security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
e73816bb224db05ab98dc35b71f47cf4302ded75
blue-team-tools/tools/config
T
History
redsand (Tim Shelton) bc334ab456 Hawk backend support for wildcard in middle of string (#2273) 
* updating yaml cfg for ms eventlog support

* update config and sigma backend, so that comments are not replaced, but rather the details of the record

* updating scriptblocktext to value

* adding a few missing ip address translations

* Fixing error when handling comparisons of null values, and additional fix of lack of support for not

* adding additional translations for missing category entries

* fixing error when handling list of ors with a not indicator

* finishes support for windows translations, pending qa

* adding dedupe feature and additional translation fix for dns-server

* adding image_loaded translation

* forced to pull back on the aggressive deduping, caused some inaccuracies

* adding more ux friendly formatting for regex

* adds support for wildcards in middle of strings

* adding a missing null check for supporting null matching

* adding cisco, av, and django cfg in yaml. updated apache in yaml and added another translation for ip_dport
2021-11-18 06:29:41 +01:00
..
generic
Fix LogonId - SubjectLogonId
2021-11-10 19:12:51 +01:00
mitre
+ Adding Mitre Sub-Techniques and python update script to fetch latest Pre, Enterprise & Mobile Tactics and Techniques from Mitre CTI
2020-08-13 10:24:44 +01:00
ala-azure-activitylogs.yml
Create ala-azure-activitylogs.yml
2021-07-08 20:40:03 +05:00
ala-azure-ad_auditlogs.yml
Create ala-azure-ad_auditlogs.yml
2021-07-08 20:40:39 +05:00
ala-azure-aws_cloudtrail.yml
Create ala-azure-aws_cloudtrail.yml
2021-07-15 21:51:41 +05:00
ala-suricata.yml
Create ala-suricata.yml
2021-07-16 23:08:03 +05:00
ala.yml
Add Azure Sentinel backend
2021-08-24 16:01:23 -04:00
arcsight-zeek.yml
feat: adapt logsources for field names without spaces
2021-10-13 14:36:10 +02:00
arcsight.yml
Added AppLocker log source
2020-07-13 20:41:54 +00:00
athena.yml
Correct for proper output to Splunk and CarbonBlack. Add AWS Athena config/backend support
2021-09-13 14:17:33 -05:00
carbon-black-eedr.yml
Merge pull request #2029 from marcurdy/master
2021-10-16 20:37:59 +02:00
carbon-black.yml
remove bad cb
2021-09-18 15:55:01 +02:00
chronicle.yml
Chronicle Security Backend contributed by SOC Prime.
2021-03-12 12:21:44 +02:00
crowdstrike.yml
removing duplicate mappings due to yamllint
2021-09-13 21:34:52 -05:00
devo-network.yml
master: Added new Devo backend for the sigmac tool. Added three new backend configurations to support the Devo backend. Added a new test suite to cover the Devo backend cases.
2021-06-21 14:06:04 +02:00
devo-web.yml
master: Added new Devo backend for the sigmac tool. Added three new backend configurations to support the Devo backend. Added a new test suite to cover the Devo backend cases.
2021-06-21 14:06:04 +02:00
devo-windows.yml
master: Added new Devo backend for the sigmac tool. Added three new backend configurations to support the Devo backend. Added a new test suite to cover the Devo backend cases.
2021-06-21 14:06:04 +02:00
ecs-auditbeat-modules-enabled.yml
Modify event.provider to event.module
2021-10-21 08:34:41 +02:00
ecs-auditd.yml
fix bad elasticsearch-rule
2021-09-18 15:54:08 +02:00
ecs-azure-activitylogs.yml
Create ecs-azure-activitylogs.yml
2021-07-08 20:37:12 +05:00
ecs-azure-ad_auditlogs.yml
Create ecs-azure-ad_auditlogs.yml
2021-07-08 20:39:05 +05:00
ecs-azure-ad_signinlogs.yml
Update ecs-azure-ad_signinlogs.yml
2021-09-24 19:33:01 -05:00
ecs-cloudtrail.yml
added role name field to ecs-cloudtrail.
2020-11-13 05:59:55 +05:00
ecs-dns.yml
