valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 02:08:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
4,120 Commits 20 Branches 25 Tags 21 MiB
57445969f1
Commit Graph

790 Commits

Author SHA1 Message Date
Florian Roth
d3ee1aba66 docs: MITRE ATT&CK(R) trademark references removed or adjusted 
https://github.com/Neo23x0/sigma/issues/1028
 2020-09-30 08:53:52 +02:00
Thomas Patzke
378d9c94cf Merge branch 'master' of https://github.com/socprime/sigma into pr-981 2020-09-15 12:14:49 +02:00
snake-jump
5119f887c8
add Regular expression support 
Add Regular expression support for netwitness-epl backend
 2020-09-14 22:04:47 +02:00
snake-jump
531557465c
delete raise exception in case of sigma key is keyword(s) 2020-09-14 16:00:03 +02:00
snake-jump
09f25cf992 delete sqlparse module usage 2020-09-10 19:05:55 +02:00
snake-jump
e74846b767 modify comment 2020-09-10 18:09:15 +02:00
snake-jump
64035fd799 initial commit for Netwitness-EPL backend 2020-09-10 17:12:12 +02:00
vh
a2fec9f3b9 Fix sysmon backend 2020-08-28 12:26:40 +03:00
Thomas Patzke
bae09e9447 Sigmatools release 0.18.1 2020-08-26 00:06:25 +02:00
Nate Guagenti
f21b3c50c6 control whether to use an analyzed field or different type if a query/value contains a wildcard. 
Signed-off-by: Nate Guagenti <neu5ron@users.noreply.github.com>
 2020-08-25 13:13:18 -04:00
Nate Guagenti
a7ffb96b6b elasticsearch regex escape of '.' for case insensitivity backend options 
Signed-off-by: Nate Guagenti <neu5ron@users.noreply.github.com>
 2020-08-25 13:10:25 -04:00
Nate Guagenti
474e04dfe3 add new options to readme for elasticbackend 
Signed-off-by: Nate Guagenti <neu5ron@users.noreply.github.com>
 2020-08-25 13:00:22 -04:00
Nate Guagenti
76910eaee4 fix sub field name usage if there are 3 or more fields.. 
Signed-off-by: Nate Guagenti <neu5ron@users.noreply.github.com>
 2020-08-25 12:56:57 -04:00
Nate Guagenti
0d713e4544 control whether to use an analyzed field or different type if a query/value contains a wildcard. 
Signed-off-by: Nate Guagenti <neu5ron@users.noreply.github.com>
 2020-08-25 12:56:33 -04:00
tung12
1921e9dd89 Fix wild card and some escaped characters 2020-08-18 15:57:13 +07:00
SOC Prime
d3ba1e4fb8
Add sysmon backend 2020-08-18 11:20:22 +03:00
tung12
172f7b371e Change mapped Image to path 2020-08-17 15:05:44 +07:00
Dermott, Scott J
7e6828dd40 + Adding Mitre Sub-Techniques and python update script to fetch latest Pre, Enterprise & Mobile Tactics and Techniques from Mitre CTI 2020-08-13 10:24:44 +01:00
Thomas Patzke
01125ffd3b Fixed: Elastalert backend handling of conditional field mappings 2020-08-11 23:29:18 +02:00
bar
8352eefe22 STIX Support keywords (value without field) 2020-07-28 18:52:02 +03:00
bar
de475bb500 updated STIX mapping for more rule fields 2020-07-27 14:36:30 +03:00
bar
32cf352236 Merge remote-tracking branch 'upstream/master' 2020-07-26 14:56:06 +03:00
bar
9643e01b54 extension should use '..' 2020-07-26 12:16:48 +03:00
Thomas Patzke
dcb07bab2f
Merge pull request #949 from 0xballistics/powershell_backend_fix 
partial(?) fix of #762
 2020-07-25 10:18:05 +02:00
Simran Soin
c329f6412d Fix bug with NOT handling 2020-07-23 11:47:55 -04:00
Simran Soin
6c7b4cf408 Revert additional change in base.py 2020-07-23 10:47:22 -04:00
Simran Soin
ef9af3730a Remove unnecessary edits from qradar.py 2020-07-23 10:34:29 -04:00
Simran Soin
0e49a6acdf Default NOT to false for all functions 2020-07-23 10:18:16 -04:00
Simran Soin
0fac21f4a3 Remove modifications from base file and override in stix.py 2020-07-23 10:13:30 -04:00
Simran Soin
30ff22776a Fix NOT bug 2020-07-23 09:41:33 -04:00
bar
5019f2f160 added mapping for stix web, cloud, linux 2020-07-22 21:41:46 +03:00
bar
0543ec1ae3 mapping update, removed unused fields 2020-07-21 19:49:26 +03:00
bar
83623f396c Merge remote-tracking branch 'upstream/master' 2020-07-21 17:22:06 +03:00
bar
da30266c60 ImageLoaded mapping added 2020-07-21 17:21:14 +03:00
David Straßegger
875360f373 fixed wrong function call for elastalert aggregation. fixes #940 2020-07-20 14:32:30 +02:00
Florian Roth
ae05e8eb11
Merge pull request #935 from SanWieb/933-EventID-process_creation 
Revert "Ref #933 - Added windows Process Creation to config"
 2020-07-16 14:32:19 +02:00
Sander
94272c7770 Revert "Ref #933 - Added windows Process Creation to config" 
This reverts commit 6c35a7afa0.
 2020-07-16 14:30:17 +02:00
Florian Roth
80e6e933a9
Merge pull request #934 from SanWieb/933-EventID-process_creation 
Proposed fix for #933
 2020-07-16 13:38:12 +02:00
Sander
6c35a7afa0 Ref #933 - Added windows Process Creation to config 2020-07-16 13:16:57 +02:00
Aidan Bracher
e0476d5ce6 Merge branch 'master' of git://github.com/Neo23x0/sigma 2020-07-15 16:35:29 +01:00
Aidan Bracher
1e5ee5823c Fix for indentation issue 
Wrong indentation of line 182 meant that even where config options
were given, the default per backend was being used, rendering
custom config useless.
 2020-07-15 16:29:27 +01:00
Florian Roth
c7e412788a
Merge pull request #924 from Neo23x0/devel 
Live MITRE ATT&CK data from TAXI service in Test Scripts
 2020-07-14 18:15:29 +02:00
Florian Roth
71e66ea9ba refactor: tests use live data from MITRE's TAXI service 2020-07-14 17:54:02 +02:00
Pushkarev Dmitry
6c999df3b7 Added AppLocker log source 2020-07-13 20:48:06 +00:00
Pushkarev Dmitry
8e3f973e69 Added AppLocker log source 2020-07-13 20:46:49 +00:00
Pushkarev Dmitry
bdfb646228 Added AppLocker log source 2020-07-13 20:45:30 +00:00
Pushkarev Dmitry
364af53902 Added AppLocker log source 2020-07-13 20:44:03 +00:00
Pushkarev Dmitry
326cf05a74 Added AppLocker log source 2020-07-13 20:41:54 +00:00
Pushkarev Dmitry
46a6183745 Added AppLocker log source 2020-07-13 20:32:03 +00:00
Pushkarev Dmitry
a58e037509 Added AppLocker log source 2020-07-13 20:30:02 +00:00