valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 17:58:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
242 Commits 20 Branches 25 Tags 21 MiB
a22fe58ac9
Commit Graph

18 Commits

Author SHA1 Message Date
Thomas Patzke
a22fe58ac9 Aggregation support for Splunk backend 2017-03-29 23:18:47 +02:00
Thomas Patzke
b62de742d7 Aggregation expression parsing 2017-03-29 23:17:43 +02:00
Thomas Patzke
c978e19d88 Conditional field mappings 2017-03-25 00:21:44 +01:00
Thomas Patzke
a4465ce844 Added 1:n field mapping 
MultiFieldMapping
 2017-03-24 00:58:11 +01:00
Thomas Patzke
5009794591 Changes to field mappings 
* Introduced field mapping objects
* moved mapping from backends into parse tree generation
  (SigmaParser.parse_definition)
 2017-03-24 00:48:32 +01:00
Florian Roth
f34156138f Bugfix - Index 2017-03-18 13:57:42 +01:00
Thomas Patzke
b865a858aa Generation of conditions for configured indices 2017-03-17 23:28:06 +01:00
Thomas Patzke
d2a9a91175 Log source conditions are integrated in generated expressions 
Indices not yet included
 2017-03-14 23:22:32 +01:00
Thomas Patzke
52d7e9fc07 Parsing log sources in configuration files 2017-03-12 23:12:21 +01:00
Thomas Patzke
05df298d45 Field mappings 2017-03-06 22:07:04 +01:00
Thomas Patzke
8864647e04 Parsing of sigmac configuration files 
* field mappings
* log sources
 2017-03-05 23:44:52 +01:00
Thomas Patzke
f092333bb4 Sigmac configuration parsing 2017-03-05 00:56:45 +01:00
Thomas Patzke
e0f813ebbb Conversion to Elasticsearch Query Strings 
First version of sigmac that converts Sigma YAMLs without aggregations
into ES Query Strings suitable for Kibana or other tools.
 2017-03-01 00:03:34 +01:00
Thomas Patzke
58f2118ef4 Parsing of search expressions 
* Tokenization
* Building a parse tree
* Aggregations not yet implemented
 2017-02-24 23:36:19 +01:00
Thomas Patzke
ec9f42410a Intermediate backup state: Parsing of most conditions 
* Conditions with parentheses cause exceptions
 2017-02-22 22:43:35 +01:00
Thomas Patzke
0543ef7e75 sigmac: Condition Tokenizer 2017-02-16 23:58:44 +01:00
Thomas Patzke
ce43dce7ef Parsing of detections 
Transformation of detections into internal data structures. Parsing must
be changed later to on-demand parsing because condition can change
default behavior of lists.
 2017-02-16 00:40:08 +01:00
Thomas Patzke
980ed9c5c7 Moved YAML parsing in SigmaParser class 2017-02-13 23:31:42 +01:00