 Young
|
900d149512
|
finished functionality for building flat queries
|
2021-08-13 00:42:26 -07:00 |
|
|
Young
|
3f37ee3964
|
created build query method
|
2021-08-12 22:40:45 -07:00 |
|
|
Wagga
|
4d53e4b040
|
Merge branch 'master' into master
|
2021-08-12 22:49:11 +02:00 |
|
|
Thomas Patzke
|
1b215e3aaf
|
Merge pull request #1828 from wietze/optimisation/nesting_reduction
Optimising lists/subexpressions with only one item
|
2021-08-12 22:41:17 +02:00 |
|
|
Thomas Patzke
|
8694afe023
|
Merge pull request #1779 from frack113/elastalert
Fix elastalert multi output file
|
2021-08-12 22:40:36 +02:00 |
|
|
frack113
|
62e541ec7f
|
Merge pull request #1784 from frack113/winlogbeat-modules-enabled
Update Mapping Winlogbeat modules enabled
|
2021-08-12 19:14:17 +02:00 |
|
|
Wietze
|
17595e2443
|
Enabling Linux/macOS support on MDATP, fixing incorrect parent cmd mappings
|
2021-08-12 18:07:13 +01:00 |
|
|
wagga40
|
13a3e78184
|
Fix options : removed "raw"
|
2021-08-12 15:54:02 +02:00 |
|
|
wagga40
|
cbb03db2dd
|
Fix the way YAML is dumped
|
2021-08-12 15:28:45 +02:00 |
|
|
wagga40
|
c165783fff
|
Add an option to enhance default output by choosing fields
Add an option to output in JSON or YAML
|
2021-08-12 15:26:46 +02:00 |
|
|
Florian Roth
|
80e686994c
|
Merge pull request #1824 from frack113/add_list_test_warning
Sigma Schema add new Attribute and test
|
2021-08-12 12:18:29 +02:00 |
|
|
Wietze
|
7ba375dea0
|
Optimising lists/subexpressions with length 1
Should reduce brackets on some output targets
|
2021-08-11 18:00:09 +01:00 |
|
|
frack113
|
f4268d8054
|
Merge pull request #1707 from heyibrahimkhan/patch-6
Create ala-suricata.yml
|
2021-08-11 15:55:44 +02:00 |
|
|
frack113
|
5e5ac8479c
|
Add tlp and target Attribute
|
2021-08-11 14:26:20 +02:00 |
|
|
Thomas Patzke
|
3dea956812
|
Merge pull request #1789 from frack113/fix_issue_1771
add hash_normalise option for ElasticsearchWildcardHandlingMixin
|
2021-08-11 08:21:43 +02:00 |
|
|
Young
|
13c868d3fd
|
Added more helper functions and comments
|
2021-08-10 15:34:52 -07:00 |
|
|
frack113
|
e43b917dab
|
fix space error
|
2021-08-10 17:35:32 +02:00 |
|
|
Young
|
6474968615
|
added helper functions to clean up code
|
2021-08-09 14:42:17 -07:00 |
|
|
frack113
|
6b21a881ca
|
Merge pull request #1700 from heyibrahimkhan/patch-5
Create ala-azure-aws_cloudtrail.yml
|
2021-08-09 10:21:34 +02:00 |
|
|
frack113
|
f6980edc66
|
fix english : normalize
|
2021-08-07 11:16:24 +02:00 |
|
|
frack113
|
2333defde7
|
add hash_normalise option
|
2021-08-07 08:24:36 +02:00 |
|
|
Theo Guidoux
|
b7e301b639
|
add field selection to sql backend option
|
2021-08-06 11:46:00 +02:00 |
|
|
frack113
|
f4bef0fc39
|
Add Microsoft-Windows-Windows Defender/Operational
|
2021-08-06 11:12:34 +02:00 |
|
|
frack113
|
65251e13e9
|
Add missing system field
|
