valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 09:48:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
7,647 Commits 20 Branches 25 Tags 21 MiB
ac90ee0002
Commit Graph

1100 Commits

Author SHA1 Message Date
frack113
086a15fc45 Update global ID 2021-09-02 20:07:03 +02:00
Thomas Patzke
51bc036dbf
Merge pull request #1921 from roysjosh/azure-sentinel-arm-output 
Azure Sentinel support
 2021-09-01 22:26:42 +02:00
Thomas Patzke
3d6ad1bc0f
Merge pull request #1944 from ncrqnt/elastic-subtechniques 
[Elastic] Add support for authors and subtechniques
 2021-09-01 22:25:10 +02:00
neu5ron
96c7e180fe Merge branch 'master' of https://github.com/SigmaHQ/sigma into qoutes_and_wildcards 
Signed-off-by: neu5ron <neu5ron@users.noreply.github.com>
 2021-08-30 16:33:33 -04:00
neu5ron
61897fa2e0 Merge branch 'master' of https://github.com/SigmaHQ/sigma into qoutes_and_wildcards 
Signed-off-by: neu5ron <neu5ron@users.noreply.github.com>
 2021-08-30 16:06:58 -04:00
Nico
00dec96245 Add support for subtechniques 2021-08-30 08:45:21 +02:00
Nico
5f271bf334 add author field to elastic rule 2021-08-30 08:29:07 +02:00
frack113
5f1143247b Update "sigmac -l" message 2021-08-28 08:51:58 +02:00
frack113
6aae623f45 Remove duplicate file 2021-08-28 08:42:02 +02:00
David Hazekamp
cc6e4381b2
feat(backend): introducing lacework backend 
Adding authors
Removing todo
 2021-08-26 14:12:47 -05:00
David Hazekamp
a5d175fbf7
feat(backend): introducing lacework backend 2021-08-26 14:05:44 -05:00
Joshua Roys
294bb432d0 Add Azure Sentinel backend 
The web interface expects ARM templates.
 2021-08-24 16:01:23 -04:00
Joshua Roys
829117ca7f Allow ints as values in ALA backend 
Without this, LogonType set as an int caused sigmac to abort the rule.
 2021-08-24 16:00:08 -04:00
Joshua Roys
93be8471ec Fix tactics/techniques in ALA backend 2021-08-24 15:58:21 -04:00
Thomas Patzke
3396d72d81
Merge pull request #1887 from frack113/fix_NodeSubexpression_len 
fix sigmac error "has no len()"
 2021-08-22 12:11:16 +02:00
Thomas Patzke
cbf1fd213b
Merge pull request #1856 from theoguidoux/sql-sqlite-fields-selection 
[Ready] SQL & SQLite rule fields selection
 2021-08-22 12:09:07 +02:00
Thomas Patzke
b97a47c32a
Merge pull request #1895 from frack113/fix_sigma2attack.py 
sigma2attack.py fix yaml error
 2021-08-22 12:05:54 +02:00
frack113
7cd71b2240 fix yaml error 2021-08-22 08:57:07 +02:00
Austin Songer
579a80411d
Update m365.yml 2021-08-21 15:03:31 -05:00
Austin Songer
645492cef5
Update m365.yml 
just working on expanding this.
 2021-08-21 14:57:38 -05:00
frack113
f6fe5e7d02 fix when backend support error 2021-08-20 13:58:57 +02:00
frack113
4e895da471 fix error "has no len()" 2021-08-20 09:20:56 +02:00
Austin Songer
e6457531dd
Create m365.yml 2021-08-20 00:29:29 -05:00
frack113
08324a5a56
Merge pull request #1875 from frack113/fix_sigma_similarity 
sigma_similarity fix start errors
 2021-08-19 14:16:52 +02:00
frack113
2cdab46ee4 fix start errors 2021-08-19 09:37:00 +02:00
Austin Songer
e039f91272 Spelling 2021-08-18 19:00:57 +00:00
Theo Guidoux
2a3acd7d11
add selection flag for backward compatibility 2021-08-16 19:32:54 +02:00
Theo Guidoux
c1876b9ff6
add fields from rules to query + sqlite 2021-08-16 13:33:43 +02:00
Theo Guidoux
16269c0d63
cleaner default value handling 2021-08-16 10:47:05 +02:00
Theo Guidoux
40018eef7f
edit help + case where 'select=' 2021-08-16 10:44:01 +02:00
Thomas Patzke
5c4fd3a122 Release 0.20 2021-08-14 00:25:12 +02:00
Thomas Patzke
607724278a
Merge pull request #1580 from codyswanson4:master 
Update Elasticsearch Watcher backend to populate name column in Kibana
 2021-08-13 23:33:47 +02:00
Thomas Patzke
f9c9f73b09
Merge pull request #1772 from eocete-devo:master 
[Devo backend] Added support for multicondition rules using Devo subqueries
 2021-08-13 23:30:04 +02:00
Thomas Patzke
32400e5d55
Merge pull request #1785 from theoguidoux:theoguidoux/sql-backend-field-selection 
Add fields selection to sql backend option
 2021-08-13 23:29:24 +02:00
Thomas Patzke
62a53ca895
Merge pull request #1835 from wietze:fix/mdatp/linux_support 
Enabling Linux/macOS support on MDATP
 2021-08-13 23:28:06 +02:00
Wagga
4d53e4b040
Merge branch 'master' into master 2021-08-12 22:49:11 +02:00
Thomas Patzke
1b215e3aaf
Merge pull request #1828 from wietze/optimisation/nesting_reduction 
Optimising lists/subexpressions with only one item
 2021-08-12 22:41:17 +02:00
Thomas Patzke
8694afe023
Merge pull request #1779 from frack113/elastalert 
Fix elastalert multi output file
 2021-08-12 22:40:36 +02:00
frack113
62e541ec7f
Merge pull request #1784 from frack113/winlogbeat-modules-enabled 
Update Mapping Winlogbeat modules enabled
 2021-08-12 19:14:17 +02:00
Wietze
17595e2443
Enabling Linux/macOS support on MDATP, fixing incorrect parent cmd mappings 2021-08-12 18:07:13 +01:00
wagga40
13a3e78184 Fix options : removed "raw" 2021-08-12 15:54:02 +02:00
wagga40
cbb03db2dd Fix the way YAML is dumped 2021-08-12 15:28:45 +02:00
wagga40
c165783fff Add an option to enhance default output by choosing fields 
Add an option to output in JSON or YAML
 2021-08-12 15:26:46 +02:00
Florian Roth
80e686994c
Merge pull request #1824 from frack113/add_list_test_warning 
Sigma Schema add new Attribute and test
 2021-08-12 12:18:29 +02:00
Wietze
7ba375dea0
Optimising lists/subexpressions with length 1 
Should reduce brackets on some output targets
 2021-08-11 18:00:09 +01:00
frack113
f4268d8054
Merge pull request #1707 from heyibrahimkhan/patch-6 
Create ala-suricata.yml
 2021-08-11 15:55:44 +02:00
frack113
5e5ac8479c Add tlp and target Attribute 2021-08-11 14:26:20 +02:00
Thomas Patzke
3dea956812
Merge pull request #1789 from frack113/fix_issue_1771 
add hash_normalise option for ElasticsearchWildcardHandlingMixin
 2021-08-11 08:21:43 +02:00
frack113
e43b917dab fix space error 2021-08-10 17:35:32 +02:00
frack113
6b21a881ca
Merge pull request #1700 from heyibrahimkhan/patch-5 
Create ala-azure-aws_cloudtrail.yml
 2021-08-09 10:21:34 +02:00