security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,076 Commits 1 Branch 57 Tags
f29ffc06974c0e5e80d83bb013ae8a6accedc708
Commit Graph

252 Commits

Author SHA1 Message Date
Karneades 468af42de5 Add missing event id list handling in PowerShell backend 2018-09-29 14:43:28 +02:00
Karneades c289484c5c Improve default field handling in PowerShell backend 2018-09-29 12:29:44 +02:00
Florian Roth 1c2431f33b Merge pull request #169 from Karneades/fix-aggregation-exeption 
Add rule filename to "not implemented" exception output
 2018-09-26 11:50:25 +02:00
Karneades c66b00356d Add initial version of PowerShell backend 
* Add PowerShell backend
* Add PowerShell config file

State: Work in progress :)

See https://github.com/Neo23x0/sigma/issues/94
 2018-09-23 21:41:48 +02:00
Karneades fe6f4c7475 Add rule filename to exception output for unsupported aggregation 2018-09-23 19:12:50 +02:00
Thomas Patzke 1d12fc290c Added Winlogbeat configuration 2018-09-20 12:08:11 +02:00
Thomas Patzke f3c60a6309 Added tag filtering to sigmac 2018-09-06 00:57:54 +02:00
Thomas Patzke 7f875af1ca Fixed WDATP backend 
It never generated any output due to missing return in generate()
method.
 2018-09-06 00:31:40 +02:00
James Dickenson 29bed766dd removed re-introduced output class from qradar backend. fixed list handling error. 2018-08-21 22:45:12 -07:00
James Dickenson 468f040c0a Merge branch 'qradar-dev' 2018-08-20 21:54:30 -07:00
James Dickenson 9a61f40cef added support flor flow data in qradar backend 2018-08-16 21:44:17 -07:00
James Dickenson a8d1831382 Added aggregation support for qradar backend 2018-08-13 23:04:10 -07:00
Thomas Patzke dce4b4825d Fixed aggregations without field name 
Generated query contained field name "None".
 2018-08-10 15:07:07 +02:00
Thomas Patzke f8246e9f49 Removed "not implemented" hints for available options in sigmac 2018-08-04 23:31:29 +02:00
Thomas Patzke af9f636199 Removal of backend output classes 
Breaking change: Instead of feeding the output class with the results,
they are now returned as strings (*Backend.generate()) or list
(SigmaCollectionParser.generate()). Users of the library must now take
care of the output to the terminal, files or wherever Sigma rules should
be pushed to.
 2018-08-02 22:41:32 +02:00
Thomas Patzke 1c9d0a176e Moved const_start into class definition 2018-07-28 23:51:33 +02:00
Thomas Patzke df74460629 Fixed imports after config split 2018-07-27 23:54:18 +02:00
Thomas Patzke e02af9aa37 Merge config split branches 2018-07-27 23:16:50 +02:00
Thomas Patzke eb440b3357 Split config - code removal from configuration 2018-07-27 23:02:35 +02:00
Thomas Patzke 36ada66007 Split config - Copy configuration 2018-07-27 23:01:41 +02:00
Thomas Patzke 920c4b061d Split config - code removal from filter 2018-07-27 22:35:30 +02:00
Thomas Patzke d235a9e017 Split config - Copy filter 2018-07-27 00:23:22 +02:00
Thomas Patzke 50a6a92d20 Split config - code removal from exceptions 2018-07-27 00:17:35 +02:00
Thomas Patzke 405bc4a0d1 Split config - Copy exception 2018-07-27 00:17:13 +02:00
Thomas Patzke 096bc35447 Split config - code removal from mapping 2018-07-27 00:15:14 +02:00
Thomas Patzke 4ffbb25960 Split config - Copy mapping 2018-07-27 00:13:19 +02:00
Thomas Patzke 1c4c67053c Fixes for parser split 
* Fixed imports
* Rename
 2018-07-27 00:02:07 +02:00
Thomas Patzke 88a4a5d36a Merge parser split branches 2018-07-26 23:42:09 +02:00
Thomas Patzke 595327ace4 Split parser - code removal from condition 2018-07-26 23:40:22 +02:00
Thomas Patzke c8043368bd Split parser - code removal from rule 2018-07-26 22:43:49 +02:00
Thomas Patzke 294ca20350 Split parser - code removal from collection 2018-07-26 22:28:33 +02:00
Thomas Patzke 3a0de01bad Split parser - code removal from base 2018-07-26 22:22:21 +02:00
Thomas Patzke b9425d13df Split parser - code removal from exceptions 2018-07-26 22:18:21 +02:00
Thomas Patzke e550bf5c3b Split parser - Copy base 2018-07-26 22:15:04 +02:00
Thomas Patzke a2329de03c Split parser - Copy rule 2018-07-26 22:07:38 +02:00
Thomas Patzke 1abb13c5d9 Split parser - Copy condition 2018-07-24 00:13:37 +02:00
Thomas Patzke a8501cb446 Split parser - Copy exceptions 2018-07-24 00:08:23 +02:00
Thomas Patzke 983ee6eeb9 Splitting parser - copying collections 2018-07-24 00:06:02 +02:00
Thomas Patzke 54f5870658 Removed debugging code 2018-07-24 00:04:24 +02:00
Thomas Patzke b76fa884ec Changed copyright notices accordingly 2018-07-24 00:01:16 +02:00
Thomas Patzke fbde251ebc Added missing exception import in ES backend 2018-07-22 09:26:25 +02:00
Thomas Patzke 91e6b8ca6b Merging refactoring changes into master 2018-07-22 09:23:07 +02:00
Thomas Patzke cf175d7b7e Removal from sigma.backends.qradar 2018-07-22 09:14:50 +02:00
Thomas Patzke 097660c678 Splitting backends - Copy qradar.py 2018-07-22 09:12:29 +02:00
Thomas Patzke c8e21b3f24 Fixing after split 
* Fixing imports
* Discovery in new sub modules
 2018-07-21 01:09:02 +02:00
Thomas Patzke b85aec6157 Merging backend split branches 2018-07-21 00:59:50 +02:00
Thomas Patzke 3e2184ac61 Removal from sigma.backends.elasticsearch 2018-07-21 00:37:36 +02:00
Thomas Patzke a9257c32c6 Sigma tools release 0.6 2018-07-17 23:12:23 +02:00
nikotin b5f27d75be Added Qradar backend 2018-07-17 15:25:06 +03:00
Thomas Patzke c2b1a58813 Removal from sigma.backends.wdatp 2018-07-10 23:49:39 +02:00