security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,180 Commits 1 Branch 0 Tags
dfef597794d4daf07eb4e8ebccd78bb64db930d4
Commit Graph

11 Commits

Author SHA1 Message Date
AbdelMoumene-Hadfi 15faf34a2f [eql2kql] fix wildcard bug (#1507) 
* [eql2kql] fix wildcard bug
* add test for wildcards

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>
Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com>
 2022-04-21 23:44:39 -04:00
Mika Ayenson 1f015ebe85 1554 update eql schemas to fail validation on text fields (#1866) 
* Ensure kql2eql conversion doesnt support `text` fields

* Add unit test cases for`text` not supported in eql

* test `field not recognized` in the rule_validator and output a verbose message.

* use elasticsearch_type_family to lookup text mappings

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>
 2022-03-23 16:22:26 -04:00
Justin Ibarra d12c04761f Add support for eql-wildcard and kql-match_only_text (#1583) 
* Add support for eql-wildcard and kql-match_only_text
* bump kql version
* lookup elasticsearch type family prior to getting type hint
Co-authored-by: David French <56409778+threat-punter@users.noreply.github.com>
 2021-10-28 08:57:43 -05:00
Justin Ibarra 582a842e32 [KQL] Add support for date fields in parser (#1487) 
* [KQL] Add support for date fields in parser

* add test for parsing date value
 2021-09-16 09:25:26 -08:00
Ross Wolf c98398f1ef Add KQL support for additional ES field types (#1247) 2021-06-10 22:30:11 -06:00
Ross Wolf 8d8bcfbc42 Add wildcard field support to KQL (#1139) 2021-04-22 11:15:38 -06:00
Justin Ibarra 3fc34b86f2 Update License to Elastic v2 (#944) 2021-03-03 22:12:11 -09:00
Brent Murphy 6a296c64c5 [New Rule] Microsoft 365 Exchange DKIM Signing Configuration Disabled (#578) 
* [New Rule] O365 Exchange DKIM Signing Configuration Disabled

* rebrand to m365

* still req non ecs schema

* Remove the ECS override

* Update _flatten_schema logic

* Allow fields with * in the path

* Allow explicit fields to overwrite implicit * fields

Co-authored-by: Ross Wolf <31489089+rw-access@users.noreply.github.com>
 2020-12-08 16:38:00 -05:00
Ross Wolf 5f867dbb72 Add KQL -> DSL conversion (#81) 
* Add KQL -> DSL converter
* Lint with black to 120 chars
* Add more tests and flatten shoulds
* Fix NotValue conversion to DSL
 2020-07-22 11:05:45 -06:00
Ross Wolf 47cb03314a Fix KQL sorting 2020-07-17 15:09:38 -06:00
Ross Wolf 41809f1dc5 Add KQL module 2020-06-29 23:05:14 -06:00