SigmaHQ

mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 18:23:52 +00:00

Author	SHA1	Message	Date
Florian GAULTIER	e8a7c5f7b9	fix missing condition when unique plus timeframe	2019-05-27 17:22:28 +02:00
Thomas Patzke	84690280c5	Improved behavior on missing configuration Listing all configus usable with chosen backend	2019-05-24 22:41:47 +02:00
Thomas Patzke	194afa739f	Generate rule name for each condition In backends kibana and xpack-watcher. Fixes #329	2019-05-21 00:36:19 +02:00
Thomas Patzke	af0bd1b082	Removed debug code from backend option handling Additionally: code simplification	2019-05-21 00:21:52 +02:00
Thomas Patzke	7e163d71eb	Added option to use old URL in xpack-watcher backend	2019-05-21 00:01:21 +02:00
Thomas Patzke	4e63e925cf	Merge branch 'patch-1' of https://github.com/lliknart/sigma into lliknart-patch-1	2019-05-20 23:43:49 +02:00
Thomas Patzke	e271484eef	Load configurations via new config management	2019-05-20 00:27:35 +02:00
Thomas Patzke	3d20e0bc98	Sigma configuration management with listing Missing: * Use config by identifier	2019-05-17 09:13:59 +02:00
Thomas Patzke	71ff6bd943	Catch type errors in configuration handling	2019-05-16 23:34:44 +02:00
lliknart	f86342012a	Update elasticsearch.py From ElasticSearch 7.0, the URI to access to Watcher API changes Deprecation: [PUT /_xpack/watcher/watch/{id}] is deprecated! Use [PUT /_watcher/watch/{id}] instead.	2019-05-16 16:17:57 +02:00
Florian Roth	a6d2a5d79b	fix: more general fixes of the var type issue	2019-05-15 21:25:53 +02:00
Florian Roth	9f1bbb0a0d	fix: missing type check in WDATP backend	2019-05-15 21:20:20 +02:00
Thomas Patzke	526468bec3	Merge pull request #298 from christophetd/elastalert-allow-rules-without-http-post-url Allow generating Elastalert rules with the http_post alert type without specifying a URL at generation time	2019-05-10 00:31:33 +02:00
Thomas Patzke	a361664ed2	Merge pull request #318 from HacknowledgeCH/es-qs-not-parenthesis-fix Correct parenthesization for NOT expressions in the ES-QS backend	2019-05-10 00:14:29 +02:00
Thomas Patzke	eb022f3908	Conditional field mapping for null values Fixes #326	2019-04-25 23:24:05 +02:00
Thomas Patzke	cfb4f32651	Backend es-dsl tolerates rules without title and log source	2019-04-25 22:41:31 +02:00
Thomas Patzke	6918784e87	Configuration order checking	2019-04-23 00:54:10 +02:00
Thomas Patzke	d0bd8a2a41	Mandatory configuration for most backends	2019-04-22 23:40:21 +02:00
christophetd	4e16bbafa8	Correct parenthesization for NOT expressions in the ES-QS backend	2019-04-16 10:30:18 +02:00
christophetd	d32e5c10b8	Allow generating Elastalert rules with the http_post alert type without specifying a URL at generation time	2019-04-03 17:22:58 +02:00
Thomas Patzke	0419ff215a	Fixed quoting of single quotes in grep backend	2019-04-01 23:22:05 +02:00
Thomas Patzke	2dda9a7b77	Moved Sysmon schema XML from contrib directory into module	2019-03-16 00:59:29 +01:00
Thomas Patzke	5e973a6321	Fixes and CI testing of --backend-config	2019-03-15 23:46:38 +01:00
Thomas Patzke	0864d05aa5	Merge branch 'backend-config-file' of https://github.com/christophetd/sigma into christophetd-backend-config-file	2019-03-15 23:35:11 +01:00
Thomas Patzke	3f7e08733a	Added backend option 'sysmon' for ala backend	2019-03-15 23:26:15 +01:00
Thomas Patzke	8d1723e65c	Merge branch 'master' of https://github.com/tuckner/sigma into tuckner-master	2019-03-15 23:06:08 +01:00
John Tuckner	a1ba04aec8	modified process creation logic	2019-03-08 00:01:43 -06:00
Thomas Patzke	a429f09cc1	Merge branch 'elastalert-alert-types' of https://github.com/christophetd/sigma into christophetd-elastalert-alert-types	2019-03-07 23:54:05 +01:00
tuckner	e9ddd933f8	more fixes for process creation	2019-03-07 16:28:35 -06:00
John Tuckner	5a64f572e3	update	2019-03-07 10:32:59 -06:00
John Tuckner	283bd278f4	added eventid to sysmon process creation	2019-03-05 20:58:23 -06:00
John Tuckner	971bd49071	accomodated process creation and slash escapes	2019-03-05 20:50:30 -06:00
tuckner	cf186387af	Added schema file checking	2019-03-04 11:53:51 -06:00
tuckner	c5796d7853	Added Azure Log Analytics backend	2019-03-04 10:49:50 -06:00
tuckner	8179d182c4	added azure log analytics	2019-03-04 10:44:45 -06:00
Thomas Patzke	c922f7d73f	Merge branch 'master' into project-1	2019-02-26 00:24:46 +01:00
christophetd	1a6faf385c	Add HTTP POST alert type to the Elastalert backend	2019-02-23 14:12:14 +01:00
christophetd	3a7160d52b	Accept backend options from a configuration file (closes #213 )	2019-02-23 13:20:20 +01:00
Thomas Patzke	9ef314486e	Grep backend escapes +	2019-02-19 14:49:06 +01:00
Thomas Patzke	01dfc23a26	Merge pull request #234 from juju4/devel-sumo Sumologic support update	2019-02-09 23:54:23 +01:00
juju4	4429d7564f	remove 'escape' of '_' - not needed	2019-02-09 12:57:43 -05:00
juju4	a815b7eb9b	add custom cleanValue function for wildcards in keyvalue: OK with lists, NOK with string	2019-02-09 12:57:07 -05:00
sisecbe	5d94b9f0bc	Changed stats to eventstats Changed 'stats' to 'eventstats' when using aggregation, this keeps the original data of the event in the result.	2019-02-05 17:36:46 +01:00
sisecbe	2f5eb08b41	Adapt count function when aggfield not present When no field is present, use "count" , when field is present use "dc(field)". As described in the Sigma specifications. Splunk throws errors when using "count()" with empy fields. use "count" instead.	2019-02-05 15:44:05 +01:00
juju4	7d159fb980	sumologic backend: review with inspiration from arcsight	2019-02-03 12:53:58 -05:00
Thomas Patzke	6215a694a8	Remove escaping from '\\*' in es-dsl backend	2019-02-02 23:51:11 +01:00
Thomas Patzke	8a0784ad33	Fixed escaping of \\*	2019-02-02 00:18:58 +01:00
Thomas Patzke	2fd88c837d	Added generic sigma rule support to WDATP backend * Process creation rules	2019-01-14 23:54:05 +01:00
Thomas Patzke	4e83bfeb16	Fixed merge bugs	2019-01-14 22:54:26 +01:00
Thomas Patzke	a9cf14438c	Merge branch 'master' into project-1	2019-01-14 22:36:15 +01:00

1 2 3 4 5

207 Commits