security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ff6384aabb2bf61410fcc335ff2edb3fa4a6e83a
blue-team-tools/tools/config
T
History
markoverholser 381c26fd94 Fix issue with using source: on Zeek files log 
Line 407 was `source: id.orig_h` so that people could use the word `source` as an alias to `id.orig_h`, however there is a literal field with the name `source` in the `files.log` for Zeek, so having a Sigma query with something like `source: 'SMTP'` would yield `id.orig_h='SMTP'` in the resulting Splunk translation, which is incorrect. It should be `source='SMTP'`

Commenting out line 407 fixes this.
2022-07-19 15:16:20 -05:00
..
fortisiem
Example:
2022-03-09 11:26:07 -08:00
generic
Update sysmon.yml
2022-05-20 13:47:18 +04:00
mitre
Update MITRE ATT&CK tactics and techniques to v10.1. Added fields. Created files for groups and software.
2022-03-15 22:41:46 -04:00
ala-azure-activitylogs.yml
Create ala-azure-activitylogs.yml
2021-07-08 20:40:03 +05:00
ala-azure-ad_auditlogs.yml
Create ala-azure-ad_auditlogs.yml
2021-07-08 20:40:39 +05:00
ala-azure-aws_cloudtrail.yml
Create ala-azure-aws_cloudtrail.yml
2021-07-15 21:51:41 +05:00
ala-suricata.yml
Create ala-suricata.yml
2021-07-16 23:08:03 +05:00
ala.yml
Add Azure Sentinel backend
2021-08-24 16:01:23 -04:00
arcsight-zeek.yml
fix: referrer > referer adjustments
2021-12-13 15:47:43 +01:00
arcsight.yml
refactor: make antivirus a category
2022-03-24 11:59:33 +01:00
athena.yml
Correct for proper output to Splunk and CarbonBlack. Add AWS Athena config/backend support
2021-09-13 14:17:33 -05:00
carbon-black-eedr.yml
Merge pull request #2029 from marcurdy/master
2021-10-16 20:37:59 +02:00
carbon-black.yml
remove bad cb
2021-09-18 15:55:01 +02:00
chronicle.yml
Chronicle Security Backend contributed by SOC Prime.
2021-03-12 12:21:44 +02:00
crowdstrike.yml
removing duplicate mappings due to yamllint
2021-09-13 21:34:52 -05:00
datadog.yml
Use tags instead of facets
2021-12-15 17:26:45 +01:00
devo-network.yml
master: Added new Devo backend for the sigmac tool. Added three new backend configurations to support the Devo backend. Added a new test suite to cover the Devo backend cases.
2021-06-21 14:06:04 +02:00
devo-web.yml
refactor: first bigger log source refactoring
2022-03-22 17:58:29 +01:00
devo-windows.yml
Update new registry category
2022-03-26 11:46:52 +01:00
dnif.yml
added new backend for DNIF queries
2022-06-30 13:03:54 +05:30
ecs-auditbeat-modules-enabled.yml
Modify event.provider to event.module
2021-10-21 08:34:41 +02:00
ecs-auditd.yml
fix bad elasticsearch-rule
2021-09-18 15:54:08 +02:00
ecs-azure-activitylogs.yml
Create ecs-azure-activitylogs.yml
2021-07-08 20:37:12 +05:00
ecs-azure-ad_auditlogs.yml
refactor: first bigger log source refactoring
2022-03-22 17:58:29 +01:00
ecs-azure-ad_signinlogs.yml
Update ecs-azure-ad_signinlogs.yml
2021-09-24 19:33:01 -05:00
ecs-cloudtrail.yml
added role name field to ecs-cloudtrail.
