valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 18:23:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
3,333 Commits 20 Branches 25 Tags 21 MiB
fb9855bd3b
Commit Graph

297 Commits

Author SHA1 Message Date
Thomas Patzke
fb9855bd3b Added description to es-rule backend 2020-06-06 01:02:44 +02:00
Thomas Patzke
c992dc5215 Improved test coverage 2020-06-05 23:33:51 +02:00
Thomas Patzke
5d88d97c73 Merge branch 'improvements/improved_mdatp_mappings' of https://github.com/wietze/sigma into wietze-improvements/improved_mdatp_mappings 2020-06-05 23:03:52 +02:00
Jonas Plum
3a6ac5bd5c Remove unused function 2020-05-30 01:57:06 +02:00
Jonas Plum
70935d26ce Add license header 2020-05-29 23:56:05 +02:00
Jonas Hagg
dedfb65d63 Implemented Aggregation for SQL, Added SQLite FullTextSearch 2020-05-25 11:58:55 +02:00
Thomas Patzke
daf7ab5ff7 Cleanup: removal of corelight_* backends 2020-05-24 22:41:38 +02:00
Thomas Patzke
d45f8e19fe Fixes 2020-05-24 21:46:55 +02:00
Thomas Patzke
32e4998c49 Removed dead code from ALA backend. 2020-05-24 21:45:37 +02:00
Thomas Patzke
24b08bbf30 Merge branch 'master' of https://github.com/socprime/sigma into socprime-master 2020-05-24 17:06:32 +02:00
Tiago Faria
2893becf8c Merge remote-tracking branch 'upstream/master' 2020-05-14 14:02:20 +01:00
Remco Hofman
37b08543ac Updated author reference in license 2020-05-11 11:47:56 +02:00
vh
fb9c5841f4 Added Humio, Crowdstrike, Corelight 2020-05-08 13:41:52 +03:00
Remco Hofman
dc96b7ffb3 Removed dependency on slugify 2020-05-08 11:40:16 +02:00
Remco Hofman
c5be83eb01 Added ee-outliers backend 2020-05-08 10:18:35 +02:00
pdr9rc
aa175a7d5b wip 
wip
 2020-05-04 18:02:27 +01:00
pdr9rc
dd9e128a15 kibana target update 
kibana target now compatible with overrides
 2020-05-04 17:35:12 +01:00
pdr9rc
b3194e66c4 Update base.py 2020-05-04 16:37:36 +01:00
Wietze
2b3828730c Reversed disabling FileDelete 2020-05-02 17:31:50 +01:00
Wietze
e5574e07f2 Disabled FileDelete event (Sysmon 11 - no rules available yet) 2020-05-02 16:21:56 +01:00
Wietze
5abf4cbea9 Reordered fields 2020-05-02 14:46:55 +01:00
Wietze
661108903b Minor consistency fix 2020-05-02 14:37:37 +01:00
Wietze
46737cbfd3 Improved Microsoft ATP mapping, using Advanced Hunting Schema 
See https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference
 2020-05-02 14:31:02 +01:00
pdr9rc
98391f985a wip 
wip
 2020-04-30 15:19:38 +01:00
pdr9rc
9ce84a38e5 overrides section support + one example rule + cloudtrail config 
ditto
 2020-04-29 20:36:45 +01:00
Thomas Patzke
1c5c8047fd Fixes 
* Removed commented debug print statements
* Defined nullExpression
* Removed unneeded generateMapItemNode method
* Value cleaning bug on matching of wildcard at first character
 2020-04-08 23:43:46 +02:00
Thomas Patzke
cf896c3093 Merge branch 'master' of https://github.com/abhikhnvasara/sigma into pr-630 2020-04-08 23:16:39 +02:00
Thomas Patzke
551a94af04 Merge branch 'master' of https://github.com/tileo/sigma into pr-658 2020-04-08 22:43:48 +02:00
Thomas Patzke
7224af54b2
Merge pull request #664 from j91321/es-rule-options 
es-rule backend options for index-patterns and time interval
 2020-04-08 22:39:45 +02:00
Thomas Patzke
1b7f33f5e2 Fixed undefined value in exception handling 
Fixes issue #702.
 2020-04-08 22:28:47 +02:00
j91321
3470011ac3 Revert time interval, use index values provided by sigmaparser 2020-04-05 20:30:57 +02:00
Thomas Patzke
693830fa83 Merge pull request 659 2020-04-03 23:46:53 +02:00
Maxime Lamothe-Brassard
f92c5e9b18 Remove generation of LC rules with timeframe. 2020-04-02 15:25:30 -07:00
Thomas Patzke
004eaf0615 Revert "do not escape u" 
This reverts commit aa112cbd44.

This was a fix for a previous bug.
 2020-03-24 23:36:12 +01:00
vunx2
1025930e04 merge 2020-03-19 11:05:52 +07:00
vunx2
2107d86900 merge 2020-03-19 10:58:30 +07:00
vunx2
1b12a6b261 modified: tools/sigma/backends/carbonblack.py 2020-03-19 09:00:24 +07:00
neu5ron
aa112cbd44 do not escape u 2020-03-18 08:51:38 -04:00
neu5ron
17318b48bf - fix agg_option keyword 
- remove (now) unnecessary other hardcoded `.keyword` locations
 2020-03-18 08:50:37 -04:00
vunx2
e228d42b97 clean IP subnet 2020-03-18 16:49:44 +07:00
vunx2
1df5620a14 fix cleanValue + leading wildcard + EventID Intergration 2020-03-18 16:02:44 +07:00
j91321
f0c83ae3b4 Added es-rule backend options 2020-03-15 13:03:20 +01:00
neu5ron
55bf39a2ac keyword, analyzed field, case insensitivity 2020-03-11 11:38:56 -04:00
David Szili
0947538228 MDATP schema changes 
WDATP was renamed to MDATP (Microsoft Defendre ATP).
MDATP also had schema changes recently: https://techcommunity.microsoft.com/t5/microsoft-defender-atp/advanced-hunting-data-schema-changes/ba-p/1043914
The updates reflect these changes
 2020-03-09 17:12:41 +01:00
Abhijit Khinvasara
9cb395823c Rework according to review comments. 2020-03-04 14:54:49 -08:00
vunx2
b070ffab74 Merge branch 'master' of https://github.com/Neo23x0/sigma 2020-03-03 10:08:31 +07:00
Thomas Patzke
a0f7da8c03 Splunk XML backend rule title 
Fixes #645
 2020-03-01 22:23:35 +01:00
vunx2
58f5fa1b8e change to github 2020-02-28 16:56:48 +07:00
vunx2
139600009b conflict 2020-02-28 16:50:30 +07:00
Thomas Patzke
5a2ccbd040 Fixed ArcSight backend visibility 2020-02-24 23:27:22 +01:00