valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-06 17:35:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
8,200 Commits 20 Branches 25 Tags 21 MiB
ada966c5be
Commit Graph

1136 Commits

Author SHA1 Message Date
Thomas Patzke
b4f52d9cfb Windows index in Splunk example configuration 2017-03-17 23:30:11 +01:00
Thomas Patzke
b865a858aa Generation of conditions for configured indices 2017-03-17 23:28:06 +01:00
Florian Roth
dc00baacda Splunk Windows Configuration Example 2017-03-17 10:00:56 +01:00
Thomas Patzke
d2a9a91175 Log source conditions are integrated in generated expressions 
Indices not yet included
 2017-03-14 23:22:32 +01:00
Thomas Patzke
52d7e9fc07 Parsing log sources in configuration files 2017-03-12 23:12:21 +01:00
Thomas Patzke
12e825783b Merge branch 'master' into devel-sigmac 2017-03-11 23:49:56 +01:00
Thomas Patzke
63e23af63c Merge branch 'devel-sigmac-config' into devel-sigmac 2017-03-11 23:49:41 +01:00
Florian Roth
ad9f73a178 Merge branch 'devel-sigmac' 2017-03-07 10:49:03 +01:00
Florian Roth
b93379a6a9 Config example: sysmon / logstash index 2017-03-07 10:09:43 +01:00
Florian Roth
cd445f8ae9 Bugfix: non-recursive list not pathlib.Path elements but strings 2017-03-07 09:41:46 +01:00
Thomas Patzke
dae88fbcfa Error and warning messages are printed to stderr 2017-03-06 23:01:33 +01:00
Thomas Patzke
d1030ec053 Fieldlist backend 
Lists all fields used in given rules.
 2017-03-06 22:47:30 +01:00
Thomas Patzke
05df298d45 Field mappings 2017-03-06 22:07:04 +01:00
Thomas Patzke
6ddc15c972 Merge branch 'devel-sigmac' into devel-sigmac-config 2017-03-06 21:32:58 +01:00
Thomas Patzke
896b8fb56e Finished path recursion 2017-03-06 21:26:56 +01:00
Florian Roth
da6c5c19ae Update README.md 2017-03-06 09:37:44 +01:00
Florian Roth
362ff157ba Update README.md 2017-03-06 09:37:31 +01:00
Florian Roth
df39dee702 Sigmac recursive feature 2017-03-06 09:36:24 +01:00
Thomas Patzke
8864647e04 Parsing of sigmac configuration files 
* field mappings
* log sources
 2017-03-05 23:44:52 +01:00
Thomas Patzke
f092333bb4 Sigmac configuration parsing 2017-03-05 00:56:45 +01:00
Thomas Patzke
4aaa22fd6d Made not implemented sigmac features obvious 
* added notes to help message
* error if not implemented option is used
 2017-03-04 23:36:46 +01:00
Florian Roth
47bfe82cc4 Splunk specifics 2017-03-04 10:37:40 +01:00
Florian Roth
9971192bff Create README.md 2017-03-03 13:45:55 +01:00
Florian Roth
b984d83685 Typo in help text 2017-03-03 12:47:20 +01:00
Thomas Patzke
8f3541f0a0 Added Splunk backend 2017-03-02 23:34:12 +01:00
Thomas Patzke
2dd1c7cd12 Deactivated not implemented backends 2017-03-02 22:55:45 +01:00
Thomas Patzke
9556e73cd1 Fix: automatic escaping of * and ? in es-qs backend removed 2017-03-02 12:07:07 +01:00
Thomas Patzke
10ee9c64fe Moved node output into dedicated backend class methods 2017-03-01 21:47:51 +01:00
Thomas Patzke
0d470af0e7 Set sigmac default backend to 'es-qs' 2017-03-01 09:40:51 +01:00
Thomas Patzke
e0f813ebbb Conversion to Elasticsearch Query Strings 
First version of sigmac that converts Sigma YAMLs without aggregations
into ES Query Strings suitable for Kibana or other tools.
 2017-03-01 00:03:34 +01:00
Thomas Patzke
58f2118ef4 Parsing of search expressions 
* Tokenization
* Building a parse tree
* Aggregations not yet implemented
 2017-02-24 23:36:19 +01:00
Thomas Patzke
ec9f42410a Intermediate backup state: Parsing of most conditions 
* Conditions with parentheses cause exceptions
 2017-02-22 22:43:35 +01:00
Thomas Patzke
0543ef7e75 sigmac: Condition Tokenizer 2017-02-16 23:58:44 +01:00
Thomas Patzke
ce43dce7ef Parsing of detections 
Transformation of detections into internal data structures. Parsing must
be changed later to on-demand parsing because condition can change
default behavior of lists.
 2017-02-16 00:40:08 +01:00
Thomas Patzke
980ed9c5c7 Moved YAML parsing in SigmaParser class 2017-02-13 23:31:42 +01:00
Thomas Patzke
1498d787e7 Added Sigma converter skeleton 
* YAML parsing
* argument parsing
* empty backend classes
 2017-02-13 23:28:53 +01:00