2020-11-13 05:59:55 +05:00
ecs-dns.yml
fix bad elasticsearch-rule
2021-09-18 15:54:08 +02:00
ecs-filebeat.yml
fix bad elasticsearch-rule
2021-09-18 15:54:08 +02:00
ecs-ms365_defender.yml
Create ecs-ms365_defender.yml
2021-09-24 20:02:39 -05:00
ecs-okta.yml
Update ecs-okta.yml
2021-09-14 01:52:03 -05:00
ecs-proxy.yml
fix: referrer > referer adjustments
2021-12-13 15:47:43 +01:00
ecs-suricata.yml
Update ecs-suricata.yml
2021-07-17 04:55:46 +05:00
ecs-zeek-corelight.yml
fix: referrer > referer adjustments
2021-12-13 15:47:43 +01:00
ecs-zeek-elastic-beats-implementation.yml
fix: referrer > referer adjustments
2021-12-13 15:47:43 +01:00
elk-defaultindex-filebeat.yml
docs: descriptions for source configs
2020-06-25 13:59:51 +02:00
elk-defaultindex-logstash.yml
docs: descriptions for source configs
2020-06-25 13:59:51 +02:00
elk-defaultindex.yml
docs: descriptions for source configs
2020-06-25 13:59:51 +02:00
elk-linux.yml
docs: descriptions for source configs
2020-06-25 13:59:51 +02:00
elk-windows.yml
feat: new service definition - terminal services
2022-04-29 12:26:26 +02:00
elk-winlogbeat-sp.yml
feat: new service definition - terminal services
2022-04-29 12:26:26 +02:00
elk-winlogbeat.yml
feat: new service definition - terminal services
2022-04-29 12:26:26 +02:00
filebeat-defaultindex.yml
kibana-ndjson for all configs which already have kibana
2020-11-09 08:46:17 +01:00
fireeye-helix.yml
feat: new service definition - terminal services
2022-04-29 12:26:26 +02:00
fortisiem-windows.yml
Update new registry category
2022-03-26 11:46:52 +01:00
hawk.yml
backend - updating hawk backend with additional translations
2022-06-08 19:04:37 +00:00
helk.yml
kibana-ndjson for all configs which already have kibana
2020-11-09 08:46:17 +01:00
humio.yml
fix: referrer > referer adjustments
2021-12-13 15:47:43 +01:00
limacharlie.yml
refactor: first bigger log source refactoring
2022-03-22 17:58:29 +01:00
logpoint-windows.yml
feat: new service definition - terminal services
2022-04-29 12:26:26 +02:00
logrhythm_winevent.yml
Add yamllint to GHA
2021-07-26 21:26:16 -04:00
logstash-defaultindex.yml
kibana-ndjson for all configs which already have kibana
2020-11-09 08:46:17 +01:00
logstash-linux.yml
kibana-ndjson for all configs which already have kibana
2020-11-09 08:46:17 +01:00
logstash-windows.yml
feat: new service definition - terminal services
2022-04-29 12:26:26 +02:00
logstash-zeek-default-json.yml
fix: referrer > referer adjustments
2021-12-13 15:47:43 +01:00
netwitness-epl.yml
initial commit for Netwitness-EPL backend
2020-09-10 17:12:12 +02:00
netwitness.yml
change to github
2020-02-28 16:56:48 +07:00
powershell.yml
feat: new service definition - terminal services
2022-04-29 12:26:26 +02:00
qradar.yml
refactor: first bigger log source refactoring
2022-03-22 17:58:29 +01:00
qualys.yml
change to github
2020-02-28 16:56:48 +07:00
splunk-windows-index.yml
add splunkdm to Makefile
2021-07-10 22:23:15 +02:00
splunk-windows.yml
fix: missing Defender eventlog in splunk config
2022-07-06 12:41:34 +02:00
splunk-zeek.yml
Fix issue with using source: on Zeek files log
2022-07-19 15:16:20 -05:00
stix2.0.yml
Moved references to binary file from custom config to stix-2.0 config
2021-03-02 12:04:22 +02:00
stix-custom.yml
Moved references to binary file from custom config to stix-2.0 config
2021-03-02 12:04:22 +02:00
stix-shifter.yml
Fixed error mapping for stix-shifter configuration
2021-02-08 17:55:03 +02:00
streamalert.yml
Add StreamAlert backend
2022-05-03 17:32:19 +07:00
sumologic-cse.yml
refactor: make antivirus a category
2022-03-24 11:59:33 +01:00
sumologic.yml
feat: new service definition - terminal services
2022-04-29 12:26:26 +02:00
thor.yml
feat: new service definition - terminal services
2022-04-29 12:26:26 +02:00
winlogbeat-modules-enabled.yml
feat: new service definition - terminal services
2022-04-29 12:26:26 +02:00
winlogbeat-old.yml
Add Bits-Client rules
2022-03-03 06:27:00 +01:00
winlogbeat.yml
Merge pull request #3128 from f-block/patch-2
2022-06-14 20:58:11 +02:00
zircolite.yml
feat: new service definition - terminal services
2022-04-29 12:26:26 +02:00