valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-06 17:35:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
8,092 Commits 20 Branches 25 Tags 21 MiB
f673eb413e
Commit Graph

112 Commits

Author SHA1 Message Date
Thomas Patzke
6fab5d7f23 Improved testing and removed dead&debug code 2019-06-29 00:09:53 +02:00
Thomas Patzke
0c7151c901 Watcher backend default options, refactoring and testing 2019-06-28 23:22:16 +02:00
Thomas Patzke
67707b6c82 Added test for new elastalert-dsl backend 2019-05-30 22:38:12 +02:00
Thomas Patzke
11ed7e7ef8 Check for valid configuration/backend combinations 2019-05-20 01:00:33 +02:00
Thomas Patzke
e271484eef Load configurations via new config management 2019-05-20 00:27:35 +02:00
Thomas Patzke
6918784e87 Configuration order checking 2019-04-23 00:54:10 +02:00
Thomas Patzke
d0bd8a2a41 Mandatory configuration for most backends 2019-04-22 23:40:21 +02:00
Thomas Patzke
5e973a6321 Fixes and CI testing of --backend-config 2019-03-15 23:46:38 +01:00
Thomas Patzke
3f7e08733a Added backend option 'sysmon' for ala backend 2019-03-15 23:26:15 +01:00
Thomas Patzke
8d1723e65c Merge branch 'master' of https://github.com/tuckner/sigma into tuckner-master 2019-03-15 23:06:08 +01:00
Thomas Patzke
6d97c6d0bb Extended elastalert CI testing 2019-03-08 00:04:43 +01:00
John Tuckner
1182ee2de2 added ala to makefile 2019-03-07 10:43:22 -06:00
Thomas Patzke
c922f7d73f Merge branch 'master' into project-1 2019-02-26 00:24:46 +01:00
Thomas Patzke
3c7f46a6cd Added rule test to CI testing 2019-01-23 23:31:36 +01:00
Thomas Patzke
a9cf14438c Merge branch 'master' into project-1 2019-01-14 22:36:15 +01:00
Thomas Patzke
b520897176 Added CI testing for SumoLogic backend 2018-12-10 22:36:08 +01:00
Thomas Patzke
1118b80288 Added elastalert backend to CI testing 2018-11-29 00:00:00 +01:00
Thomas Patzke
6b8ddd6ac0 Added CI test for NetWitness backend 2018-11-07 22:36:34 +01:00
Thomas Patzke
42ed8acec9 Improved test coverage 
* Adding tests
* Removal of coverage measurement for debugging code
 2018-11-04 23:28:40 +01:00
Thomas Patzke
0fd8b986fd Added CI tests 2018-10-18 16:14:16 +02:00
Thomas Patzke
5609728a8a included XPack Watcher JSON output in CI tests 2018-10-18 14:56:21 +02:00
Thomas Patzke
44ff9d154e Increased test coverage for mapping corner cases 2018-10-16 14:53:12 +02:00
Thomas Patzke
a61b3d352a Added test cases 
* Generic log sources
* Splunk index queries
 2018-10-15 15:24:18 +02:00
Daniel Roethlisberger
85ad10d558 Use mktemp if tempfile is not available, fixes make for macOS 2018-10-02 22:17:03 +02:00
Florian Roth
14337a2aac Tests: PowerShell backend tests 2018-09-24 13:23:38 +02:00
Thomas Patzke
13e41f29d6 Added CI test for tag filtering 2018-09-06 01:05:31 +02:00
Thomas Patzke
91e6b8ca6b Merging refactoring changes into master 2018-07-22 09:23:07 +02:00
Thomas Patzke
c8e21b3f24 Fixing after split 
* Fixing imports
* Discovery in new sub modules
 2018-07-21 01:09:02 +02:00
Thomas Patzke
52e4910ab6 Added QRadar backend to CI testing 2018-07-17 22:56:31 +02:00
Thomas Patzke
0bacba05aa Added backend 'splunkxml' to CI tests 2018-07-02 23:20:02 +02:00
Thomas Patzke
7d1b801858 Merge branch 'devel-sigmac-wdatp' 2018-06-22 00:43:23 +02:00
Thomas Patzke
d8e036f737 sigmac: Parameter for ignoring "not supported" errors 
Used to pass tests with complete rule set that would fail for backends
which target systems don't support required features.
