security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7,892 Commits 1 Branch 57 Tags
fefb8564717d69af72ededb4172bc7ec00aac734
Commit Graph

1105 Commits

Author SHA1 Message Date
neu5ron 55bf39a2ac keyword, analyzed field, case insensitivity 2020-03-11 11:38:56 -04:00
David Szili 0947538228 MDATP schema changes 
WDATP was renamed to MDATP (Microsoft Defendre ATP).
MDATP also had schema changes recently: https://techcommunity.microsoft.com/t5/microsoft-defender-atp/advanced-hunting-data-schema-changes/ba-p/1043914
The updates reflect these changes
 2020-03-09 17:12:41 +01:00
Abhijit Khinvasara 46bc843e51 sort the list of backends presented in sigmac help 2020-03-04 15:21:28 -08:00
Abhijit Khinvasara 9cb395823c Rework according to review comments. 2020-03-04 14:54:49 -08:00
vunx2 b070ffab74 Merge branch 'master' of https://github.com/Neo23x0/sigma 2020-03-03 10:08:31 +07:00
Thomas Patzke a0f7da8c03 Splunk XML backend rule title 
Fixes #645
 2020-03-01 22:23:35 +01:00
vunx2 58f5fa1b8e change to github 2020-02-28 16:56:48 +07:00
vunx2 139600009b conflict 2020-02-28 16:50:30 +07:00
Thomas Patzke 65444f7a77 Release 0.16.0 2020-02-25 22:19:52 +01:00
Thomas Patzke 5a2ccbd040 Fixed ArcSight backend visibility 2020-02-24 23:27:22 +01:00
Thomas Patzke 5b42135935 Added es-rule backend to all ES configurations 2020-02-24 23:20:48 +01:00
Thomas Patzke d9b48ea747 Fixes in es-rule backend 2020-02-24 23:20:19 +01:00
Thomas Patzke 4ee2c2762e Sorting of backend and configuration lists 2020-02-24 22:59:59 +01:00
vh 5dc30bd388 Carbonblack, Arcsight ESM, Elastic Rule 2020-02-24 19:29:45 +02:00
vh 516e61fdb0 t 2020-02-24 19:23:11 +02:00
Abhijit Khinvasara 8ad346362c remove print statements. 2020-02-22 20:59:56 -08:00
Abhijit Khinvasara 612df1666b add LOGIQ backend. 2020-02-22 20:50:30 -08:00
Thomas Patzke 12be884aa5 Merge branch 'sql-backend' 2020-02-21 22:41:53 +01:00
Thomas Patzke 776b58b594 Improved Splunk Zeek configuration 2020-02-21 22:31:14 +01:00
Thomas Patzke 746f957a63 Merge branch 'patch-1' of https://github.com/fuseyjz/sigma into fuseyjz-patch-1 2020-02-21 22:24:44 +01:00
Thomas Patzke 3047571132 Merge pull request #625 from ninoseki/fix-sigma2misp 
Update sigma2misp
 2020-02-21 22:22:54 +01:00
Thomas Patzke 48d95f027c Merge branch 'oscd' 2020-02-20 23:11:57 +01:00
Manabu Niseki c6eb3bfbf2 Update sigma2misp 
Make enable to use with modern PyMISP
 2020-02-20 18:55:10 +09:00
james dickenson 1347e5060f logsource config for zeek events in splunk 2020-02-12 21:24:03 -08:00
vunx2 d0e9af171f cleanIPRange 2020-02-06 17:20:52 +07:00
vunx2 627f46abc2 backslash fix 2020-02-06 16:28:27 +07:00
vunx2 bc4c6ce8db cleanValue 2020-02-06 11:02:22 +07:00
vunx2 19d9e4856e clean Value + config 2020-02-05 17:47:35 +07:00
vunx2 579e7481c7 cleanValue + eventID list 2020-02-04 18:14:40 +07:00
Thomas Patzke d7bd90cb24 Merge branch 'master' into oscd 2020-02-03 23:13:16 +01:00
Thomas Patzke 1bc2c0b930 Deduplication of backend list 
Fixes issue #609. Added backend list debug output (class name).
 2020-02-03 22:16:00 +01:00
vunx2 2930df17d6 update sigma 2020-02-03 09:47:06 +07:00
Thomas Patzke 815c562a17 Merge branch 'master' into oscd 2020-02-02 13:40:08 +01:00
vh dc5a31aebc Updated Azure Sentinel backend 2020-01-31 17:17:24 +02:00
Thomas Patzke 7b4ec734a8 Using rule ids as Kibana object id 2020-01-30 11:30:01 +01:00
Thomas Patzke 7b62b931ce Moved ala-rule backend code into ala backend module 2020-01-13 11:24:46 +01:00
Thomas Patzke de690cbfbf Merge branch 'master' of https://github.com/socprime/sigma into socprime-master 2020-01-13 11:19:39 +01:00
neu5ron d8b703462d fix name of network_initiated 2020-01-13 00:12:04 -05:00
Thomas Patzke 8d6a507ec4 OSCD QA wave 1 
* Checked all rules against Mordor and EVTX samples datasets
* Added field names
* Some severity adjustments
* Fixes
 2020-01-11 00:11:27 +01:00
Maxime Lamothe-Brassard a3ad7cb1c5 Fixed actual event tag 2019-12-30 18:15:12 -08:00
Maxime Lamothe-Brassard 9b32086d92 Mapping OriginalFileName to event/INTERNAL_NAME now that it's available. 2019-12-30 15:58:18 -08:00
SOC Prime 92bc96a308 Update ala-rule.py 2019-12-30 16:26:30 +02:00
vh f2117f798a Fix ala-rule 2019-12-30 16:24:08 +02:00
SOC Prime f015c97dff Update ala-rule.py 2019-12-30 16:13:27 +02:00
vh f9570a48cb Azure Sentinel backend (ala) - Fixed path in query 
Added new backend Azure Sentinel Rule (ala-rule)
 2019-12-30 16:11:53 +02:00
vh d42409372c Azure Sentinel backend (ala) - Fixed path in query 
Added new backend Azure Sentinel Rule (ala-rule)
 2019-12-30 16:09:19 +02:00
fuseyjz 0b2f88d5df Sigma converter for SQL format 
Get the converted SQL query after the WHERE statement for any filtering on SQL platform.

Example:
https://github.com/fuseyjz/sigma-sql/blob/master/README.md
 2019-12-24 10:42:25 +08:00
christophetd e99b0fe2d7 Add sigma2attack 2019-12-19 00:00:13 +01:00
Thomas Patzke d2a940a0a6 Merge branch 'devel' of https://github.com/Neo23x0/sigma 2019-12-13 22:01:40 +01:00
Thomas Patzke ee4138c48e Merge pull request #526 from zouzias/hotfix_aggregate_count_distinct_groupby 
[feature] extend es-dsl to support nested aggregations
 2019-12-13 21:55:47 +01:00