valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 01:45:21 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
3,367 Commits 20 Branches 25 Tags 21 MiB
f3fedef8f5
Commit Graph

678 Commits

Author SHA1 Message Date
Florian Roth
f3fedef8f5 Changed category names and remove sysmon log source 2020-06-24 17:41:21 +02:00
Steven Goossens
423baafa2a Added rules for different sysmon categories and added the category definition 2020-06-10 15:02:15 +02:00
Florian Roth
565febd39d README updated 2020-06-09 23:25:09 +02:00
Nate Guagenti
f4fe425fa7 update readme for some analyzed field and keyword field examples 2020-06-09 16:53:50 -04:00
Nate Guagenti
117ceac492 moved file to ecs-zeek-elastic-beats-implementation.yml 2020-06-09 08:56:01 -04:00
Florian Roth
94b90adf10 docs: move Sigmac help from Wiki to repo 2020-06-07 12:18:37 +02:00
Thomas Patzke
7d70cd95a4 Deduplicated backend list 2020-06-06 01:03:02 +02:00
Thomas Patzke
fb9855bd3b Added description to es-rule backend 2020-06-06 01:02:44 +02:00
Thomas Patzke
1d211565fc Moved backend options list to --backend-help 2020-06-06 00:56:00 +02:00
Thomas Patzke
c992dc5215 Improved test coverage 2020-06-05 23:33:51 +02:00
Thomas Patzke
5d88d97c73 Merge branch 'improvements/improved_mdatp_mappings' of https://github.com/wietze/sigma into wietze-improvements/improved_mdatp_mappings 2020-06-05 23:03:52 +02:00
Jonas Plum
3a6ac5bd5c Remove unused function 2020-05-30 01:57:06 +02:00
Jonas Plum
70935d26ce Add license header 2020-05-29 23:56:05 +02:00
Jonas Hagg
dedfb65d63 Implemented Aggregation for SQL, Added SQLite FullTextSearch 2020-05-25 11:58:55 +02:00
Thomas Patzke
daf7ab5ff7 Cleanup: removal of corelight_* backends 2020-05-24 22:41:38 +02:00
Thomas Patzke
d45f8e19fe Fixes 2020-05-24 21:46:55 +02:00
Thomas Patzke
32e4998c49 Removed dead code from ALA backend. 2020-05-24 21:45:37 +02:00
Thomas Patzke
24b08bbf30 Merge branch 'master' of https://github.com/socprime/sigma into socprime-master 2020-05-24 17:06:32 +02:00
Thomas Patzke
8d9b706d6a
Merge pull request #727 from 3CORESec/master 
Override Features
 2020-05-20 19:11:56 +02:00
vh
e8b956f575 Updated config 2020-05-20 12:35:00 +03:00
neu5ron
9e272d37b7 zeek category update and minor field updates 2020-05-19 05:02:45 -04:00
neu5ron
177f0a783b winlogbeat forward (at a snails pace) ECS field names 2020-05-19 04:58:51 -04:00
Tiago Faria
2893becf8c Merge remote-tracking branch 'upstream/master' 2020-05-14 14:02:20 +01:00
Remco Hofman
37b08543ac Updated author reference in license 2020-05-11 11:47:56 +02:00
vh
fb9c5841f4 Added Humio, Crowdstrike, Corelight 2020-05-08 13:41:52 +03:00
Remco Hofman
dc96b7ffb3 Removed dependency on slugify 2020-05-08 11:40:16 +02:00
Remco Hofman
c5be83eb01 Added ee-outliers backend 2020-05-08 10:18:35 +02:00
Thomas Patzke
3b96b5e497
Merge pull request #723 from neu5ron/socprime_add_zeek_and_corelight 
sigmacs for Zeek and Corelight(Zeek)
 2020-05-06 23:22:14 +02:00
Remco Hofman
24029a8f27 Fix for broken endswith modifier 2020-05-06 17:10:54 +02:00
pdr9rc
31ad81874f capitalized titles 
corrected capitalization of titles and removed literals from config
 2020-05-05 11:32:18 +01:00
pdr9rc
aa175a7d5b wip 
wip
 2020-05-04 18:02:27 +01:00
pdr9rc
dd9e128a15 kibana target update 
kibana target now compatible with overrides
 2020-05-04 17:35:12 +01:00
pdr9rc
b32093e734 Merge remote-tracking branch 'upstream/master' 
Keeping up with the sigmas.
 2020-05-04 17:26:51 +01:00
pdr9rc
b3194e66c4 Update base.py 2020-05-04 16:37:36 +01:00
Wietze
2b3828730c Reversed disabling FileDelete 2020-05-02 17:31:50 +01:00
Wietze
e5574e07f2 Disabled FileDelete event (Sysmon 11 - no rules available yet) 2020-05-02 16:21:56 +01:00
Wietze
5abf4cbea9 Reordered fields 2020-05-02 14:46:55 +01:00
Wietze
661108903b Minor consistency fix 2020-05-02 14:37:37 +01:00
Wietze
46737cbfd3 Improved Microsoft ATP mapping, using Advanced Hunting Schema 
See https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference
 2020-05-02 14:31:02 +01:00
neu5ron
cbe5af01a1 on behalf of @socprime [SOC Prime Inc.](https://my.socprime.com/en/tdm/) 
add a total of 5 sigmac's (sigma configs) for 3 different backends. full git message to follow in PR.
 2020-05-02 07:23:11 -04:00
Thomas Patzke
2fafff3278 Fixed: escaping of backslashes before added * 
Fixes issue #722.
 2020-05-02 00:13:15 +02:00
pdr9rc
bc0a2c7ab9 wip 
wip
 2020-05-01 19:20:05 +01:00
pdr9rc
98391f985a wip 
wip
 2020-04-30 15:19:38 +01:00
Tiago Faria
dfdb5b9550
better description and event.outcome 2020-04-29 23:59:26 +01:00
pdr9rc
ac4a2b1f26 wip 
wip
 2020-04-29 22:55:46 +01:00
pdr9rc
9ce84a38e5 overrides section support + one example rule + cloudtrail config 
ditto
 2020-04-29 20:36:45 +01:00
Thomas Patzke
1c5c8047fd Fixes 
* Removed commented debug print statements
* Defined nullExpression
* Removed unneeded generateMapItemNode method
* Value cleaning bug on matching of wildcard at first character
 2020-04-08 23:43:46 +02:00
Thomas Patzke
3277cec7aa Reverted list sorting 
This was already implemented meanwhile in a previous commit.
 2020-04-08 23:23:44 +02:00
Thomas Patzke
cf896c3093 Merge branch 'master' of https://github.com/abhikhnvasara/sigma into pr-630 2020-04-08 23:16:39 +02:00
Thomas Patzke
551a94af04 Merge branch 'master' of https://github.com/tileo/sigma into pr-658 2020-04-08 22:43:48 +02:00