security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
803 Commits 1 Branch 0 Tags
b090e60bd6b0d12ec83fbe91d9b6e2e9d6f3fd39
Commit Graph

8 Commits

Author SHA1 Message Date
Justin Ibarra 143afc4f38 [KQL] Add support for date fields in parser (#1487) 
* [KQL] Add support for date fields in parser

* add test for parsing date value

(cherry picked from commit 582a842e32)
 2021-09-16 17:26:26 +00:00
Ross Wolf c98398f1ef Add KQL support for additional ES field types (#1247) 2021-06-10 22:30:11 -06:00
Ross Wolf 8d8bcfbc42 Add wildcard field support to KQL (#1139) 2021-04-22 11:15:38 -06:00
Justin Ibarra 3fc34b86f2 Update License to Elastic v2 (#944) 2021-03-03 22:12:11 -09:00
Brent Murphy 6a296c64c5 [New Rule] Microsoft 365 Exchange DKIM Signing Configuration Disabled (#578) 
* [New Rule] O365 Exchange DKIM Signing Configuration Disabled

* rebrand to m365

* still req non ecs schema

* Remove the ECS override

* Update _flatten_schema logic

* Allow fields with * in the path

* Allow explicit fields to overwrite implicit * fields

Co-authored-by: Ross Wolf <31489089+rw-access@users.noreply.github.com>
 2020-12-08 16:38:00 -05:00
Ross Wolf 5f867dbb72 Add KQL -> DSL conversion (#81) 
* Add KQL -> DSL converter
* Lint with black to 120 chars
* Add more tests and flatten shoulds
* Fix NotValue conversion to DSL
 2020-07-22 11:05:45 -06:00
Ross Wolf 47cb03314a Fix KQL sorting 2020-07-17 15:09:38 -06:00
Ross Wolf 41809f1dc5 Add KQL module 2020-06-29 23:05:14 -06:00