security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
865 Commits 1 Branch 0 Tags
1977411e42e11617e441eeeaac49302fd6909080
Commit Graph

7 Commits

Author SHA1 Message Date
Justin Ibarra fa3b089c4c Add support for eql-wildcard and kql-match_only_text (#1583) 
* Add support for eql-wildcard and kql-match_only_text
* bump kql version
* lookup elasticsearch type family prior to getting type hint
Co-authored-by: David French <56409778+threat-punter@users.noreply.github.com>

(cherry picked from commit d12c04761f)
 2021-10-28 13:58:44 +00:00
Justin Ibarra 143afc4f38 [KQL] Add support for date fields in parser (#1487) 
* [KQL] Add support for date fields in parser

* add test for parsing date value

(cherry picked from commit 582a842e32)
 2021-09-16 17:26:26 +00:00
Ross Wolf c98398f1ef Add KQL support for additional ES field types (#1247) 2021-06-10 22:30:11 -06:00
Ross Wolf 8d8bcfbc42 Add wildcard field support to KQL (#1139) 2021-04-22 11:15:38 -06:00
Justin Ibarra 3fc34b86f2 Update License to Elastic v2 (#944) 2021-03-03 22:12:11 -09:00
Brent Murphy 6a296c64c5 [New Rule] Microsoft 365 Exchange DKIM Signing Configuration Disabled (#578) 
* [New Rule] O365 Exchange DKIM Signing Configuration Disabled

* rebrand to m365

* still req non ecs schema

* Remove the ECS override

* Update _flatten_schema logic

* Allow fields with * in the path

* Allow explicit fields to overwrite implicit * fields

Co-authored-by: Ross Wolf <31489089+rw-access@users.noreply.github.com>
 2020-12-08 16:38:00 -05:00
Ross Wolf 41809f1dc5 Add KQL module 2020-06-29 23:05:14 -06:00