securityonion

mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 17:52:46 +01:00

Author	SHA1	Message	Date
Wes	d23d367058	Make scan.pe.flags a string	2024-01-24 15:08:38 +00:00
Wes	1a3b3b21fb	Change entropy value syntax	2023-08-31 15:09:19 +00:00
Wes	e3249c8e4c	Wrap values in quotes for proper conversion	2023-07-13 14:18:57 +00:00
weslambert	85bb5a327c	Fix long vs float for pe version	2023-07-13 09:38:09 -04:00
Wes	577bfac886	Update logic for YARA matches	2023-07-11 17:00:13 +00:00
weslambert	6d87620c6a	Explicitly set 'event.dataset' as 'file'	2023-03-22 11:04:18 -04:00
Wes Lambert	05aad07bfc	Replace staging path with processed path for analyzed files	2021-07-14 15:04:46 +00:00
Mike Reeves	693f455862	ECS hotfix	2021-07-02 08:55:49 -04:00
weslambert	4c74e7f308	Add event.kind and set name to module[dot]dataset	2021-06-02 15:35:26 -04:00
Wes Lambert	7e578d2ce0	Pull out additional fields from Exif info	2020-11-09 16:53:53 +00:00
Wes Lambert	6420ee0310	Update parsing for scan.exiftool	2020-11-02 19:28:12 +00:00
Wes Lambert	54c4ee796f	Rename file.flavors.mime to file.mime_type	2020-10-14 18:56:44 +00:00
Wes Lambert	a6d3dcf398	More fixes for rule field	2020-10-08 13:36:47 +00:00
Wes Lambert	a2e2f23a8d	Add null safe check for rule	2020-10-08 13:14:39 +00:00
Wes Lambert	019bec992d	Add Strelka YARA matches as alerts	2020-10-06 12:19:44 +00:00
m0duspwnens	5cf71596b2	add curlys	2020-07-14 17:36:52 -04:00
Wes Lambert	f9df39977b	Add observer name for Strelka events	2020-07-14 17:38:43 +00:00
weslambert	4cf31e1ee7	Drop message field and original exiftool keys	2020-07-08 10:55:40 -04:00
Wes Lambert	3b50ce032a	Add fields for exiftool keys	2020-07-07 20:02:09 +00:00
Wes Lambert	e0570e1db7	Add Zeek FUID for Strelka records	2020-07-07 15:00:01 +00:00
Wes Lambert	9e50387eec	update ingest files	2020-04-05 20:40:00 +00:00
Wes Lambert	c52220330b	modify pipelines	2020-03-14 12:03:32 +00:00

22 Commits