frack113
|
4b44ee654b
|
Fix missing a space
|
2021-08-05 13:36:18 +02:00 |
|
frack113
|
0b053e79cc
|
fix syntax error
|
2021-08-05 13:33:39 +02:00 |
|
frack113
|
439b3cecc3
|
Add most of security EventID
|
2021-08-05 13:31:39 +02:00 |
|
frack113
|
ac43eecc36
|
Add eventid 4624
|
2021-08-05 11:20:22 +02:00 |
|
frack113
|
1d1b58d712
|
add sysmon mapping
|
2021-08-05 10:54:58 +02:00 |
|
frack113
|
481cd9aca1
|
add security 7045
|
2021-08-04 15:46:05 +02:00 |
|
frack113
|
47086d5d78
|
fix duplicate
|
2021-08-04 15:12:01 +02:00 |
|
frack113
|
21228a21c7
|
update SYSMON Hashes
|
2021-08-04 15:09:02 +02:00 |
|
Florian Roth
|
f06f8a1191
|
Merge pull request #1757 from wietze/fix/carbon-black-eedr/field_renames
[CarbonBlack EEDR] Several updates to config file
|
2021-07-29 18:13:47 +02:00 |
|
Wietze
|
687631ee20
|
Several updates to CarbonBlack EEDR config
|
2021-07-29 14:09:37 +01:00 |
|
Wietze
|
e0d6856987
|
[CarbonBlack] Adding extra escape character
Hyphens, especially when at the start of a query, need escaping since hyphens are also used to negate conditions
|
2021-07-29 13:57:58 +01:00 |
|
Florian Roth
|
7c78f40372
|
Merge pull request #1744 from gliptak/patch-3
Add yamllint to GHA
|
2021-07-28 16:24:33 +02:00 |
|
Wietze
|
46da416ad1
|
Fixing exception caused by incorrect type of passed 'path' parameter
|
2021-07-28 14:43:51 +01:00 |
|
Gábor Lipták
|
d2592ee0b6
|
Add yamllint to GHA
Signed-off-by: Gábor Lipták <gliptak@gmail.com>
|
2021-07-26 21:26:16 -04:00 |
|
Florian Roth
|
ce58012608
|
Merge pull request #1584 from frack113/multi_output
Update output arg options
|
2021-07-24 10:07:10 +02:00 |
|
phantinuss
|
3b5f3d8bef
|
fix: indentation
|
2021-07-22 10:18:03 +02:00 |
|
phantinuss
|
e4880169d3
|
add sysmon_status and sysmon_error category to thor logsources
|
2021-07-22 09:59:16 +02:00 |
|
Florian Roth
|
c905e61f7a
|
Merge pull request #1705 from thegoatreich/logrhythm-support
Logrhythm support
|
2021-07-17 13:47:04 +02:00 |
|
Ibrahim Ali Khan
|
dbf924635d
|
Update ecs-suricata.yml
metadata items tag and cve mapping added.
|
2021-07-17 04:55:46 +05:00 |
|
thegoatreich
|
d14e0f1aaa
|
add logrhythm lucene backend
Copied and modded the es-qs backend for logrhythm's lucene syntax.
|
2021-07-16 13:02:05 +01:00 |
|
thegoatreich
|
f0f1653e42
|
config file for logrhythm support
a config file and field mappings Windows event logs for LogRhythm using Lucene.
This uses a custom backend which is mostly based on the es-qs backend.
|
2021-07-16 07:54:02 -04:00 |
|
Florian Roth
|
680e01d309
|
Merge pull request #1686 from leegengyu/patch-12
Update winlogbeat-modules-enabled.yml
|
2021-07-15 08:37:09 +02:00 |
|
Florian Roth
|
9fce0fb42d
|
Merge pull request #1680 from phantinuss/master
medium level Rule for Windows Defender Exclusions
|
2021-07-14 08:18:39 +02:00 |
|
G Y
|
aacb5f767c
|
Update winlogbeat-modules-enabled.yml
Update mapping for EventID and TargetObject.
