SigmaHQ

mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 09:48:58 +00:00

Author	SHA1	Message	Date
Wietze	46da416ad1	Fixing exception caused by incorrect type of passed 'path' parameter	2021-07-28 14:43:51 +01:00
Florian Roth	ce58012608	Merge pull request #1584 from frack113/multi_output Update output arg options	2021-07-24 10:07:10 +02:00
phantinuss	3b5f3d8bef	fix: indentation	2021-07-22 10:18:03 +02:00
phantinuss	e4880169d3	add sysmon_status and sysmon_error category to thor logsources	2021-07-22 09:59:16 +02:00
Florian Roth	c905e61f7a	Merge pull request #1705 from thegoatreich/logrhythm-support Logrhythm support	2021-07-17 13:47:04 +02:00
Ibrahim Ali Khan	dbf924635d	Update ecs-suricata.yml metadata items tag and cve mapping added.	2021-07-17 04:55:46 +05:00
thegoatreich	d14e0f1aaa	add logrhythm lucene backend Copied and modded the es-qs backend for logrhythm's lucene syntax.	2021-07-16 13:02:05 +01:00
thegoatreich	f0f1653e42	config file for logrhythm support a config file and field mappings Windows event logs for LogRhythm using Lucene. This uses a custom backend which is mostly based on the es-qs backend.	2021-07-16 07:54:02 -04:00
Florian Roth	680e01d309	Merge pull request #1686 from leegengyu/patch-12 Update winlogbeat-modules-enabled.yml	2021-07-15 08:37:09 +02:00
Florian Roth	9fce0fb42d	Merge pull request #1680 from phantinuss/master medium level Rule for Windows Defender Exclusions	2021-07-14 08:18:39 +02:00
G Y	aacb5f767c	Update winlogbeat-modules-enabled.yml Update mapping for EventID and TargetObject.	2021-07-14 11:01:45 +08:00
Jonhnathan	f6e7fc446f	Remove Wildcard	2021-07-13 11:21:12 -03:00
phantinuss	bf9b82fc45	medium level rule for Windows Defender Exclusions	2021-07-13 13:16:25 +02:00
Thomas Patzke	82b8b6890f	Merge pull request #1663 from heyibrahimkhan/patch-4 Create ala-azure-ad_auditlogs.yml	2021-07-12 23:37:55 +02:00
Thomas Patzke	294a405481	Merge pull request #1662 from heyibrahimkhan/patch-3 Create ala-azure-activitylogs.yml	2021-07-12 23:37:46 +02:00
Thomas Patzke	98165cdd09	Merge pull request #1661 from heyibrahimkhan/patch-2 Create ecs-azure-ad_auditlogs.yml	2021-07-12 23:37:37 +02:00
Thomas Patzke	a73c371c66	Merge pull request #1672 from mf1d3l:splunkdm_backend SplunkDM Backend: Splunk datamodels accelerated searches support	2021-07-12 23:05:51 +02:00
Florian Roth	3761cd1b34	Merge pull request #1660 from heyibrahimkhan/patch-1 Create ecs-azure-activitylogs.yml	2021-07-12 17:42:49 +02:00
Florian Roth	730e9eb883	Merge pull request #1667 from leegengyu/patch-10 Update winlogbeat-modules-enabled.yml - Imphash Field	2021-07-12 15:37:33 +02:00
Florian Roth	ac7270ff32	Merge pull request #1669 from leegengyu/patch-11 Update winlogbeat.yml - Imphash Field	2021-07-12 15:37:00 +02:00
Florian Roth	a16ce3b828	Merge pull request #1673 from frack113/ecs Add mapping for auditbeat and filebeat	2021-07-12 15:36:07 +02:00
Thomas Patzke	0b83c12dd1	Merge branch 'devel-tp'	2021-07-12 10:21:19 +02:00
