valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 18:23:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
6,112 Commits 20 Branches 25 Tags 21 MiB
1d1170e8ba
Commit Graph

519 Commits

Author SHA1 Message Date
frack113
3b23c18f70 If not null use uuid instead of title for the rule id 2021-05-17 22:12:17 +02:00
Florian Roth
691283616f
Merge pull request #1477 from wagga40/master 
Resolves #1450 - Bug in es-rule backend when using "-r" argument
 2021-05-14 09:00:30 +02:00
wagga40
534898a3ce Resolves #1450 - Bug in es-rule backend when using "-r" argument 2021-05-13 21:47:22 +02:00
wagga40
5e99379803 Change to have raw log in rule results with SQL/SQlite Backends 2021-05-13 15:01:52 +02:00
Florian Roth
33d9d6876e
Merge pull request #1456 from wagga40/update-sql-backend 
Add a backend option to specify table name for SQL Backend
 2021-05-11 15:00:39 +02:00
Florian Roth
a9417b3f7b docs: better error highlighting 2021-05-05 12:59:13 +02:00
Florian Roth
0ca2d05247
revert changes to powershell backend 2021-05-05 12:26:59 +02:00
Florian Roth
55c39122e3 Merge branch 'master' into rule-devel 2021-05-05 11:56:20 +02:00
Florian Roth
a9c837659b backend: powershell: escape $ symbols in strings 2021-05-03 15:30:33 +02:00
wagga40
cc13a5e3de Add a backend option to specify table name for SQL Backend 2021-05-02 14:39:41 +02:00
Maxime Lamothe-Brassard
11982abec0 Add support for macOS rules and fix case sensitivity. 2021-04-28 16:49:59 -07:00
Thomas Patzke
35e6e515ba
Merge pull request #1414 from herrBez/fix-542-dsl-aggregation-without-aggfield 
Fix es-dsl aggregation generation when aggfield is not given
 2021-04-20 10:35:16 +02:00
Cedric Hien
2ff27aa980 Fix SyntaxWarning for 'is' on fireeye-helix backend 2021-04-17 12:55:13 +02:00
herrBez
3b30a91185 Fix es-dsl aggregation generation when aggfield is not given 
Related to #542 and #543
 2021-04-06 16:41:46 +02:00
Thomas Patzke
82fd5ca233
Merge pull request #1408 from roysjosh/es-rule-threshold 
Implement Elastic threshold detection rules
 2021-04-06 00:50:50 +02:00
Thomas Patzke
d789eb9c6f
Merge pull request #1409 from roysjosh/es-barf-on-multiple-conditions 
Elastic: raise an error from the base backend if a rule has multiple conditions
 2021-04-06 00:50:05 +02:00
Wietze
30c6d753fd
Removed unnecessary imports 2021-04-01 16:08:22 +01:00
Wietze
fb1bb91c3c
Apply changes to Defender for Endpoint backend 2021-04-01 16:02:06 +01:00
Joshua Roys
7923852cc3 Elastic: raise an error from the base backend if a rule has multiple conditions 2021-03-31 16:01:05 -04:00
Joshua Roys
0448e46870 Implement Elastic threshold detection rules 
Transform supported count() aggregations (> and >=, no count field,
optionally a group by field) into a threshold detection rule.
 2021-03-31 15:19:04 -04:00
Thomas Patzke
eb98f0ba28
Merge pull request #1402 from refractionPOINT/lc-support-live-wel 
Add option to support different LimaCharlie targets.
 2021-03-29 23:13:01 +02:00
Florian Roth
ac1f82f7ca
Merge pull request #1380 from iosonogio/bugfix/netwitness-null 
[bugfix] netwitness and netwitness-epl backends have incoherent null expressions
 2021-03-29 11:23:18 +02:00
Maxime Lamothe-Brassard
e0666036a4 Add option to support different LimaCharlie targets. 2021-03-24 17:58:50 -07:00
albchen
42e82c95df
Updated for use with Image Load events 
Added compatibility to add DeviceImageLoadEvents if "image_load" category is found. Also, field ImageLoaded added to the mapping.
