valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 18:23:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,544 Commits 20 Branches 25 Tags 21 MiB
612a7642d2
Commit Graph

1544 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Thomas Patzke
8f3541f0a0 Added Splunk backend 2017-03-02 23:34:12 +01:00
Thomas Patzke
2dd1c7cd12 Deactivated not implemented backends 2017-03-02 22:55:45 +01:00
Thomas Patzke
9556e73cd1 Fix: automatic escaping of * and ? in es-qs backend removed 2017-03-02 12:07:07 +01:00
Florian Roth
15e61a9681 Rule: Certutil Decode in AppData 2017-03-02 11:28:34 +01:00
Florian Roth
b6459a00ab Two new Sysmon rules for Office Macro/PS detection 2017-03-02 11:06:53 +01:00
Florian Roth
8559837aab Removed Sysmon EventLog from selection > via 'logsource' 2017-03-02 11:06:20 +01:00
Thomas Patzke
77b8bd3834 Merge branch 'devel-sigmac' 2017-03-01 21:55:55 +01:00
Thomas Patzke
10ee9c64fe Moved node output into dedicated backend class methods 2017-03-01 21:47:51 +01:00
Florian Roth
06348d8ee3 Delete _config.yml 2017-03-01 17:29:02 +01:00
Florian Roth
b4f2a74371 Proposed changes to mimimkatz-inmemory aggregation 2017-03-01 10:16:43 +01:00
Florian Roth
9934a66a3c Rule: ClamAV 2017-03-01 10:00:17 +01:00
Thomas Patzke
7c362fb98e Merge branch 'devel-sigmac' 2017-03-01 09:45:35 +01:00
Thomas Patzke
0d470af0e7 Set sigmac default backend to 'es-qs' 2017-03-01 09:40:51 +01:00
Thomas Patzke
27909782e7 Merge branch 'devel-sigmac' 2017-03-01 09:36:46 +01:00
Florian Roth
ed78233544 Update README.md 2017-03-01 08:55:06 +01:00
Florian Roth
07206728a5 Sigmac Screenshot 2017-03-01 08:48:39 +01:00
Thomas Patzke
92920abbed Added sigmac Screenshot 2017-03-01 08:39:02 +01:00
Florian Roth
2e0632b05f Rule: Linux: buffer overflows 2017-03-01 08:38:33 +01:00
Thomas Patzke
0b0d37fd61 Added sigmac Screenshot 2017-03-01 00:19:11 +01:00
Thomas Patzke
f5616051d7 Merge branch 'master' into devel-sigmac 2017-03-01 00:09:24 +01:00
Thomas Patzke
e0f813ebbb Conversion to Elasticsearch Query Strings 
First version of sigmac that converts Sigma YAMLs without aggregations
into ES Query Strings suitable for Kibana or other tools.
 2017-03-01 00:03:34 +01:00
Florian Roth
001bed0c45 ModSecurity rule: multiple blocks 2017-02-28 17:53:32 +01:00
Florian Roth
9c8ed4c0b1 Apache segmentation fault rule 2017-02-28 17:53:06 +01:00
Florian Roth
b1446f9b87 Removed 'last' keyword from 'timeframe' fields 2017-02-28 17:52:40 +01:00
Florian Roth
e9d39c78c6 Scheme - Image 2017-02-25 11:39:59 +01:00
Thomas Patzke
15c6f9411b Rule review 
* Typos
* Added false positive descriptions
 2017-02-24 23:44:42 +01:00
Thomas Patzke
58f2118ef4 Parsing of search expressions 
* Tokenization
* Building a parse tree
* Aggregations not yet implemented
 2017-02-24 23:36:19 +01:00
Thomas Patzke
0e5eb513a2 Merge branch 'master' into devel-sigmac 2017-02-22 22:47:12 +01:00
Thomas Patzke
ec9f42410a Intermediate backup state: Parsing of most conditions 
* Conditions with parentheses cause exceptions
 2017-02-22 22:43:35 +01:00
Thomas Patzke
fdbadb8e6e Rule fix 
Fixed condition in webshell keyowrd rule.
 2017-02-22 22:42:35 +01:00
Florian Roth
b5b5296c5f Fixed unfinished sentence, changed 'next steps' 2017-02-22 18:16:20 +01:00
Florian Roth
a57d8347b2 Link to Sigma Converter in Devel Branch 2017-02-20 10:37:23 +01:00
Thomas Patzke
a4611d6dc6 Added new rules 
From adsecurity.org:

* https://adsecurity.org/?p=1772
* https://adsecurity.org/?p=1714
 2017-02-19 22:43:27 +01:00
Thomas Patzke
9740be92bc Merge branch 'master' into devel-sigmac 2017-02-19 22:15:18 +01:00
Florian Roth
8ec7d53688 Improved coverage / tree image 2017-02-19 13:41:04 +01:00
Florian Roth
00a4adf542 Link Bugfix 2017-02-19 11:09:32 +01:00
Florian Roth
52d04e52ac Removed lists from log source section 2017-02-19 11:08:40 +01:00
Florian Roth
6fbc1dcd32 Mayor update 
Why Sigma, intro changed
 2017-02-19 11:03:30 +01:00
Florian Roth
ca758bb99b New images 2017-02-19 10:24:24 +01:00
Florian Roth
166f207dc0 Sysmon rules 'logsource' change 2017-02-19 09:19:06 +01:00
Florian Roth
cd6e24c5ff Added "logsource" sections and new rule 2017-02-19 00:31:59 +01:00
Thomas Patzke
0543ef7e75 sigmac: Condition Tokenizer 2017-02-16 23:58:44 +01:00
Thomas Patzke
ec1c5e142b Merge branch 'master' into devel-sigmac 2017-02-16 23:52:03 +01:00
Thomas Patzke
9a38d6543f Fixed type of condition 2017-02-16 23:49:34 +01:00
Thomas Patzke
367596060d Merge branch 'master' into devel-sigmac 2017-02-16 22:14:48 +01:00
Florian Roth
18fd63f6b7 Levels to low, medium, high, critical 2017-02-16 18:06:22 +01:00
Thomas Patzke
ce43dce7ef Parsing of detections 
Transformation of detections into internal data structures. Parsing must
be changed later to on-demand parsing because condition can change
default behavior of lists.
 2017-02-16 00:40:08 +01:00
Florian Roth
77930b5173 Merge pull request #3 from Neo23x0/devel 
Rule review and cleanup
 2017-02-16 00:07:46 +01:00
Thomas Patzke
3821e59db1 Merge branch 'devel' into devel-sigmac 2017-02-15 23:57:33 +01:00
Thomas Patzke
88270fcf2d Rule review and cleanup 
* removed unnecessary one element lists from definitions
* converted some lists of one element maps to maps because the resulting
  OR linkage would cause wrong result.
 2017-02-15 23:53:08 +01:00