security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,775 Commits 1 Branch 57 Tags
f7ba2b39764bda72adbbde2d3fbe2c2d75d0bb1c
Commit Graph

1775 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Florian Roth f7ba2b3976 fix: bug in sumologic backend with 'null' values 2019-07-02 22:31:10 +02:00
Florian Roth 0b883a90b6 fix: null value in separate expression 2019-07-02 20:14:45 +02:00
Florian Roth f5a8a81ff7 fix: linux cmds rule 2019-07-02 15:22:26 +02:00
Florian Roth ce43d600e3 fix: added null value / application to 4688 problem 2019-07-02 10:51:48 +02:00
Thomas Patzke 161965d14c Added version information to Winlogbeat configs 2019-06-30 22:44:12 +02:00
Thomas Patzke 66f7f5b516 Merge pull request #385 from herrBez/fix-beat-fieldnames 
Modified winlogbeat config to adhere to winlogbeat 7 field names
 2019-06-30 22:42:59 +02:00
Thomas Patzke 141c4f42f3 Merge pull request #383 from TareqAlKhatib/typos 
fixed typos
 2019-06-30 22:39:56 +02:00
herrBez 74021d53d8 Modified winlogbeat config to adhere to winlogbeat 7 field names breaking changes 
ref: https://www.elastic.co/guide/en/beats/libbeat/current/breaking-changes-7.0.html
 2019-06-30 12:13:21 +02:00
Tareq AlKhatib 15e2f5df5f fixed typos 2019-06-29 15:35:59 +03:00
Thomas Patzke f4c8745cde Merge branch 'juju4-devel-sumo' 2019-06-29 00:12:25 +02:00
Thomas Patzke 6fab5d7f23 Improved testing and removed dead&debug code 2019-06-29 00:09:53 +02:00
Thomas Patzke 377872c91e Merge branch 'devel-sumo' of https://github.com/juju4/sigma into juju4-devel-sumo 2019-06-28 23:39:15 +02:00
Thomas Patzke 1cb84d0592 Merge pull request #381 from vburov/patch-6 
Added command that stops services.
 2019-06-28 23:33:54 +02:00
Thomas Patzke a61ad9c9a6 Merge branch 'master' of https://github.com/Neo23x0/sigma 2019-06-28 23:32:37 +02:00
Thomas Patzke c09c1c1b6e Merge branch 'sacx-master' 2019-06-28 23:31:09 +02:00
Thomas Patzke 0c7151c901 Watcher backend default options, refactoring and testing 2019-06-28 23:22:16 +02:00
Vasiliy Burov 2f123f64a7 Added command that stops services. 2019-06-28 19:46:34 +03:00
Adrian Constantin Stanila feac0be8a4 Added 2 more actions on Elasticsearch X-pack Watcher: index and webhook 
Added timestamp filter query.
 2019-06-27 08:54:59 +03:00
Florian Roth ad386474bf fix: removed unusable extensions in proc exec context 2019-06-26 17:03:01 +02:00
Florian Roth 708f3ef002 fix: fixed duplicate element in new double extension rule 2019-06-26 16:00:58 +02:00
Florian Roth 41dc076959 Rule: suspicious double extension 2019-06-26 15:57:25 +02:00
Thomas Patzke 0ea3a681df Merge pull request #378 from cclauss/patch-1 
Use print() function in both Python 2 and Python 3
 2019-06-26 15:15:49 +02:00
cclauss 2cbefb208b Use print() function in both Python 2 and Python 3 
Legacy __print__ statements are syntax errors in Python 3 but __print()__ function works as expected in both Python 2 and Python 3.

[flake8](http://flake8.pycqa.org) testing of https://github.com/Neo23x0/sigma on Python 3.7.1

