SigmaHQ

mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 09:48:58 +00:00

Author	SHA1	Message	Date
tung12	1921e9dd89	Fix wild card and some escaped characters	2020-08-18 15:57:13 +07:00
tung12	172f7b371e	Change mapped Image to path	2020-08-17 15:05:44 +07:00
Dermott, Scott J	7e6828dd40	+ Adding Mitre Sub-Techniques and python update script to fetch latest Pre, Enterprise & Mobile Tactics and Techniques from Mitre CTI	2020-08-13 10:24:44 +01:00
Thomas Patzke	01125ffd3b	Fixed: Elastalert backend handling of conditional field mappings	2020-08-11 23:29:18 +02:00
bar	8352eefe22	STIX Support keywords (value without field)	2020-07-28 18:52:02 +03:00
bar	de475bb500	updated STIX mapping for more rule fields	2020-07-27 14:36:30 +03:00
bar	32cf352236	Merge remote-tracking branch 'upstream/master'	2020-07-26 14:56:06 +03:00
bar	9643e01b54	extension should use '..'	2020-07-26 12:16:48 +03:00
Thomas Patzke	dcb07bab2f	Merge pull request #949 from 0xballistics/powershell_backend_fix partial(?) fix of #762	2020-07-25 10:18:05 +02:00
Simran Soin	c329f6412d	Fix bug with NOT handling	2020-07-23 11:47:55 -04:00
Simran Soin	6c7b4cf408	Revert additional change in base.py	2020-07-23 10:47:22 -04:00
Simran Soin	ef9af3730a	Remove unnecessary edits from qradar.py	2020-07-23 10:34:29 -04:00
Simran Soin	0e49a6acdf	Default NOT to false for all functions	2020-07-23 10:18:16 -04:00
Simran Soin	0fac21f4a3	Remove modifications from base file and override in stix.py	2020-07-23 10:13:30 -04:00
Simran Soin	30ff22776a	Fix NOT bug	2020-07-23 09:41:33 -04:00
bar	5019f2f160	added mapping for stix web, cloud, linux	2020-07-22 21:41:46 +03:00
bar	0543ec1ae3	mapping update, removed unused fields	2020-07-21 19:49:26 +03:00
bar	83623f396c	Merge remote-tracking branch 'upstream/master'	2020-07-21 17:22:06 +03:00
bar	da30266c60	ImageLoaded mapping added	2020-07-21 17:21:14 +03:00
David Straßegger	875360f373	fixed wrong function call for elastalert aggregation. fixes #940	2020-07-20 14:32:30 +02:00
Florian Roth	ae05e8eb11	Merge pull request #935 from SanWieb/933-EventID-process_creation Revert "Ref #933 - Added windows Process Creation to config"	2020-07-16 14:32:19 +02:00
Sander	94272c7770	Revert "Ref #933 - Added windows Process Creation to config" This reverts commit `6c35a7afa0`.	2020-07-16 14:30:17 +02:00
Florian Roth	80e6e933a9	Merge pull request #934 from SanWieb/933-EventID-process_creation Proposed fix for #933	2020-07-16 13:38:12 +02:00
Sander	6c35a7afa0	Ref #933 - Added windows Process Creation to config	2020-07-16 13:16:57 +02:00
Aidan Bracher	e0476d5ce6	Merge branch 'master' of git://github.com/Neo23x0/sigma	2020-07-15 16:35:29 +01:00
Aidan Bracher	1e5ee5823c	Fix for indentation issue Wrong indentation of line 182 meant that even where config options were given, the default per backend was being used, rendering custom config useless.	2020-07-15 16:29:27 +01:00
Florian Roth	c7e412788a	Merge pull request #924 from Neo23x0/devel Live MITRE ATT&CK data from TAXI service in Test Scripts	2020-07-14 18:15:29 +02:00
Florian Roth	71e66ea9ba	refactor: tests use live data from MITRE's TAXI service	2020-07-14 17:54:02 +02:00
Pushkarev Dmitry	6c999df3b7	Added AppLocker log source	2020-07-13 20:48:06 +00:00
Pushkarev Dmitry	8e3f973e69	Added AppLocker log source	2020-07-13 20:46:49 +00:00
Pushkarev Dmitry	bdfb646228	Added AppLocker log source	2020-07-13 20:45:30 +00:00
Pushkarev Dmitry	364af53902	Added AppLocker log source	2020-07-13 20:44:03 +00:00
Pushkarev Dmitry	326cf05a74	Added AppLocker log source	2020-07-13 20:41:54 +00:00
Pushkarev Dmitry	46a6183745	Added AppLocker log source	2020-07-13 20:32:03 +00:00
Pushkarev Dmitry	a58e037509	Added AppLocker log source	2020-07-13 20:30:02 +00:00
Pushkarev Dmitry	7fb2e2b845	Added AppLocker log source	2020-07-13 20:29:13 +00:00
Pushkarev Dmitry	e376948258	Added AppLocker log source	2020-07-13 20:27:52 +00:00
Pushkarev Dmitry	0d925896b9	Added AppLocker log source	2020-07-13 20:23:42 +00:00
Pushkarev Dmitry	c30a256030	Added AppLocker log source	2020-07-13 20:21:46 +00:00
Pushkarev Dmitry	1da229e3a9	Added AppLocker log source	2020-07-13 20:20:28 +00:00
Pushkarev Dmitry	3a19e3cf23	Added AppLocker log source	2020-07-13 20:18:01 +00:00
bar	ca7cf8478d	- IntegrityLevel mapping to integritylevel	2020-07-08 19:37:24 +03:00
bar	8855a87dbf	- TargetProcessAddress mapping should be as startaddress mapping - remove extra '-'	2020-07-08 17:35:57 +03:00
bar	8889ae21ca	DestinationPort to network-traffic:dst_port mapping fix	2020-07-08 14:31:04 +03:00
bar	50ef79b398	Custom STIX object "x-sigma" for fields that missing mapping, so the pattern is STIX valid	2020-07-08 14:09:26 +03:00
Thomas Patzke	9bcff522b6	Merge branch 'master' of https://github.com/rashimo/sigma into pr-709	2020-07-07 23:12:03 +02:00
bar	acbab2db4b	stix backend + mapping configurations for windows logs and qradar	2020-07-07 15:04:16 +03:00
Florian Roth	c8ca55b3e4	fix: duplicate wrong old key	2020-07-06 17:14:59 +02:00
Florian Roth	cc31ed8b84	fix: missing NTLM log source in THOR	2020-07-06 17:07:06 +02:00
Thomas Patzke	939156fa6d	Introduced dns_query log source category	2020-07-05 23:29:51 +02:00

1 2 3 4 5 ...

775 Commits