valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 02:08:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,789 Commits 20 Branches 25 Tags 21 MiB
9143e89f3e
Commit Graph

1789 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Florian Roth
9143e89f3e Rule: renamed and reworked hacktool Ruler rule 2019-07-26 14:49:09 +02:00
Florian Roth
f3fb2b41b2 Rule: FP filters extended 2019-07-23 14:58:36 +02:00
Florian Roth
2c57b443e4 docs: modification date in rule 2019-07-17 09:21:35 +02:00
Florian Roth
de74eb4eb7
Merge pull request #400 from yugoslavskiy/win_susp_dhcp_config_failed_fix 
Win susp dhcp config failed fix
 2019-07-17 09:20:25 +02:00
Florian Roth
bf0179c0d5
Merge pull request #397 from neu5ron/patch-5 
prevent EventID collision for dhcp
 2019-07-17 09:17:05 +02:00
yugoslavskiy
e8b9a6500e author string modified 2019-07-17 07:02:59 +03:00
yugoslavskiy
a295334355 win_susp_dhcp_config_failed fixed 2019-07-17 07:01:58 +03:00
Nate Guagenti
e2050404bc
prevent EventID collision for dhcp 
This prevents EventID collision for this rule with other sources/logs that share the same EventIDs.
specifically a lot with Microsoft-Windows-Security-SPP
 2019-07-16 15:30:52 -04:00
Thomas Patzke
b20b42b9c9 Added breaking changes file 2019-07-14 00:24:32 +02:00
Thomas Patzke
5489f870cc
Merge pull request #393 from HacknowledgeCH/master 
Explicit OR for list elements
 2019-07-13 23:11:44 +02:00
Thomas Patzke
134bfebe57 Ignore "timeframe" detection keyword in "all/any of" conditions 
Fixes #395
 2019-07-13 00:35:35 +02:00
christophetd
576912eb7a Support OR queries for Elasticsearch 6 and above 2019-07-08 17:12:53 +02:00
Florian Roth
2b062a0de7
Merge pull request #389 from christophetd/patch-1 
Include Github raw URLs in suspicious downloads detection rule
 2019-07-05 16:54:09 +02:00
Christophe Tafani-Dereeper
5bc10a4855
Include Github raw URLs in suspicious downloads detection rule 2019-07-05 09:01:35 +00:00
Florian Roth
f7ba2b3976 fix: bug in sumologic backend with 'null' values 2019-07-02 22:31:10 +02:00
Florian Roth
0b883a90b6 fix: null value in separate expression 2019-07-02 20:14:45 +02:00
Florian Roth
f5a8a81ff7 fix: linux cmds rule 2019-07-02 15:22:26 +02:00
Florian Roth
ce43d600e3 fix: added null value / application to 4688 problem 2019-07-02 10:51:48 +02:00
Thomas Patzke
161965d14c Added version information to Winlogbeat configs 2019-06-30 22:44:12 +02:00
Thomas Patzke
66f7f5b516
Merge pull request #385 from herrBez/fix-beat-fieldnames 
Modified winlogbeat config to adhere to winlogbeat 7 field names
 2019-06-30 22:42:59 +02:00
Thomas Patzke
141c4f42f3
Merge pull request #383 from TareqAlKhatib/typos 
fixed typos
 2019-06-30 22:39:56 +02:00
herrBez
74021d53d8 Modified winlogbeat config to adhere to winlogbeat 7 field names breaking changes 
ref: https://www.elastic.co/guide/en/beats/libbeat/current/breaking-changes-7.0.html
 2019-06-30 12:13:21 +02:00
Tareq AlKhatib
15e2f5df5f fixed typos 2019-06-29 15:35:59 +03:00
Thomas Patzke
f4c8745cde Merge branch 'juju4-devel-sumo' 2019-06-29 00:12:25 +02:00
Thomas Patzke
6fab5d7f23 Improved testing and removed dead&debug code 2019-06-29 00:09:53 +02:00
Thomas Patzke
377872c91e Merge branch 'devel-sumo' of https://github.com/juju4/sigma into juju4-devel-sumo 2019-06-28 23:39:15 +02:00
Thomas Patzke
1cb84d0592
Merge pull request #381 from vburov/patch-6 
Added command that stops services.
 2019-06-28 23:33:54 +02:00
Thomas Patzke
a61ad9c9a6 Merge branch 'master' of https://github.com/Neo23x0/sigma 2019-06-28 23:32:37 +02:00
Thomas Patzke
c09c1c1b6e Merge branch 'sacx-master' 2019-06-28 23:31:09 +02:00
Thomas Patzke
0c7151c901 Watcher backend default options, refactoring and testing 2019-06-28 23:22:16 +02:00
Vasiliy Burov
2f123f64a7
Added command that stops services. 2019-06-28 19:46:34 +03:00
Adrian Constantin Stanila
feac0be8a4 Added 2 more actions on Elasticsearch X-pack Watcher: index and webhook 
Added timestamp filter query.
 2019-06-27 08:54:59 +03:00
Florian Roth
ad386474bf fix: removed unusable extensions in proc exec context 2019-06-26 17:03:01 +02:00
Florian Roth
708f3ef002 fix: fixed duplicate element in new double extension rule 2019-06-26 16:00:58 +02:00
Florian Roth
41dc076959 Rule: suspicious double extension 2019-06-26 15:57:25 +02:00
Thomas Patzke
0ea3a681df
Merge pull request #378 from cclauss/patch-1 
Use print() function in both Python 2 and Python 3
 2019-06-26 15:15:49 +02:00
cclauss
2cbefb208b
Use print() function in both Python 2 and Python 3 
Legacy __print__ statements are syntax errors in Python 3 but __print()__ function works as expected in both Python 2 and Python 3.