2021-08-06 10:52:24 +02:00 |
|
|
Young
|
faba4f481b
|
initial commit
|
2021-08-05 18:50:18 -07:00 |
|
|
frack113
|
4a8192fecc
|
fix typo mono
|
2021-08-05 22:38:48 +02:00 |
|
|
RedKyper
|
b353a10643
|
elastalert multi output file
|
2021-08-05 20:37:07 +02:00 |
|
|
Florian Roth
|
f67e372af6
|
Merge pull request #1766 from frack113/patch_elastalert
Fix duplicate output in elastalert Backend
|
2021-08-05 15:48:18 +02:00 |
|
|
frack113
|
4b44ee654b
|
Fix missing a space
|
2021-08-05 13:36:18 +02:00 |
|
|
frack113
|
0b053e79cc
|
fix syntax error
|
2021-08-05 13:33:39 +02:00 |
|
|
frack113
|
439b3cecc3
|
Add most of security EventID
|
2021-08-05 13:31:39 +02:00 |
|
|
frack113
|
ac43eecc36
|
Add eventid 4624
|
2021-08-05 11:20:22 +02:00 |
|
|
frack113
|
1d1b58d712
|
add sysmon mapping
|
2021-08-05 10:54:58 +02:00 |
|
|
frack113
|
481cd9aca1
|
add security 7045
|
2021-08-04 15:46:05 +02:00 |
|
|
frack113
|
47086d5d78
|
fix duplicate
|
2021-08-04 15:12:01 +02:00 |
|
|
frack113
|
21228a21c7
|
update SYSMON Hashes
|
2021-08-04 15:09:02 +02:00 |
|
|
eocete
|
692bc9a63a
|
Added support for multicondition rules using Devo subqueries
|
2021-08-04 08:52:32 +02:00 |
|
|
frack113
|
359dd6bbb8
|
fix my code
|
2021-08-01 19:34:07 +02:00 |
|
|
frack113
|
186583f78f
|
fix the output not the core
|
2021-08-01 16:14:51 +02:00 |
|
|
Florian Roth
|
f06f8a1191
|
Merge pull request #1757 from wietze/fix/carbon-black-eedr/field_renames
[CarbonBlack EEDR] Several updates to config file
|
2021-07-29 18:13:47 +02:00 |
|
|
Wietze
|
687631ee20
|
Several updates to CarbonBlack EEDR config
|
2021-07-29 14:09:37 +01:00 |
|
|
Wietze
|
e0d6856987
|
[CarbonBlack] Adding extra escape character
Hyphens, especially when at the start of a query, need escaping since hyphens are also used to negate conditions
|
2021-07-29 13:57:58 +01:00 |
|
|
Florian Roth
|
7c78f40372
|
Merge pull request #1744 from gliptak/patch-3
Add yamllint to GHA
|
2021-07-28 16:24:33 +02:00 |
|
|
Wietze
|
46da416ad1
|
Fixing exception caused by incorrect type of passed 'path' parameter
|
2021-07-28 14:43:51 +01:00 |
|
|
Gábor Lipták
|
d2592ee0b6
|
Add yamllint to GHA
Signed-off-by: Gábor Lipták <gliptak@gmail.com>
|
2021-07-26 21:26:16 -04:00 |
|
|
Florian Roth
|
ce58012608
|
Merge pull request #1584 from frack113/multi_output
Update output arg options
|
2021-07-24 10:07:10 +02:00 |
|
|
phantinuss
|
3b5f3d8bef
|
fix: indentation
|
2021-07-22 10:18:03 +02:00 |
|
|
phantinuss
|
e4880169d3
|
add sysmon_status and sysmon_error category to thor logsources
|
2021-07-22 09:59:16 +02:00 |
|
|
Florian Roth
|
c905e61f7a
|
Merge pull request #1705 from thegoatreich/logrhythm-support
Logrhythm support
|
2021-07-17 13:47:04 +02:00 |
|
|
Ibrahim Ali Khan
|
dbf924635d
|
Update ecs-suricata.yml
metadata items tag and cve mapping added.
|
2021-07-17 04:55:46 +05:00 |
|