fix bad elasticsearch-rule
2021-09-18 15:54:08 +02:00
ecs-filebeat.yml
fix bad elasticsearch-rule
2021-09-18 15:54:08 +02:00
ecs-ms365_defender.yml
Create ecs-ms365_defender.yml
2021-09-24 20:02:39 -05:00
ecs-okta.yml
Update ecs-okta.yml
2021-09-14 01:52:03 -05:00
ecs-proxy.yml
feat: adapt logsources for field names without spaces
2021-10-13 14:36:10 +02:00
ecs-suricata.yml
Update ecs-suricata.yml
2021-07-17 04:55:46 +05:00
ecs-zeek-corelight.yml
feat: adapt logsources for field names without spaces
2021-10-13 14:36:10 +02:00
ecs-zeek-elastic-beats-implementation.yml
fix bad elasticsearch-rule
2021-09-18 15:54:08 +02:00
elk-defaultindex-filebeat.yml
docs: descriptions for source configs
2020-06-25 13:59:51 +02:00
elk-defaultindex-logstash.yml
docs: descriptions for source configs
2020-06-25 13:59:51 +02:00
elk-defaultindex.yml
docs: descriptions for source configs
2020-06-25 13:59:51 +02:00
elk-linux.yml
docs: descriptions for source configs
2020-06-25 13:59:51 +02:00
elk-windows.yml
config: add PrintService Operational
2021-07-01 09:55:15 +02:00
elk-winlogbeat-sp.yml
config: add PrintService Operational
2021-07-01 09:55:15 +02:00
elk-winlogbeat.yml
Update elk-winlogbeat.yml
2021-11-09 13:38:31 +02:00
filebeat-defaultindex.yml
kibana-ndjson for all configs which already have kibana
2020-11-09 08:46:17 +01:00
fireeye-helix.yml
config: add PrintService Operational
2021-07-01 09:55:15 +02:00
hawk.yml
Hawk backend support for wildcard in middle of string (#2273)
2021-11-18 06:29:41 +01:00
helk.yml
kibana-ndjson for all configs which already have kibana
2020-11-09 08:46:17 +01:00
humio.yml
feat: adapt logsources for field names without spaces
2021-10-13 14:36:10 +02:00
limacharlie.yml
change to github
2020-02-28 16:56:48 +07:00
logpoint-windows.yml
config: add PrintService Operational
2021-07-01 09:55:15 +02:00
logrhythm_winevent.yml
Add yamllint to GHA
2021-07-26 21:26:16 -04:00
logstash-defaultindex.yml
kibana-ndjson for all configs which already have kibana
2020-11-09 08:46:17 +01:00
logstash-linux.yml
kibana-ndjson for all configs which already have kibana
2020-11-09 08:46:17 +01:00
logstash-windows.yml
config: add PrintService Operational
2021-07-01 09:55:15 +02:00
logstash-zeek-default-json.yml
feat: adapt logsources for field names without spaces
2021-10-13 14:36:10 +02:00
netwitness-epl.yml
initial commit for Netwitness-EPL backend
2020-09-10 17:12:12 +02:00
netwitness.yml
change to github
2020-02-28 16:56:48 +07:00
powershell.yml
config: add PrintService Operational
2021-07-01 09:55:15 +02:00
qradar.yml
Squashed commit of the following:
2020-06-05 13:18:03 -04:00
qualys.yml
change to github
2020-02-28 16:56:48 +07:00
splunk-windows-index.yml
add splunkdm to Makefile
2021-07-10 22:23:15 +02:00
splunk-windows.yml
fix yml
2021-10-16 22:49:20 +02:00
splunk-zeek.yml
feat: adapt logsources for field names without spaces
2021-10-13 14:36:10 +02:00
stix2.0.yml
Moved references to binary file from custom config to stix-2.0 config
2021-03-02 12:04:22 +02:00
stix-custom.yml
Moved references to binary file from custom config to stix-2.0 config
2021-03-02 12:04:22 +02:00
stix-shifter.yml
Fixed error mapping for stix-shifter configuration
2021-02-08 17:55:03 +02:00
sumologic-cse.yml
Added:
2020-10-06 15:07:52 +03:00
sumologic.yml
config: add PrintService Operational
2021-07-01 09:55:15 +02:00
thor.yml
fix: indentation
2021-07-22 10:18:03 +02:00
winlogbeat-modules-enabled.yml
normalize logsource
2021-11-09 10:48:13 +01:00
winlogbeat-old.yml
Set powershell_alternate_powershell_hosts.yml more accurate by adding the correct channel for EventID
2021-06-01 10:47:17 +02:00
winlogbeat.yml
Added support for threshold rules
2021-08-18 18:15:18 -07:00