$ __flake8 . --count --select=E9,F63,F72,F82 --show-source --statistics__
```
./contrib/sigma2sumologic.py:123:5: F821 undefined name 'parser_print_help'
    parser_print_help()
    ^
./contrib/sigma2sumologic.py:211:32: F821 undefined name 'r'
            f.write(json.dumps(r, indent=4, sort_keys=True) + " ERROR: %s\n\nQUERY: %s" % (e, sumo_query))
                               ^
./contrib/sigma2elastalert.py:165:32: E999 SyntaxError: invalid syntax
        print "Converting file " + file
                               ^
./tools/sigma/parser/collection.py:52:27: F821 undefined name 'SigmaCollectionParseError'
                    raise SigmaCollectionParseError("action 'repeat' is only applicable after first valid Sigma rule")
                          ^
1     E999 SyntaxError: invalid syntax
3     F821 undefined name 'parser_print_help'
4
```
__E901,E999,F821,F822,F823__ are the "_showstopper_" [flake8](http://flake8.pycqa.org) issues that can halt the runtime with a SyntaxError, NameError, etc. These 5 are different from most other flake8 issues which are merely "style violations" -- useful for readability but they do not effect runtime safety.
* F821: undefined name `name`
* F822: undefined name `name` in `__all__`
* F823: local variable name referenced before assignment
* E901: SyntaxError or IndentationError
* E999: SyntaxError -- failed to compile a file into an Abstract Syntax Tree
 2019-06-26 14:44:09 +02:00
Florian Roth 39b5eddfc7 Rule: Suspicious userinit.exe child process 2019-06-23 13:27:06 +02:00
juju4 654a009c9e sumologic backend: remove TypeError 2019-06-22 16:49:46 -04:00
juju4 559d0f4ba8 sumologic backend: force as string 2019-06-22 16:43:50 -04:00
juju4 2df0e9765c sumologic backend: pycodestyle review - E501 2019-06-22 16:41:57 -04:00
juju4 49533a5909 sumologic backend: pycodestyle review 2019-06-22 16:39:13 -04:00
juju4 84de12635e self.debug option, fix multiple keyvalue escapings/cleanValue, inline index for now 2019-06-22 16:19:45 -04:00
juju4 059957138d pycodestyle review, openpyxl, error at query generation=continue 2019-06-22 16:18:17 -04:00
juju4 a11d800353 Merge branch 'master' into devel-sumo 2019-06-22 09:18:23 -04:00
Florian Roth 26036e0d35 fix: fixed image in taskmgr rule 2019-06-21 17:15:53 +02:00
Thomas Patzke ff7128209e Adjusted level 2019-06-20 00:03:48 +02:00
Thomas Patzke 5aecb6a5af Merge branch 'mgreen27-master' 2019-06-20 00:02:57 +02:00
Thomas Patzke 0f8849a652 Rule fixes 
* tagging
* removed spaces
* converted to generic log source
* typos/case
 2019-06-20 00:01:56 +02:00
Thomas Patzke f4c86f15b8 Merge branch 'master' of https://github.com/mgreen27/sigma into mgreen27-master 2019-06-19 23:49:20 +02:00
Thomas Patzke 429c29ed5a Merge pull request #363 from yugoslavskiy/win_kernel_and_3rd_party_drivers_exploits_token_stealing 
rule added: Windows Kernel and 3rd-party drivers exploits. Token stea…
 2019-06-19 23:43:10 +02:00
Thomas Patzke f4da0c5540 Added field SecurityID to Winlogbeat config 2019-06-19 23:35:50 +02:00
Thomas Patzke 960cd69d50 Merge branch 'patch-4' of https://github.com/dvas0004/sigma into dvas0004-patch-4 2019-06-19 23:34:25 +02:00
Thomas Patzke f271685f59 Merge pull request #372 from dvas0004/patch-2 
Addition of KeyLength field
 2019-06-19 23:28:31 +02:00
Thomas Patzke e4e8ebbf95 Merge pull request #368 from JayPowerUser/web-source-code-enumeration 
Web Source Code Enumeration via .git
 2019-06-19 23:27:37 +02:00
Thomas Patzke dbbc1751ef Converted rule to generic log source 2019-06-19 23:25:25 +02:00
Thomas Patzke d14f5c3436 Merge pull request #371 from savvyspoon/issue285 
CAR tagging
 2019-06-19 23:21:43 +02:00
Thomas Patzke d82df83ef1 Merge pull request #369 from TareqAlKhatib/refactors 
Refactors
 2019-06-19 23:16:19 +02:00
Thomas Patzke 84c7320849 Merge pull request #370 from SherifEldeeb/patch-1 
Add detection for recent Mimikatz versions
 2019-06-16 12:50:42 +02:00
mgreen27 07e2ee474c sigma/Add sysmon_renamed_binary 2019-06-15 20:20:52 +10:00
mgreen27 1d26708887 sigma/Add sysmon_renamed_binary 2019-06-15 20:19:35 +10:00
David Vassallo d7443d71a4 Create win_pass_the_hash_2.yml 
alternative detection methods
 2019-06-14 18:08:36 +03:00
David Vassallo fdce7ad9bf Addition of KeyLength field 2019-06-14 17:58:47 +03:00
Michael Wade f70549ec54 First Pass 2019-06-13 23:15:38 -05:00