: neu5ron <neu5ron@users.noreply.github.com>
 2021-08-30 16:06:58 -04:00
Nico 00dec96245 Add support for subtechniques 2021-08-30 08:45:21 +02:00
Nico 5f271bf334 add author field to elastic rule 2021-08-30 08:29:07 +02:00
frack113 5f1143247b Update "sigmac -l" message 2021-08-28 08:51:58 +02:00
frack113 6aae623f45 Remove duplicate file 2021-08-28 08:42:02 +02:00
David Hazekamp cc6e4381b2 feat(backend): introducing lacework backend 
Adding authors
Removing todo
 2021-08-26 14:12:47 -05:00
David Hazekamp a5d175fbf7 feat(backend): introducing lacework backend 2021-08-26 14:05:44 -05:00
Young c1154e7b45 removed osMonitor.json 2021-08-24 16:24:45 -07:00
Joshua Roys 294bb432d0 Add Azure Sentinel backend 
The web interface expects ARM templates.
 2021-08-24 16:01:23 -04:00
Joshua Roys 829117ca7f Allow ints as values in ALA backend 
Without this, LogonType set as an int caused sigmac to abort the rule.
 2021-08-24 16:00:08 -04:00
Joshua Roys 93be8471ec Fix tactics/techniques in ALA backend 2021-08-24 15:58:21 -04:00
Young d1c7ee0830 cleaned up backend class and re-added support for threshold rules 2021-08-23 15:53:43 -07:00
Young f51c462439 finished building and translating AST, asupporting nested queries 2021-08-22 21:58:04 -07:00
Thomas Patzke 3396d72d81 Merge pull request #1887 from frack113/fix_NodeSubexpression_len 
fix sigmac error "has no len()"
 2021-08-22 12:11:16 +02:00
Thomas Patzke cbf1fd213b Merge pull request #1856 from theoguidoux/sql-sqlite-fields-selection 
[Ready] SQL & SQLite rule fields selection
 2021-08-22 12:09:07 +02:00
Thomas Patzke b97a47c32a Merge pull request #1895 from frack113/fix_sigma2attack.py 
sigma2attack.py fix yaml error
 2021-08-22 12:05:54 +02:00
frack113 7cd71b2240 fix yaml error 2021-08-22 08:57:07 +02:00
Austin Songer 579a80411d Update m365.yml 2021-08-21 15:03:31 -05:00
Austin Songer 645492cef5 Update m365.yml 
just working on expanding this.
 2021-08-21 14:57:38 -05:00
frack113 f6fe5e7d02 fix when backend support error 2021-08-20 13:58:57 +02:00
frack113 4e895da471 fix error "has no len()" 2021-08-20 09:20:56 +02:00
Austin Songer e6457531dd Create m365.yml 2021-08-20 00:29:29 -05:00
frack113 08324a5a56 Merge pull request #1875 from frack113/fix_sigma_similarity 
sigma_similarity fix start errors
 2021-08-19 14:16:52 +02:00
frack113 2cdab46ee4 fix start errors 2021-08-19 09:37:00 +02:00
Young 6ccff2cff5 Added support for threshold rules 2021-08-18 18:15:18 -07:00
Austin Songer e039f91272 Spelling 2021-08-18 19:00:57 +00:00
Theo Guidoux 2a3acd7d11 add selection flag for backward compatibility 2021-08-16 19:32:54 +02:00
Theo Guidoux c1876b9ff6 add fields from rules to query + sqlite 2021-08-16 13:33:43 +02:00
Theo Guidoux 16269c0d63 cleaner default value handling 2021-08-16 10:47:05 +02:00
Theo Guidoux 40018eef7f edit help + case where 'select=' 2021-08-16 10:44:01 +02:00
Thomas Patzke 5c4fd3a122 Release 0.20 2021-08-14 00:25:12 +02:00
Thomas Patzke 607724278a Merge pull request #1580 from codyswanson4:master 
Update Elasticsearch Watcher backend to populate name column in Kibana
 2021-08-13 23:33:47 +02:00
Thomas Patzke f9c9f73b09 Merge pull request #1772 from eocete-devo:master 
[Devo backend] Added support for multicondition rules using Devo subqueries
 2021-08-13 23:30:04 +02:00
Thomas Patzke 32400e5d55 Merge pull request #1785 from theoguidoux:theoguidoux/sql-backend-field-selection 
Add fields selection to sql backend option
 2021-08-13 23:29:24 +02:00
Thomas Patzke 62a53ca895 Merge pull request #1835 from wietze:fix/mdatp/linux_support 
Enabling Linux/macOS support on MDATP
 2021-08-13 23:28:06 +02:00