valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 09:48:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
6,593 Commits 20 Branches 25 Tags 21 MiB
b055879ec5
Commit Graph

24 Commits

Author SHA1 Message Date
Florian Roth
ba94b8396c config: thor - powershell classic 2021-07-02 14:14:48 +02:00
Florian Roth
63f3fd7e73 config: add PrintService Operational 2021-07-01 09:55:15 +02:00
Florian Roth
a49bfb14dd refactor: Admin log - not Operational 2021-06-30 14:22:40 +02:00
Florian Roth
26cfbb9c34 config: mapping for Microsoft SMBClient service - security 2021-06-30 14:16:26 +02:00
Florian Roth
8262a1d98b config: mappings for Microsoft print service 2021-06-30 14:09:44 +02:00
Florian Roth
2f12c5c540 fix: too broad definition of *.log on linux 2021-05-03 17:04:55 +02:00
Max Altgelt
7c8cca744f
chore: Revert log file changes for THOR sigma configuration 
Revert recent changes for Windows / Linux .log files for THOR
because of massive performance impacts.
 2021-04-28 17:48:17 +02:00
Max Altgelt
de2cedf213
fix: Distinguish Windows and Linux logfiles by path separator 
A previous commit added a log source detailing *.log files with
product: linux. This caused linux specific Sigma rules to apply to
all *.log file, including those on Windows. To distinguish these
cases, expand the file path pattern to include the typical start
for unix / windows paths ( / vs [A-Z]:\ )
 2021-04-28 11:45:19 +02:00
Florian Roth
d766c12888 feat: generic categories - thor config 2021-04-23 17:47:09 +02:00
phantinuss
95fa99b4a3
search generic log files for product: linux 2021-04-23 12:00:48 +02:00
Florian Roth
e47ee24889
Merge branch 'master' into rule-devel 2021-03-20 08:52:55 +01:00
Florian Roth
9e287a1b89 feat: MSExchange Management log mapping 2021-03-20 08:49:59 +01:00
Codehardt
6d626456f2 fix: syntax error in THOR's config file 2021-03-17 11:49:50 +01:00
Florian Roth
11c216629b fix: thor sources for applocker with wrong prefix 2021-01-07 12:27:37 +01:00
Pushkarev Dmitry
0d925896b9 Added AppLocker log source 2020-07-13 20:23:42 +00:00
Florian Roth
c8ca55b3e4 fix: duplicate wrong old key 2020-07-06 17:14:59 +02:00
Florian Roth
cc31ed8b84 fix: missing NTLM log source in THOR 2020-07-06 17:07:06 +02:00
Thomas Patzke
43e5ae5d24 Added Windows NTLM log source + fixes 2020-07-02 23:20:36 +02:00
Thomas Patzke
991108e64d Further proxy field name fixes (config + rules) 2019-12-07 00:23:30 +01:00
Florian Roth
e2628d6df6 fix: wrong mapping on thor.cfg 2019-11-11 09:20:20 +01:00
Thomas Patzke
11ed7e7ef8 Check for valid configuration/backend combinations 2019-05-20 01:00:33 +02:00
Thomas Patzke
36aeb19721 Added title to all configurations 2019-05-16 23:33:51 +02:00
Codehardt
8cf505fcb3 Accidentally removed windows-dhcp logsource in spark's config file 2019-04-25 08:23:48 +02:00
Codehardt
79f7edb6b4 Added logsources for generic sigma rules to spark config, renamed spark config to thor config 2019-04-25 08:15:50 +02:00