 2021-03-18 15:49:25 -07:00
Thomas Patzke
f4734cd5e5
Merge pull request #1309 from WuerthIT:logsourcemerging 
functionality for parameter logsourcemerging
 2021-03-13 22:25:29 +01:00
Thomas Patzke
c13f3f1383
Merge pull request #1325 from dennispo/align-simac-stixshifter 
sigmac to STIX enhancements
 2021-03-13 18:49:12 +01:00
Thomas Patzke
99c7889363
Merge pull request #1368 from roysjosh/stable-risk-scores 
es-rule: make risk scores stable
 2021-03-13 18:46:37 +01:00
vh
7eeed68fb4 Chronicle Security Backend contributed by SOC Prime. 2021-03-12 12:21:44 +02:00
Johnny Walker
0873c57acf
Update netwitness.py 
nullExpression fixed to be really null (missing exclamation mark)
 2021-03-09 17:43:44 +01:00
Johnny Walker
4e5a9a58a5
Update netwitness-epl.py 
nullExpression and notNullExpression fixed to be logically coherent and compatible with EPL syntax
 2021-03-09 17:41:54 +01:00
Joshua Roys
92fcc314bf es-rule: make risk scores stable 
Don't create unnecessary deltas between runs.
 2021-03-01 10:13:34 -05:00
jaegeral
e1f43f17c2 fixed various spelling errors all over rules and source code 2021-02-24 14:43:13 +00:00
Thomas Patzke
5cfd837776 Removed irrelevant type check in fieldlist backend 
Fixes issue #1351
 2021-02-23 21:15:29 +01:00
Dennis Potashnik
2b917d6f97 Merge branch 'align-sigmac-stixshifter' into align-simac-stixshifter 2021-02-08 11:40:47 +02:00
Dennis Potashnik
08c8db25e9 New configuration layout: stix2.0 for basic stix mapings, stix-shifter to match the OCA stix-shifter mappings and stix-custom for the unsupported mappings 2021-02-08 10:56:31 +02:00
Chris Brake
4aa7505b40 Updated fields to align with MS Advanced Threat Hunting Schema. Standardised and sorted fields across schemas. 2021-02-04 11:54:29 +00:00
Gregor
921ebf7445 Optimizing Qradar query generation in cases where field definitions are missing 2021-01-26 15:24:44 +01:00
Gregor
ac3730d2fa Fixing Qradar implementation for create valid AQL queries 2021-01-25 15:37:05 +01:00
k-vdv
89a4e48b0a bugfix field support 2021-01-22 09:28:23 +01:00
Thomas Patzke
789dfb3f47
Merge pull request #1291 from lprat/fix_issue_1285 
fix issue 1285
 2020-12-30 23:06:38 +01:00
Thomas Patzke
675d93ee3d
Replaced string comparison with isinstance 2020-12-30 22:50:13 +01:00
Thomas Patzke
1bb0963784 Moved set_size option to class where it's used 2020-12-30 22:25:57 +01:00
k-vdv
6744770768 functionality for parameter logsourcemerging 2020-12-15 09:23:49 +01:00
k-vdv
7e6f01f611 elasticsearch backend: new parameter and fields support 2020-12-14 16:07:09 +01:00
Simon
97fcae56fd
Update sigmac.py 2020-12-06 20:08:00 +01:00
Simon
4a4d3e1d35
Update sigmac.py 2020-12-04 18:22:24 +01:00
Simon Hilchenbach
a40ef7360d
Add sigmac flag to delimit results by NUL instead of \n 2020-12-04 18:05:23 +01:00
Thomas Patzke
578d2f0585
Merge pull request #1283 from 404d/mdatp-fixes 
mdatp: Mapping and generic event changes, case insensitive search
 2020-11-29 21:56:17 +01:00
Thomas Patzke
0ed54a6cae
Merge pull request #1290 from arollyson/helix_backend 
Backend: FireEye Helix
 2020-11-21 00:06:19 +01:00
Lionel
7ca368d1ed
fix issue 1285 
https://github.com/Neo23x0/sigma/issues/1285
 2020-11-20 16:42:20 +01:00