SigmaHQ

mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-06 17:35:19 +00:00

Author	SHA1	Message	Date
$frack113$ frack113	88a59be69c	Add options and return error code	2021-09-18 18:13:16 +02:00
$frack113$ frack113	72d301ba20	remove bad cb	2021-09-18 15:55:01 +02:00
$frack113$ frack113	365db5abbc	fix bad elasticsearch-rule	2021-09-18 15:54:08 +02:00
$frack113$ frack113	5081c210b7	add simple script	2021-09-18 15:51:05 +02:00
Maxime Lamothe-Brassard	314fa5aaa5	Add validation for logical sub operators.	2021-09-14 18:00:09 -07:00
Austin Songer	7ff0ff104a	Update ecs-okta.yml	2021-09-14 01:52:03 -05:00
Austin Songer	2a52cef62e	Update ecs-okta.yml	2021-09-13 22:29:19 -05:00
Austin Songer	1895906580	Update ecs-okta.yml	2021-09-13 22:16:43 -05:00
Austin Songer	15bd61ed9f	Update ecs-okta.yml	2021-09-13 21:45:14 -05:00
Austin Songer	87affad990	Create ecs-okta.yml	2021-09-13 21:31:25 -05:00
Thomas Patzke	c7ecf6da65	Merge pull request #2009 from Preston-Young/master Added New OpenSearch Monitor Backend	2021-09-13 23:07:35 +02:00
albchen	1dec1a49fa	Mapped OriginalFileName in DeviceProcessEvents Mapped OriginalFileName to ProcessVersionInfoOriginalFileName in DeviceProcessEvents. Tested and works for rules such as https://github.com/SigmaHQ/sigma/blob/master/rules/windows/process_creation/win_renamed_binary.yml	2021-09-10 15:51:32 -07:00
Austin Songer	a798469961	Update lacework.py	2021-09-10 09:46:57 -05:00
Young	fe53f6dd5d	moved default values to backend file	2021-09-09 15:02:59 -07:00
Young	647f81d128	reverted changes in base.py to upstream	2021-09-09 10:55:36 -07:00
Young	03a8d93a54	Merge branch 'master' of https://github.com/Preston-Young/sigma	2021-09-09 10:41:10 -07:00
Young	c2c1b21a27	cleaning up changed files	2021-09-09 10:40:48 -07:00
Preston Young	4a98d68977	Merge branch 'SigmaHQ:master' into master	2021-09-09 10:28:16 -07:00
$frack113$ frack113	dc88ad7c73	fix sigma_uuid assign id	2021-09-05 17:50:54 +02:00
$frack113$ frack113	acf2bfbd27	Update sigma_uuid verify Make a better verify code	2021-09-05 10:43:42 +02:00
$frack113$ frack113	11e4b900e4	Update global id	2021-09-03 06:59:40 +02:00
$frack113$ frack113	086a15fc45	Update global ID	2021-09-02 20:07:03 +02:00
Thomas Patzke	51bc036dbf	Merge pull request #1921 from roysjosh/azure-sentinel-arm-output Azure Sentinel support	2021-09-01 22:26:42 +02:00
Thomas Patzke	3d6ad1bc0f	Merge pull request #1944 from ncrqnt/elastic-subtechniques [Elastic] Add support for authors and subtechniques	2021-09-01 22:25:10 +02:00
Young	b0efaf5a51	changed adjustMatches function to combine aall atomic matches into a single bool statement	2021-08-31 18:15:46 -07:00
neu5ron	96c7e180fe	Merge branch 'master' of https://github.com/SigmaHQ/sigma into qoutes_and_wildcards Signed-off-by: neu5ron <neu5ron@users.noreply.github.com>	2021-08-30 16:33:33 -04:00
neu5ron	61897fa2e0	Merge branch 'master' of https://github.com/SigmaHQ/sigma into qoutes_and_wildcards Signed-off-by: neu5ron <neu5ron@users.noreply.github.com>	2021-08-30 16:06:58 -04:00
Nico	00dec96245	Add support for subtechniques	2021-08-30 08:45:21 +02:00
Nico	5f271bf334	add author field to elastic rule	2021-08-30 08:29:07 +02:00
$frack113$ frack113	5f1143247b	Update "sigmac -l" message	2021-08-28 08:51:58 +02:00
$frack113$ frack113	6aae623f45	Remove duplicate file	2021-08-28 08:42:02 +02:00
David Hazekamp	cc6e4381b2	feat(backend): introducing lacework backend Adding authors Removing todo	2021-08-26 14:12:47 -05:00
David Hazekamp	a5d175fbf7	feat(backend): introducing lacework backend	2021-08-26 14:05:44 -05:00
Young	c1154e7b45	removed osMonitor.json	2021-08-24 16:24:45 -07:00
Joshua Roys	294bb432d0	Add Azure Sentinel backend The web interface expects ARM templates.	2021-08-24 16:01:23 -04:00
Joshua Roys	829117ca7f	Allow ints as values in ALA backend Without this, LogonType set as an int caused sigmac to abort the rule.	2021-08-24 16:00:08 -04:00
Joshua Roys	93be8471ec	Fix tactics/techniques in ALA backend	2021-08-24 15:58:21 -04:00
Young	d1c7ee0830	cleaned up backend class and re-added support for threshold rules	2021-08-23 15:53:43 -07:00
Young	f51c462439	finished building and translating AST, asupporting nested queries	2021-08-22 21:58:04 -07:00
Thomas Patzke	3396d72d81	Merge pull request #1887 from frack113/fix_NodeSubexpression_len fix sigmac error "has no len()"	2021-08-22 12:11:16 +02:00
Thomas Patzke	cbf1fd213b	Merge pull request #1856 from theoguidoux/sql-sqlite-fields-selection [Ready] SQL & SQLite rule fields selection	2021-08-22 12:09:07 +02:00
Thomas Patzke	b97a47c32a	Merge pull request #1895 from frack113/fix_sigma2attack.py sigma2attack.py fix yaml error	2021-08-22 12:05:54 +02:00
$frack113$ frack113	7cd71b2240	fix yaml error	2021-08-22 08:57:07 +02:00
Austin Songer	579a80411d	Update m365.yml	2021-08-21 15:03:31 -05:00
Austin Songer	645492cef5	Update m365.yml just working on expanding this.	2021-08-21 14:57:38 -05:00
$frack113$ frack113	f6fe5e7d02	fix when backend support error	2021-08-20 13:58:57 +02:00
$frack113$ frack113	4e895da471	fix error "has no len()"	2021-08-20 09:20:56 +02:00
Austin Songer	e6457531dd	Create m365.yml	2021-08-20 00:29:29 -05:00
$frack113$ frack113	08324a5a56	Merge pull request #1875 from frack113/fix_sigma_similarity sigma_similarity fix start errors	2021-08-19 14:16:52 +02:00
$frack113$ frack113	2cdab46ee4	fix start errors	2021-08-19 09:37:00 +02:00

1 2 3 4 5 ...

1131 Commits