security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,076 Commits 1 Branch 57 Tags
f29ffc06974c0e5e80d83bb013ae8a6accedc708
Commit Graph

48 Commits

Author SHA1 Message Date
Karneades 468af42de5 Add missing event id list handling in PowerShell backend 2018-09-29 14:43:28 +02:00
Karneades c289484c5c Improve default field handling in PowerShell backend 2018-09-29 12:29:44 +02:00
Karneades c66b00356d Add initial version of PowerShell backend 
* Add PowerShell backend
* Add PowerShell config file

State: Work in progress :)

See https://github.com/Neo23x0/sigma/issues/94
 2018-09-23 21:41:48 +02:00
Thomas Patzke 7f875af1ca Fixed WDATP backend 
It never generated any output due to missing return in generate()
method.
 2018-09-06 00:31:40 +02:00
James Dickenson 29bed766dd removed re-introduced output class from qradar backend. fixed list handling error. 2018-08-21 22:45:12 -07:00
James Dickenson 468f040c0a Merge branch 'qradar-dev' 2018-08-20 21:54:30 -07:00
James Dickenson 9a61f40cef added support flor flow data in qradar backend 2018-08-16 21:44:17 -07:00
James Dickenson a8d1831382 Added aggregation support for qradar backend 2018-08-13 23:04:10 -07:00
Thomas Patzke dce4b4825d Fixed aggregations without field name 
Generated query contained field name "None".
 2018-08-10 15:07:07 +02:00
Thomas Patzke af9f636199 Removal of backend output classes 
Breaking change: Instead of feeding the output class with the results,
they are now returned as strings (*Backend.generate()) or list
(SigmaCollectionParser.generate()). Users of the library must now take
care of the output to the terminal, files or wherever Sigma rules should
be pushed to.
 2018-08-02 22:41:32 +02:00
Thomas Patzke 1c9d0a176e Moved const_start into class definition 2018-07-28 23:51:33 +02:00
Thomas Patzke df74460629 Fixed imports after config split 2018-07-27 23:54:18 +02:00
Thomas Patzke 1c4c67053c Fixes for parser split 
* Fixed imports
* Rename
 2018-07-27 00:02:07 +02:00
Thomas Patzke b76fa884ec Changed copyright notices accordingly 2018-07-24 00:01:16 +02:00
Thomas Patzke fbde251ebc Added missing exception import in ES backend 2018-07-22 09:26:25 +02:00
Thomas Patzke 91e6b8ca6b Merging refactoring changes into master 2018-07-22 09:23:07 +02:00
Thomas Patzke cf175d7b7e Removal from sigma.backends.qradar 2018-07-22 09:14:50 +02:00
Thomas Patzke 097660c678 Splitting backends - Copy qradar.py 2018-07-22 09:12:29 +02:00
Thomas Patzke c8e21b3f24 Fixing after split 
* Fixing imports
* Discovery in new sub modules
 2018-07-21 01:09:02 +02:00
Thomas Patzke b85aec6157 Merging backend split branches 2018-07-21 00:59:50 +02:00
Thomas Patzke 3e2184ac61 Removal from sigma.backends.elasticsearch 2018-07-21 00:37:36 +02:00
Thomas Patzke c2b1a58813 Removal from sigma.backends.wdatp 2018-07-10 23:49:39 +02:00
Thomas Patzke 45782c6328 Removal from sigma.backends.splunk 2018-07-10 23:48:47 +02:00
Thomas Patzke 46f29d2eb2 Removal from sigma.backends.output 2018-07-10 23:47:41 +02:00
Thomas Patzke 2d4145cfe8 Removal from sigma.backends.discovery 2018-07-10 23:46:52 +02:00
Thomas Patzke 83acff6859 Splitting backends - Copy discovery.py 2018-07-10 23:46:16 +02:00
Thomas Patzke d340487e94 Removal from sigma.backends.base 2018-07-10 23:44:14 +02:00
Thomas Patzke 2e7d366da5 Removal from sigma.backends.mixins 2018-07-10 23:42:38 +02:00
Thomas Patzke bb78c1428e Removal from sigma.backends.logpoint 2018-07-10 23:41:15 +02:00
Thomas Patzke 2edeaee748 Removal from sigma.backends.graylog 2018-07-10 23:40:17 +02:00
Thomas Patzke e5baca0ac4 Removal from sigma.backends.qualys 2018-07-10 23:39:18 +02:00
Thomas Patzke fdfe346adc Removal from sigma.backends.exceptions 2018-07-10 23:37:59 +02:00
Thomas Patzke 7fbc3a35a3 Removal from sigma.backends.cli 2018-07-10 23:33:40 +02:00
Thomas Patzke 881f72e418 Removal from sigma.backends.tools 2018-07-10 23:32:42 +02:00
Thomas Patzke 09ac41949c Removal from sigma.backends.archsight 2018-07-10 23:22:36 +02:00
Thomas Patzke 04b89befce Splitting backends - Copy elasticsearch.py 2018-07-10 23:15:04 +02:00
Thomas Patzke bb9bef4deb Splitting backends - Copy wdatp.py 2018-07-10 23:15:04 +02:00
Thomas Patzke 72480d304b Splitting backends - Copy splunk.py 2018-07-10 23:15:04 +02:00
Thomas Patzke c5d5c52850 Splitting backends - Copy output.py 2018-07-10 23:15:04 +02:00
Thomas Patzke 0c93040da5 Splitting backends - Copy base.py 2018-07-10 23:15:04 +02:00
Thomas Patzke a8e19bb4ba Splitting backends - Copy mixins.py 2018-07-10 23:15:04 +02:00
Thomas Patzke 116fe16512 Splitting backends - Copy logpoint.py 2018-07-10 23:15:04 +02:00
Thomas Patzke b621e9c3a8 Splitting backends - Copy graylog.py 2018-07-10 23:15:04 +02:00
Thomas Patzke a2ee36eac7 Splitting backends - Copy qualys.py 2018-07-10 23:15:04 +02:00
Thomas Patzke 32c70b26d8 Splitting backends - Copy exceptions.py 2018-07-10 23:15:04 +02:00
Thomas Patzke 43d951b173 Splitting backends - Copy cli.py 2018-07-10 23:15:04 +02:00
Thomas Patzke a6cd7a3d6b Splitting backends - Copy tools.py 2018-07-10 23:15:04 +02:00
Thomas Patzke 7a2b1ae790 Splitting backends - Copy arcsight.py 2018-07-10 23:15:04 +02:00