$frack113$ frack113	b6d2ec33cc	Add mapping for auditbeat and filebeat	2021-07-12 09:00:57 +02:00
mf1d3l	9005b58649	extend cim	2021-07-10 23:06:29 +02:00
mf1d3l	681accf2ba	add splunkdm to Makefile	2021-07-10 22:23:15 +02:00
mf1d3l	0271bc6b13	clean	2021-07-10 22:13:09 +02:00
mf1d3l	b986ed0716	extend cim	2021-07-10 19:02:24 +02:00
G Y	bdb77780b3	Update winlogbeat.yml Change Imphash's value as current one does not exist without the Sysmon processor module under Winlogbeat.	2021-07-10 11:37:36 +08:00
G Y	cb2985df75	Update winlogbeat-modules-enabled.yml Replaced mapping for Imphash (based on Winlogbeat's Sysmon processor module).	2021-07-10 10:51:05 +08:00
mfidel	ffadd110cb	Update splunkdm.py	2021-07-10 00:03:41 +02:00
mfidel	82f8412988	Update splunkdm.py	2021-07-10 00:02:33 +02:00
mf1d3l	368388a7e6	Add Splunk Datamodel backend	2021-07-09 23:18:17 +02:00
Ibrahim Ali Khan	8bf07b3575	Create ala-azure-ad_auditlogs.yml Azure AD Audit Logs mapping for Azure Log Analytics	2021-07-08 20:40:39 +05:00
Ibrahim Ali Khan	7bba239f56	Create ala-azure-activitylogs.yml Azure Activity Logs mapping for Azure Log Analytics	2021-07-08 20:40:03 +05:00
Ibrahim Ali Khan	6849aba266	Create ecs-azure-ad_auditlogs.yml Azure AD Audit Logs Elasticsearch ecs mapping	2021-07-08 20:39:05 +05:00
Ibrahim Ali Khan	25dd14829e	Create ecs-azure-activitylogs.yml Azure Activity Logs Elasticsearch ecs mapping	2021-07-08 20:37:12 +05:00
Florian Roth	a6952540c9	Merge pull request #1659 from SigmaHQ/config-adjustments refactor: THOR config adjustments	2021-07-08 15:37:04 +02:00
Florian Roth	5e7f1f3a36	refactor: THOR config adjustments	2021-07-08 14:51:49 +02:00
Thomas Patzke	09c8d42c03	Deleted Sysmon config which doesn't makes sense	2021-07-08 07:31:49 +02:00
Florian Roth	cdc434cfc4	feat: OriginalFileName mapping in MDATP ImageLoad events	2021-07-07 18:22:58 +02:00
$frack113$ frack113	4e3b275056	Fix more windows fields name	2021-07-07 12:28:00 +02:00
$frack113$ frack113	5c9ca35bb6	Add the last missing	2021-07-07 09:10:50 +02:00
$frack113$ frack113	e76f30d59c	Add some missing fields mapping	2021-07-06 15:56:33 +02:00
Florian Roth	400fae4dba	Merge pull request #1609 from cianmcgovern/graylog-fix Escape spaces in graylog backend	2021-07-04 14:20:07 +02:00
$frack113$ frack113	8fd81acee4	Change getRuleName() to get 'id-title' instead of ('id' or 'title')	2021-07-04 11:56:59 +02:00
Cian Mc Govern	7fca08e5bd	Escape spaces in graylog backend	2021-07-02 21:56:08 +01:00
Florian Roth	06ab553d25	Merge pull request #1604 from SigmaHQ/rule-devel Config: Splunk fix log sources prefix, THOR PS classic	2021-07-02 15:39:22 +02:00
Florian Roth	ba94b8396c	config: thor - powershell classic	2021-07-02 14:14:48 +02:00
Florian Roth	03e2b9d376	fix: missing "WinEventLog:" in splunk-windows.yml	2021-07-02 14:13:12 +02:00
Florian Roth	825ff5520b	Merge pull request #1597 from SigmaHQ/rule-devel config: add PrintService Operational	2021-07-01 10:27:43 +02:00

1 2 3 4 5 ...

1019 Commits