security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
7,892 Commits 1 Branch 57 Tags
fefb8564717d69af72ededb4172bc7ec00aac734
Commit Graph

23 Commits

Author SHA1 Message Date
Austin Songer 579a80411d Update m365.yml 2021-08-21 15:03:31 -05:00
Austin Songer 645492cef5 Update m365.yml 
just working on expanding this.
 2021-08-21 14:57:38 -05:00
Austin Songer e6457531dd Create m365.yml 2021-08-20 00:29:29 -05:00
frack113 1d1b58d712 add sysmon mapping 2021-08-05 10:54:58 +02:00
frack113 1b4d4cfb82 Add missing sysmon EventID 2021-06-09 12:52:38 +02:00
Florian Roth d24f0b8988 feat: generic registry events compatible with native audit logging 2021-04-26 09:31:36 +02:00
Florian Roth 66d0f910dd feat: windows native events - registry_event 2021-04-25 22:35:23 +02:00
Steven 7b679cc1f7 - Modified rules to use categories instead of hardcoded event IDs 
- Added file_delete category (Sysmon Event ID 23) to the generic translation file
 2021-04-15 01:40:31 +02:00
Steven 8b74abe0bc - Created new categories for sysmon events 
- Replaced the explicit EventIDs with the reference to the category
- Moved the rules to the corresponding directories
 2020-09-30 20:44:14 +02:00
Thomas Patzke 939156fa6d Introduced dns_query log source category 2020-07-05 23:29:51 +02:00
Brad Kish 8b3b312c4e Proposed fix for https://github.com/Neo23x0/sigma/issues/889 
This change removes dns events from the network connection category. The
one change is that sysmon_regsvr32_network_activity.yml needs to test
the network connection category separately from the DNS event id.
 2020-07-03 16:28:19 -04:00
Florian Roth 9c0f9f398f refactor: sysmon rule cleanup > generlization 2020-07-01 10:58:39 +02:00
Florian Roth 07c0a6558e fix: wording on sysmon mapping file 2020-06-24 17:49:42 +02:00
Florian Roth f3fedef8f5 Changed category names and remove sysmon log source 2020-06-24 17:41:21 +02:00
Steven Goossens 423baafa2a Added rules for different sysmon categories and added the category definition 2020-06-10 15:02:15 +02:00
Florian Roth a0beda240c fix: fixed wrong field mapping in windows-audit source config 2019-11-09 22:42:00 +01:00
Thomas Patzke 36aeb19721 Added title to all configurations 2019-05-16 23:33:51 +02:00
Thomas Patzke 6918784e87 Configuration order checking 2019-04-23 00:54:10 +02:00
Thomas Patzke 3eaf83cf5a Improved configurations 
Added Security/4688 field mappings
 2019-01-16 23:37:18 +01:00
Thomas Patzke ba64f485ac Added generic Windows audit log configuration 2019-01-16 22:41:42 +01:00
Thomas Patzke d81946df39 Stacked configurations 
- Added log source rewriting
- Removed log source merging condition type setting
- Simplified SigmaLogsourceConfiguration constructor
- Condition is generated in SigmaParser instead of SigmaLogsourceConfiguration

Missing:
- Merging of raw config dict for backends that rely on this (es-dsl)
 2018-09-12 23:40:22 +02:00
Thomas Patzke 320bb9f8c4 Added rewrite config to generic sysmon configuration 2018-08-14 21:34:54 +02:00
Thomas Patzke 430972231f Added generic sysmon configuration with process_execution config 2018-08-14 21:34:54 +02:00