[flake8](http://flake8.pycqa.org) testing of https://github.com/Neo23x0/sigma on Python 3.7.1

$ __flake8 . --count --select=E9,F63,F72,F82 --show-source --statistics__
```
./contrib/sigma2sumologic.py:123:5: F821 undefined name 'parser_print_help'
    parser_print_help()
    ^
./contrib/sigma2sumologic.py:211:32: F821 undefined name 'r'
            f.write(json.dumps(r, indent=4, sort_keys=True) + " ERROR: %s\n\nQUERY: %s" % (e, sumo_query))
                               ^
./contrib/sigma2elastalert.py:165:32: E999 SyntaxError: invalid syntax
        print "Converting file " + file
                               ^
./tools/sigma/parser/collection.py:52:27: F821 undefined name 'SigmaCollectionParseError'
                    raise SigmaCollectionParseError("action 'repeat' is only applicable after first valid Sigma rule")
                          ^
1     E999 SyntaxError: invalid syntax
3     F821 undefined name 'parser_print_help'
4
```
__E901,E999,F821,F822,F823__ are the "_showstopper_" [flake8](http://flake8.pycqa.org) issues that can halt the runtime with a SyntaxError, NameError, etc. These 5 are different from most other flake8 issues which are merely "style violations" -- useful for readability but they do not effect runtime safety.
* F821: undefined name `name`
* F822: undefined name `name` in `__all__`
* F823: local variable name referenced before assignment
* E901: SyntaxError or IndentationError
* E999: SyntaxError -- failed to compile a file into an Abstract Syntax Tree
 2019-06-26 14:44:09 +02:00
Florian Roth
39b5eddfc7 Rule: Suspicious userinit.exe child process 2019-06-23 13:27:06 +02:00
juju4
654a009c9e sumologic backend: remove TypeError 2019-06-22 16:49:46 -04:00
juju4
559d0f4ba8 sumologic backend: force as string 2019-06-22 16:43:50 -04:00
juju4
2df0e9765c sumologic backend: pycodestyle review - E501 2019-06-22 16:41:57 -04:00
juju4
49533a5909 sumologic backend: pycodestyle review 2019-06-22 16:39:13 -04:00
juju4
84de12635e self.debug option, fix multiple keyvalue escapings/cleanValue, inline index for now 2019-06-22 16:19:45 -04:00
juju4
059957138d pycodestyle review, openpyxl, error at query generation=continue 2019-06-22 16:18:17 -04:00
juju4
a11d800353 Merge branch 'master' into devel-sumo 2019-06-22 09:18:23 -04:00
Florian Roth
26036e0d35 fix: fixed image in taskmgr rule 2019-06-21 17:15:53 +02:00
Thomas Patzke
ff7128209e Adjusted level 2019-06-20 00:03:48 +02:00
Thomas Patzke
5aecb6a5af Merge branch 'mgreen27-master' 2019-06-20 00:02:57 +02:00
Thomas Patzke
0f8849a652 Rule fixes 
* tagging
* removed spaces
* converted to generic log source
* typos/case
 2019-06-20 00:01:56 +02:00
Thomas Patzke
f4c86f15b8 Merge branch 'master' of https://github.com/mgreen27/sigma into mgreen27-master 2019-06-19 23:49:20 +02:00