28 Commits

Author	SHA1	Message	Date
Maxime Lamothe-Brassard	27bb07b74e	Adding support for basic proxy rules using the HTTP_REQUEST events from the Chrome LC Agent.	2019-12-05 09:35:09 -08:00
Maxime Lamothe-Brassard	1b9054c1f3	Adding some comments	2019-11-05 08:39:24 -05:00
Maxime Lamothe-Brassard	b7018bcd4a	Adding a post-mapper mechanism to fix some common issues in Sigma rules to LC.	2019-11-05 08:39:24 -05:00
Maxime Lamothe-Brassard	c2e621cf08	Fixing another edge case with string escape.	2019-11-05 08:39:24 -05:00
Maxime Lamothe-Brassard	0c6b9e532b	Remove debugging statement	2019-11-05 08:39:24 -05:00
Maxime Lamothe-Brassard	6f2f1d2bd7	Add ability to map fields and values based on callbacks.	2019-11-05 08:39:24 -05:00
Maxime Lamothe-Brassard	0b9a3f3a08	Refactor to better support keyword fields.	2019-11-05 08:39:24 -05:00
Maxime Lamothe-Brassard	9aedb8f764	Adding another exception case to get more "contains" shortcuts instead of REs.	2019-11-05 08:39:24 -05:00
Maxime Lamothe-Brassard	102ab3081b	Fix the convertion from simple wildcard strings to a full regular expression so that it is always correct. The previous solution just mostly-worked.	2019-11-05 08:39:24 -05:00
Maxime Lamothe-Brassard	e52f29dda9	Fix matches operator field set to value instead of re.	2019-11-05 08:38:06 -05:00
Thomas Patzke	54c75167ce	Default configurations for backends	2019-11-03 23:32:50 +01:00
Maxime Lamothe-Brassard	f6fb9c7f5f	Fixing typo in response metadata.	2019-10-28 11:31:50 -05:00
Maxime Lamothe-Brassard	2873e1ded3	Small refactors to make more readable and remove deprecated code paths to increase coverage.	2019-10-28 10:49:05 -05:00
Maxime Lamothe-Brassard	a7003c2aa3	Adding support for "unix", looking like a mistake by the creator.	2019-10-27 15:55:12 -05:00
Maxime Lamothe-Brassard	d019cef439	Ading a bit more of early support for netflow and some linux exe.	2019-10-27 15:48:28 -05:00
Maxime Lamothe-Brassard	a57a7b58cf	Added conceptial support for aliasing keyworkds to a specific field depending on the log source.	2019-10-27 15:28:54 -05:00
Maxime Lamothe-Brassard	60b20a76a6	Fixing handling of unsupported sources.	2019-10-27 12:37:06 -05:00
Maxime Lamothe-Brassard	0fe72d6133	Emit error on full-text searches not being supported.	2019-10-27 12:26:36 -05:00
Maxime Lamothe-Brassard	f43300af8e	Fix the top level pre-condition for Windows Event Logs on LC.	2019-10-27 12:17:15 -05:00
Maxime Lamothe-Brassard	91e48d8c1b	Adding setup links and fixing test that would crash Not node, but not seen in prod rules.	2019-10-27 11:56:32 -05:00
Maxime Lamothe-Brassard	8d866b0868	Adding comments.	2019-10-26 17:37:13 -05:00
Maxime Lamothe-Brassard	bc5e9bd03a	Making rule output a full D&R (with the Response component) and includes a lot of metadata from the rule in the report.	2019-10-26 17:30:40 -05:00
Maxime Lamothe-Brassard	8cc3990aef	Extending support for more random rules with odd names.	2019-10-26 16:59:33 -05:00
Maxime Lamothe-Brassard	4d65b62063	Adding support for generating rules for Windows builtin category for use in the External Logs of LC.	2019-10-26 16:30:50 -05:00
Maxime Lamothe-Brassard	30cc7ee809	Refactor mappings into a flat structure to account for missing parameters in some combinations.	2019-10-26 16:09:39 -05:00
Maxime Lamothe-Brassard	77329714c5	Adding service to indirection of mappings since it will be used for Windows Event Logs.	2019-10-26 16:06:42 -05:00
Maxime Lamothe-Brassard	823d86c7d9	Remove unimplemented config entries and fix bug with valueNode.	2019-10-26 15:54:08 -05:00
Maxime Lamothe-Brassard	bba43c7a86	First draft of support for LimaCharlie D&R rules.	2019-10-26 15:45:48 -05:00