 2018-06-22 00:23:59 +02:00
Thomas Patzke
31727b3b25 Added Windows Defender ATP backend 
Missing:
* Aggregations
 2018-06-22 00:03:10 +02:00
Thomas Patzke
dbc25b6bfa Integrated Qualys backend to CI testing 2018-06-07 23:33:47 +02:00
Thomas Patzke
f6d5e5dd99 Sigmac parameter -I now ignores all backend errors 
New backends introduced further exceptions and the intention of -I is to
get a successful run.
 2018-06-07 23:33:12 +02:00
Thomas Patzke
ce9db548ff Integration of ArcSight backend 
* Rename
* Changed description to one line to beautify output of backend list
* Small bugfix in handling of numeric values
 2018-06-07 23:04:36 +02:00
Thomas Patzke
21040f04cc Added CI test for Graylog backend 2018-05-18 15:53:25 +02:00
Thomas Patzke
de2ed08695 Merge branch 'ci-es' 2018-05-01 00:34:11 +02:00
Thomas Patzke
aeda30a389 Python rewrite of es-qs query test 2018-04-11 23:59:44 +02:00
milkmix
0b3b0c3aaf imported es-dsl code from repo 2018-04-06 17:36:11 +02:00
Thomas Patzke
24d94d39b8 CI: Testing backend es-qs against Elasticsearch 2018-04-04 00:32:48 +02:00
Thomas Patzke
d8bd65f9ff sigmac: Added testcase for Kibana curl script output 2018-03-11 00:30:20 +01:00
Thomas Patzke
1dc3ae1a8e Fixed merge_sigma failing test 2018-03-07 00:20:35 +01:00
Thomas Patzke
76bdcba71f Added rulecomment option to all single-query output backends 
Prints comment with rule before output.
 2018-01-27 23:48:10 +01:00
Thomas Patzke
d82a78fa3d Finalizing PyPI release 
* Removed .py suffix from command line tools
* sigmac tells when it does nothing and prints usage notice
* Makefile upload target
* minor changes
 2017-12-08 23:50:08 +01:00
Thomas Patzke
36541bc9fb Improved Makefile 
* build instead of test target
* cleanup
 2017-12-08 22:54:40 +01:00
Thomas Patzke
09d40ab2da Finished packaging and refactoring 2017-12-08 22:32:39 +01:00
Thomas Patzke
49508490f5 Extended CI tests to packaging 2017-12-08 00:44:15 +01:00
Thomas Patzke
3b9ff57a38 Added merge_sigma tool 
* Tests
* Restructured Makefile
 2017-11-14 22:17:18 +01:00
Thomas Patzke
273ed4b5d6 Fixed test case 
Test case used with kibana backend doesn't supports multiple indices
 2017-11-09 10:47:03 +01:00
Thomas Patzke
f478cffb41 Added default index configs for usual ELK setups 
* Added test case for defaultindex with kibana backend
 2017-11-09 10:05:41 +01:00
Thomas Patzke
b03f9359ec sigmac: Added rule filter 2017-11-02 00:02:15 +01:00
Thomas Patzke
e90ff2d991 Improved testing 
* Added collection test case
* Test of file output
 2017-11-01 21:14:11 +01:00
Thomas Patzke
65e1f8ec2b Increased test coverage 
* more tests
* removed unneeded code
* increased coverage fail threshold
 2017-10-23 23:30:44 +02:00
Thomas Patzke
7f93d3ca47 Kibana backend throws exception when multiple indices appear 
* Introduced backend errors with handling in sigmac
 2017-10-23 00:45:01 +02:00
Thomas Patzke
ec996e7353 Improved test coverage 2017-10-19 17:42:56 +02:00
Thomas Patzke
a4a127e869 Measurement of test coverage 2017-10-19 11:40:53 +02:00
Thomas Patzke
5449a12a14 Added GrepBackend 
Moved field quoting/filtering into QuoteCharMixin
 2017-10-18 19:03:38 +02:00
Thomas Patzke
3418b949f3 Enhanced integration testing by configurations 2017-10-18 15:23:10 +02:00
Thomas Patzke
d410adb397 sigmac: X-Pack Watcher backend improvements 
* Renamed backend class according to convention
* Output types: curl (default) and plain
* Prefix of rule names
* Indices from configuration
* Support for multiple conditions per rule
* Usage of parsed condition
* Support for all condition operators
* Fixed bug preventing from passing multiple options to backend
* Added to CI tests
 2017-09-22 00:28:35 +02:00
Thomas Patzke
270ab9ba78 Added backend options 
* generic support for backend-specific options
* kibana backend option for title prefix
 2017-09-16 23:46:40 +02:00
Thomas Patzke
ac5e6a3e83 Moved tests into Makefile 2017-08-07 14:05:55 +02:00