valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 09:48:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
367 Commits 20 Branches 25 Tags 21 MiB
52525236a5
Commit Graph

23 Commits

Author SHA1 Message Date
Thomas Patzke
52525236a5 sigmac: added parameter to control error behavior 
* --defer-abort
* --ignore-not-implemented
 2017-08-02 00:56:22 +02:00
Thomas Patzke
3495bac9cb sigmac: return error codes 2017-07-31 00:31:49 +02:00
Thomas Patzke
ae5ae8f763 Verbose mode prints tokens if parsing failed 2017-03-29 22:21:40 +02:00
Thomas Patzke
d0bed75eb9 Added --output/-o parameter to sigmac 2017-03-18 23:15:03 +01:00
Thomas Patzke
52d7e9fc07 Parsing log sources in configuration files 2017-03-12 23:12:21 +01:00
Thomas Patzke
12e825783b Merge branch 'master' into devel-sigmac 2017-03-11 23:49:56 +01:00
Florian Roth
cd445f8ae9 Bugfix: non-recursive list not pathlib.Path elements but strings 2017-03-07 09:41:46 +01:00
Thomas Patzke
dae88fbcfa Error and warning messages are printed to stderr 2017-03-06 23:01:33 +01:00
Thomas Patzke
05df298d45 Field mappings 2017-03-06 22:07:04 +01:00
Thomas Patzke
6ddc15c972 Merge branch 'devel-sigmac' into devel-sigmac-config 2017-03-06 21:32:58 +01:00
Thomas Patzke
896b8fb56e Finished path recursion 2017-03-06 21:26:56 +01:00
Florian Roth
df39dee702 Sigmac recursive feature 2017-03-06 09:36:24 +01:00
Thomas Patzke
8864647e04 Parsing of sigmac configuration files 
* field mappings
* log sources
 2017-03-05 23:44:52 +01:00
Thomas Patzke
4aaa22fd6d Made not implemented sigmac features obvious 
* added notes to help message
* error if not implemented option is used
 2017-03-04 23:36:46 +01:00
Florian Roth
b984d83685 Typo in help text 2017-03-03 12:47:20 +01:00
Thomas Patzke
0d470af0e7 Set sigmac default backend to 'es-qs' 2017-03-01 09:40:51 +01:00
Thomas Patzke
e0f813ebbb Conversion to Elasticsearch Query Strings 
First version of sigmac that converts Sigma YAMLs without aggregations
into ES Query Strings suitable for Kibana or other tools.
 2017-03-01 00:03:34 +01:00
Thomas Patzke
58f2118ef4 Parsing of search expressions 
* Tokenization
* Building a parse tree
* Aggregations not yet implemented
 2017-02-24 23:36:19 +01:00
Thomas Patzke
ec9f42410a Intermediate backup state: Parsing of most conditions 
* Conditions with parentheses cause exceptions
 2017-02-22 22:43:35 +01:00
Thomas Patzke
0543ef7e75 sigmac: Condition Tokenizer 2017-02-16 23:58:44 +01:00
Thomas Patzke
ce43dce7ef Parsing of detections 
Transformation of detections into internal data structures. Parsing must
be changed later to on-demand parsing because condition can change
default behavior of lists.
 2017-02-16 00:40:08 +01:00
Thomas Patzke
980ed9c5c7 Moved YAML parsing in SigmaParser class 2017-02-13 23:31:42 +01:00
Thomas Patzke
1498d787e7 Added Sigma converter skeleton 
* YAML parsing
* argument parsing
* empty backend classes
 2017-02-13 23:28:53 +01:00