|
2021-07-14 11:01:45 +08:00 |
|
Jonhnathan
|
f6e7fc446f
|
Remove Wildcard
|
2021-07-13 11:21:12 -03:00 |
|
phantinuss
|
bf9b82fc45
|
medium level rule for Windows Defender Exclusions
|
2021-07-13 13:16:25 +02:00 |
|
Thomas Patzke
|
82b8b6890f
|
Merge pull request #1663 from heyibrahimkhan/patch-4
Create ala-azure-ad_auditlogs.yml
|
2021-07-12 23:37:55 +02:00 |
|
Thomas Patzke
|
294a405481
|
Merge pull request #1662 from heyibrahimkhan/patch-3
Create ala-azure-activitylogs.yml
|
2021-07-12 23:37:46 +02:00 |
|
Thomas Patzke
|
98165cdd09
|
Merge pull request #1661 from heyibrahimkhan/patch-2
Create ecs-azure-ad_auditlogs.yml
|
2021-07-12 23:37:37 +02:00 |
|
Thomas Patzke
|
a73c371c66
|
Merge pull request #1672 from mf1d3l:splunkdm_backend
SplunkDM Backend: Splunk datamodels accelerated searches support
|
2021-07-12 23:05:51 +02:00 |
|
Florian Roth
|
3761cd1b34
|
Merge pull request #1660 from heyibrahimkhan/patch-1
Create ecs-azure-activitylogs.yml
|
2021-07-12 17:42:49 +02:00 |
|
Florian Roth
|
730e9eb883
|
Merge pull request #1667 from leegengyu/patch-10
Update winlogbeat-modules-enabled.yml - Imphash Field
|
2021-07-12 15:37:33 +02:00 |
|
Florian Roth
|
ac7270ff32
|
Merge pull request #1669 from leegengyu/patch-11
Update winlogbeat.yml - Imphash Field
|
2021-07-12 15:37:00 +02:00 |
|
Florian Roth
|
a16ce3b828
|
Merge pull request #1673 from frack113/ecs
Add mapping for auditbeat and filebeat
|
2021-07-12 15:36:07 +02:00 |
|
Thomas Patzke
|
0b83c12dd1
|
Merge branch 'devel-tp'
|
2021-07-12 10:21:19 +02:00 |
|
frack113
|
b6d2ec33cc
|
Add mapping for auditbeat and filebeat
|
2021-07-12 09:00:57 +02:00 |
|
mf1d3l
|
9005b58649
|
extend cim
|
2021-07-10 23:06:29 +02:00 |
|
mf1d3l
|
681accf2ba
|
add splunkdm to Makefile
|
2021-07-10 22:23:15 +02:00 |
|
mf1d3l
|
0271bc6b13
|
clean
|
2021-07-10 22:13:09 +02:00 |
|
mf1d3l
|
b986ed0716
|
extend cim
|
2021-07-10 19:02:24 +02:00 |
|
G Y
|
bdb77780b3
|
Update winlogbeat.yml
Change Imphash's value as current one does not exist without the Sysmon processor module under Winlogbeat.
|
2021-07-10 11:37:36 +08:00 |
|
G Y
|
cb2985df75
|
Update winlogbeat-modules-enabled.yml
Replaced mapping for Imphash (based on Winlogbeat's Sysmon processor module).
|
2021-07-10 10:51:05 +08:00 |
|
mfidel
|
ffadd110cb
|
Update splunkdm.py
|
2021-07-10 00:03:41 +02:00 |
|
mfidel
|
82f8412988
|
Update splunkdm.py
|
2021-07-10 00:02:33 +02:00 |
|
mf1d3l
|
368388a7e6
|
Add Splunk Datamodel backend
|
2021-07-09 23:18:17 +02:00 |
|
Ibrahim Ali Khan
|
8bf07b3575
|
Create ala-azure-ad_auditlogs.yml
Azure AD Audit Logs mapping for Azure Log Analytics
|
2021-07-08 20:40:39 +05:00 |
|
Ibrahim Ali Khan
|
7bba239f56
|
Create ala-azure-activitylogs.yml
Azure Activity Logs mapping for Azure Log Analytics
|
2021-07-08 20:40:03 +05:00 |
|
Ibrahim Ali Khan
|
6849aba266
|
Create ecs-azure-ad_auditlogs.yml
Azure AD Audit Logs Elasticsearch ecs mapping
|
2021-07-08 20:39:05 +05:00 |
|
Ibrahim Ali Khan
|
25dd14829e
|
Create ecs-azure-activitylogs.yml
Azure Activity Logs Elasticsearch ecs mapping
|
2021-07-08 20:37:12 +05:00 |
|
Florian Roth
|
a6952540c9
|
Merge pull request #1659 from SigmaHQ/config-adjustments
refactor: THOR config adjustments
|
2021-07-08 15:37:04 +02:00 |
|