valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 09:48:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,843 Commits 20 Branches 25 Tags 21 MiB
1ea6d00a39
Commit Graph

459 Commits

Author SHA1 Message Date
svent
1ea6d00a39 Fix QRadar field name escaping and handling 2019-08-12 23:47:43 +02:00
svent
826c1e3942 Fix QRadar backend config 2019-08-12 23:47:43 +02:00
Michiel Meersmans
0708fdd28e Correctly escape slashes within es-dsl wildcard queries 2019-08-07 12:56:19 +02:00
Florian Roth
9c85d5e80f
Merge pull request #406 from tuckner/master 
Fix ala parsing issues
 2019-08-06 10:28:07 +02:00
Thomas Patzke
940c36a4cd Fixed build 
Missing package specification
 2019-08-05 23:42:33 +02:00
Thomas Patzke
d5885686fc Sigmatools release 0.12 
* Value modifiers
* Config name cleanup
 2019-08-01 23:45:07 +02:00
Thomas Patzke
805c739611 Merge branch 'devel-modifiers' 2019-07-31 23:44:10 +02:00
Thomas Patzke
31c6ffcb61 No escaping for typed values 2019-07-31 23:43:29 +02:00
tuckner
8f2f1922c6
Merge pull request #1 from Neo23x0/master 
update fork
 2019-07-27 21:27:52 -05:00
Thomas Patzke
8a3117d73e Nested list handling for chained value modifiers 2019-07-16 23:03:19 +02:00
Thomas Patzke
6881967889 Further modifiers 
* base64
* base64offset
 2019-07-16 00:00:35 +02:00
Thomas Patzke
1bb29dca26 Implemented type modifiers and regular expressions 2019-07-15 22:52:10 +02:00
Thomas Patzke
b9ff280209 Cleanup of configuration names 2019-07-14 00:50:15 +02:00
Thomas Patzke
5489f870cc
Merge pull request #393 from HacknowledgeCH/master 
Explicit OR for list elements
 2019-07-13 23:11:44 +02:00
Thomas Patzke
134bfebe57 Ignore "timeframe" detection keyword in "all/any of" conditions 
Fixes #395
 2019-07-13 00:35:35 +02:00
christophetd
576912eb7a Support OR queries for Elasticsearch 6 and above 2019-07-08 17:12:53 +02:00
Florian Roth
f7ba2b3976 fix: bug in sumologic backend with 'null' values 2019-07-02 22:31:10 +02:00
Thomas Patzke
337681cfce Value modifiers 
* First transformation modfiers: contains, all
* Sigma converter modifier list
 2019-06-30 23:41:28 +02:00
Thomas Patzke
161965d14c Added version information to Winlogbeat configs 2019-06-30 22:44:12 +02:00
herrBez
74021d53d8 Modified winlogbeat config to adhere to winlogbeat 7 field names breaking changes 
ref: https://www.elastic.co/guide/en/beats/libbeat/current/breaking-changes-7.0.html
 2019-06-30 12:13:21 +02:00
Thomas Patzke
6fab5d7f23 Improved testing and removed dead&debug code 2019-06-29 00:09:53 +02:00
Thomas Patzke
377872c91e Merge branch 'devel-sumo' of https://github.com/juju4/sigma into juju4-devel-sumo 2019-06-28 23:39:15 +02:00
Thomas Patzke
0c7151c901 Watcher backend default options, refactoring and testing 2019-06-28 23:22:16 +02:00
Adrian Constantin Stanila
feac0be8a4 Added 2 more actions on Elasticsearch X-pack Watcher: index and webhook 
Added timestamp filter query.
 2019-06-27 08:54:59 +03:00
juju4
654a009c9e sumologic backend: remove TypeError 2019-06-22 16:49:46 -04:00
juju4
559d0f4ba8 sumologic backend: force as string 2019-06-22 16:43:50 -04:00
juju4
2df0e9765c sumologic backend: pycodestyle review - E501 2019-06-22 16:41:57 -04:00
juju4
49533a5909 sumologic backend: pycodestyle review 2019-06-22 16:39:13 -04:00
juju4
84de12635e self.debug option, fix multiple keyvalue escapings/cleanValue, inline index for now 2019-06-22 16:19:45 -04:00
juju4
a11d800353 Merge branch 'master' into devel-sumo 2019-06-22 09:18:23 -04:00
Thomas Patzke
f4da0c5540 Added field SecurityID to Winlogbeat config 2019-06-19 23:35:50 +02:00
Thomas Patzke
f271685f59
Merge pull request #372 from dvas0004/patch-2 
Addition of KeyLength field
 2019-06-19 23:28:31 +02:00
Thomas Patzke
d82df83ef1
Merge pull request #369 from TareqAlKhatib/refactors 
Refactors
 2019-06-19 23:16:19 +02:00
David Vassallo
fdce7ad9bf
Addition of KeyLength field 2019-06-14 17:58:47 +03:00
Thomas Patzke
5715413da9 Usage of Channel field name in ELK Windows config 2019-06-11 13:15:43 +02:00
John Tuckner
3529b717cb fixed backend errors in ala 2019-06-10 09:25:59 -05:00
Tareq AlKhatib
d61a971874 Minor refactors 2019-06-10 09:55:52 +03:00
Thomas Patzke
8a0f706cca Merge branch 'master' of https://github.com/Neo23x0/sigma 2019-05-30 23:24:37 +02:00
Thomas Patzke
1986bcb843 Sigma tools release 0.11 2019-05-30 22:56:38 +02:00
Thomas Patzke
673973e523
Merge pull request #357 from agix/es_dsl_bug 
fix missing condition when unique plus timeframe
 2019-05-30 22:42:09 +02:00
Thomas Patzke
8023011bb1 Merge branch 'elastalert_dsl_backend' of https://github.com/agix/sigma into agix-elastalert_dsl_backend 2019-05-30 22:33:57 +02:00
Florian GAULTIER
89c1d7b63d Wrong fix, self.queries should be emptied after copied to rule_object 2019-05-29 16:10:14 +02:00
Florian GAULTIER
748ac2e206 Dont combine multiple queries 2019-05-29 16:05:53 +02:00
Thomas Patzke
04d91573f3
Merge pull request #355 from agix/allow_empty_keyword 
Allow empty keyword_field
 2019-05-28 21:45:55 +02:00
Thomas Patzke
2ecc55c13f
Merge pull request #351 from ipninichuck/master 
added metadata field to the watcher alert
 2019-05-28 21:42:27 +02:00
Florian GAULTIER
d866e75750 Be sure there is a key in the single condition 2019-05-27 17:27:16 +02:00
Florian GAULTIER
e8a7c5f7b9 fix missing condition when unique plus timeframe 2019-05-27 17:22:28 +02:00
Florian GAULTIER
6bf010fb4b introduce elastalert-dsl 
(cherry picked from commit 0235ec23200e62766d9f21fbd26ed834991a0b61)
 2019-05-27 17:18:19 +02:00
Florian GAULTIER
4168c0ec64 Allow empty keyword_field 2019-05-27 15:08:33 +02:00
Thomas Patzke
36ba9f78da Improved message if configuration is missing 2019-05-27 13:18:36 +02:00