valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 18:23:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
3,732 Commits 20 Branches 25 Tags 21 MiB
5019f2f160
Commit Graph

308 Commits

Author SHA1 Message Date
bar
50ef79b398 Custom STIX object "x-sigma" for fields that missing mapping, so the pattern is STIX valid 2020-07-08 14:09:26 +03:00
Thomas Patzke
9bcff522b6 Merge branch 'master' of https://github.com/rashimo/sigma into pr-709 2020-07-07 23:12:03 +02:00
bar
acbab2db4b stix backend + mapping configurations for windows logs and qradar 2020-07-07 15:04:16 +03:00
Chris Brake
6ed1ea6509 Updating the mdatp backend file as it is currently impossible to set an ActionType as there is no mapping to EventType 2020-06-30 14:49:29 +01:00
Thomas Patzke
b1e4f44c21
Merge pull request #823 from Kuermel/master 
Add more Options for XPackWatcherBackend (Elasticsearch)
 2020-06-28 00:03:04 +02:00
Thomas Patzke
de5e453e19
Merge pull request #831 from 404d/cbr-backend-tweaks 
Add parentheses around field list groups in CB
 2020-06-27 23:39:57 +02:00
Thomas Patzke
f907c49ab5 Improved test coverage 
* Added test case
* Removed unused code
 2020-06-13 01:11:08 +02:00
Simen Lybekk
bbcbed4742 Add parentheses about field list groups in CB 
This should address the grouping issue from #660.
The grouping issue was solved by just slamming some parentheses around the fields in the listExpression field.
 2020-06-11 15:33:02 +02:00
Thomas G
8c61dc9248
Add more Options for XPackWatcherBackend (Elasticsearch) 
Add action_throttle_period, mail_from adn mail_profile to the XPackWatcherBackend (Elasticsearch)
 2020-06-09 20:57:26 +02:00
Thomas Patzke
fb9855bd3b Added description to es-rule backend 2020-06-06 01:02:44 +02:00
Thomas Patzke
c992dc5215 Improved test coverage 2020-06-05 23:33:51 +02:00
Thomas Patzke
5d88d97c73 Merge branch 'improvements/improved_mdatp_mappings' of https://github.com/wietze/sigma into wietze-improvements/improved_mdatp_mappings 2020-06-05 23:03:52 +02:00
Jonas Plum
3a6ac5bd5c Remove unused function 2020-05-30 01:57:06 +02:00
Jonas Plum
70935d26ce Add license header 2020-05-29 23:56:05 +02:00
Jonas Hagg
dedfb65d63 Implemented Aggregation for SQL, Added SQLite FullTextSearch 2020-05-25 11:58:55 +02:00
Thomas Patzke
daf7ab5ff7 Cleanup: removal of corelight_* backends 2020-05-24 22:41:38 +02:00
Thomas Patzke
d45f8e19fe Fixes 2020-05-24 21:46:55 +02:00
Thomas Patzke
32e4998c49 Removed dead code from ALA backend. 2020-05-24 21:45:37 +02:00
Thomas Patzke
24b08bbf30 Merge branch 'master' of https://github.com/socprime/sigma into socprime-master 2020-05-24 17:06:32 +02:00
Tiago Faria
2893becf8c Merge remote-tracking branch 'upstream/master' 2020-05-14 14:02:20 +01:00
Remco Hofman
37b08543ac Updated author reference in license 2020-05-11 11:47:56 +02:00
vh
fb9c5841f4 Added Humio, Crowdstrike, Corelight 2020-05-08 13:41:52 +03:00
Remco Hofman
dc96b7ffb3 Removed dependency on slugify 2020-05-08 11:40:16 +02:00
Remco Hofman
c5be83eb01 Added ee-outliers backend 2020-05-08 10:18:35 +02:00
pdr9rc
aa175a7d5b wip 
wip
 2020-05-04 18:02:27 +01:00
pdr9rc
dd9e128a15 kibana target update 
kibana target now compatible with overrides
 2020-05-04 17:35:12 +01:00
pdr9rc
b3194e66c4 Update base.py 2020-05-04 16:37:36 +01:00
Wietze
2b3828730c Reversed disabling FileDelete 2020-05-02 17:31:50 +01:00
Wietze
e5574e07f2 Disabled FileDelete event (Sysmon 11 - no rules available yet) 2020-05-02 16:21:56 +01:00
Wietze
5abf4cbea9 Reordered fields 2020-05-02 14:46:55 +01:00
Wietze
661108903b Minor consistency fix 2020-05-02 14:37:37 +01:00
Wietze
46737cbfd3 Improved Microsoft ATP mapping, using Advanced Hunting Schema 
See https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference
 2020-05-02 14:31:02 +01:00
pdr9rc
98391f985a wip 
wip
 2020-04-30 15:19:38 +01:00
pdr9rc
9ce84a38e5 overrides section support + one example rule + cloudtrail config 
ditto
 2020-04-29 20:36:45 +01:00
alm8i
7ac685882c comments for usage 2020-04-11 15:47:23 +02:00
Danijel Grah
6312f381bf
C# backend 
Converts Sigma rule into C# Regex in LINQ query
 2020-04-10 16:12:05 +02:00
Thomas Patzke
1c5c8047fd Fixes 
* Removed commented debug print statements
* Defined nullExpression
* Removed unneeded generateMapItemNode method
* Value cleaning bug on matching of wildcard at first character
 2020-04-08 23:43:46 +02:00
Thomas Patzke
cf896c3093 Merge branch 'master' of https://github.com/abhikhnvasara/sigma into pr-630 2020-04-08 23:16:39 +02:00
Thomas Patzke
551a94af04 Merge branch 'master' of https://github.com/tileo/sigma into pr-658 2020-04-08 22:43:48 +02:00
Thomas Patzke
7224af54b2
Merge pull request #664 from j91321/es-rule-options 
es-rule backend options for index-patterns and time interval
 2020-04-08 22:39:45 +02:00
Thomas Patzke
1b7f33f5e2 Fixed undefined value in exception handling 
Fixes issue #702.
 2020-04-08 22:28:47 +02:00
j91321
3470011ac3 Revert time interval, use index values provided by sigmaparser 2020-04-05 20:30:57 +02:00
Thomas Patzke
693830fa83 Merge pull request 659 2020-04-03 23:46:53 +02:00
Maxime Lamothe-Brassard
f92c5e9b18 Remove generation of LC rules with timeframe. 2020-04-02 15:25:30 -07:00
Thomas Patzke
004eaf0615 Revert "do not escape u" 
This reverts commit aa112cbd44.

This was a fix for a previous bug.
 2020-03-24 23:36:12 +01:00
vunx2
1025930e04 merge 2020-03-19 11:05:52 +07:00
vunx2
2107d86900 merge 2020-03-19 10:58:30 +07:00
vunx2
1b12a6b261 modified: tools/sigma/backends/carbonblack.py 2020-03-19 09:00:24 +07:00
neu5ron
aa112cbd44 do not escape u 2020-03-18 08:51:38 -04:00
neu5ron
17318b48bf - fix agg_option keyword 
- remove (now) unnecessary other hardcoded `.keyword` locations
 2020-03-18 08:50:37 -04:00