valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 10:13:57 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,925 Commits 20 Branches 25 Tags 21 MiB
7a1d48cccd
Commit Graph

1925 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Thomas Patzke
f5616051d7 Merge branch 'master' into devel-sigmac 2017-03-01 00:09:24 +01:00
Thomas Patzke
e0f813ebbb Conversion to Elasticsearch Query Strings 
First version of sigmac that converts Sigma YAMLs without aggregations
into ES Query Strings suitable for Kibana or other tools.
 2017-03-01 00:03:34 +01:00
Florian Roth
001bed0c45 ModSecurity rule: multiple blocks 2017-02-28 17:53:32 +01:00
Florian Roth
9c8ed4c0b1 Apache segmentation fault rule 2017-02-28 17:53:06 +01:00
Florian Roth
b1446f9b87 Removed 'last' keyword from 'timeframe' fields 2017-02-28 17:52:40 +01:00
Florian Roth
e9d39c78c6 Scheme - Image 2017-02-25 11:39:59 +01:00
Thomas Patzke
15c6f9411b Rule review 
* Typos
* Added false positive descriptions
 2017-02-24 23:44:42 +01:00
Thomas Patzke
58f2118ef4 Parsing of search expressions 
* Tokenization
* Building a parse tree
* Aggregations not yet implemented
 2017-02-24 23:36:19 +01:00
Thomas Patzke
0e5eb513a2 Merge branch 'master' into devel-sigmac 2017-02-22 22:47:12 +01:00
Thomas Patzke
ec9f42410a Intermediate backup state: Parsing of most conditions 
* Conditions with parentheses cause exceptions
 2017-02-22 22:43:35 +01:00
Thomas Patzke
fdbadb8e6e Rule fix 
Fixed condition in webshell keyowrd rule.
 2017-02-22 22:42:35 +01:00
Florian Roth
b5b5296c5f Fixed unfinished sentence, changed 'next steps' 2017-02-22 18:16:20 +01:00
Florian Roth
a57d8347b2 Link to Sigma Converter in Devel Branch 2017-02-20 10:37:23 +01:00
Thomas Patzke
a4611d6dc6 Added new rules 
From adsecurity.org:

* https://adsecurity.org/?p=1772
* https://adsecurity.org/?p=1714
 2017-02-19 22:43:27 +01:00
Thomas Patzke
9740be92bc Merge branch 'master' into devel-sigmac 2017-02-19 22:15:18 +01:00
Florian Roth
8ec7d53688 Improved coverage / tree image 2017-02-19 13:41:04 +01:00
Florian Roth
00a4adf542 Link Bugfix 2017-02-19 11:09:32 +01:00
Florian Roth
52d04e52ac Removed lists from log source section 2017-02-19 11:08:40 +01:00
Florian Roth
6fbc1dcd32 Mayor update 
Why Sigma, intro changed
 2017-02-19 11:03:30 +01:00
Florian Roth
ca758bb99b New images 2017-02-19 10:24:24 +01:00
Florian Roth
166f207dc0 Sysmon rules 'logsource' change 2017-02-19 09:19:06 +01:00
Florian Roth
cd6e24c5ff Added "logsource" sections and new rule 2017-02-19 00:31:59 +01:00
Thomas Patzke
0543ef7e75 sigmac: Condition Tokenizer 2017-02-16 23:58:44 +01:00
Thomas Patzke
ec1c5e142b Merge branch 'master' into devel-sigmac 2017-02-16 23:52:03 +01:00
Thomas Patzke
9a38d6543f Fixed type of condition 2017-02-16 23:49:34 +01:00
Thomas Patzke
367596060d Merge branch 'master' into devel-sigmac 2017-02-16 22:14:48 +01:00
Florian Roth
18fd63f6b7 Levels to low, medium, high, critical 2017-02-16 18:06:22 +01:00
Thomas Patzke
ce43dce7ef Parsing of detections 
Transformation of detections into internal data structures. Parsing must
be changed later to on-demand parsing because condition can change
default behavior of lists.
 2017-02-16 00:40:08 +01:00
Florian Roth
77930b5173 Merge pull request #3 from Neo23x0/devel 
Rule review and cleanup
 2017-02-16 00:07:46 +01:00
Thomas Patzke
3821e59db1 Merge branch 'devel' into devel-sigmac 2017-02-15 23:57:33 +01:00
Thomas Patzke
88270fcf2d Rule review and cleanup 
* removed unnecessary one element lists from definitions
* converted some lists of one element maps to maps because the resulting
  OR linkage would cause wrong result.
 2017-02-15 23:53:08 +01:00
Thomas Patzke
980ed9c5c7 Moved YAML parsing in SigmaParser class 2017-02-13 23:31:42 +01:00
Thomas Patzke
1498d787e7 Added Sigma converter skeleton 
* YAML parsing
* argument parsing
* empty backend classes
 2017-02-13 23:28:53 +01:00
Florian Roth
193436c7fc Set theme jekyll-theme-slate 2017-02-13 14:42:42 +01:00
Florian Roth
c8c1a0f2b0 New Screenshot Section in README 2017-02-12 17:10:48 +01:00
Florian Roth
09def1fe2e New Screenshot - Suspicious Failed Logons from Single Source Workstation 2017-02-12 17:09:24 +01:00
Florian Roth
d54c094af0 New screenshot - Webshell detection with Sysmon 2017-02-12 16:43:13 +01:00
Florian Roth
a6173df0b9 LSASS Remote Thread Update 2017-02-12 16:33:09 +01:00
Florian Roth
d0999ce8da Screenshot Update 2017-02-12 16:32:52 +01:00
Florian Roth
406ee52398 Changed second screenshot 2017-02-12 15:54:05 +01:00
Florian Roth
04ea201817 New rules and cleanup 2017-02-12 15:50:39 +01:00
Florian Roth
0988aa3496 Screenshots - Rule Examples 2017-02-12 15:50:12 +01:00
Florian Roth
a2adb1ddb5 Renamed rule files, new rules 2017-02-10 19:17:02 +01:00
Thomas Patzke
97847a29de Moved network rules into rules directory 2017-02-08 12:43:50 +01:00
Thomas Patzke
a7c1409fc6 Added 'Network Scan' rule (#1) 
* Added possibility for multiple OR-linked conditions
 2017-02-08 12:41:32 +01:00
Florian Roth
1307a45fd5 Moved rules to a separate directory 2017-02-07 00:44:40 +01:00
Florian Roth
ee6cad91fb Update README.md 2017-02-07 00:24:37 +01:00
Florian Roth
a69c7e3cf7 Update README.md 2017-02-07 00:24:10 +01:00
Florian Roth
411cc8b7af Wiki title image 2017-02-06 20:04:51 +01:00
Florian Roth
03c0ea7aa2 README Update 2017-02-06 20:03:57 +01:00