New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Import SigmaHQ auditd rules #1194

Open

buixor wants to merge 26 commits into master from auditd_sigma

+881 −60

Contributor

buixor commented Dec 18, 2024 •

edited

Loading

add sigmahq auditd rules
update the auditd and laurel parsers, reflect changes on associated scenarios

buixor and others added 10 commits

December 13, 2024 17:19


          add EXECVE support, change old syscall+execve generated log type

e1df296


          reflect change on log_type for syscall+execve

0891dc4


          Update index

9d3c8d7


          update

c4bd5ea


          evolve parser

d950939


          support new items

bfa138c


          update collection


          add new scenarios add associated tests

9994a05


          Update index

1c3feb0


          Merge branch 'master' into auditd_sigma

github-actions bot commented Dec 18, 2024

Hello @buixor and thank you for your contribution!

❗ It seems that the following scenarios are not part of the 'crowdsecurity/appsec-virtual-patching' collection:

🔴 crowdsecurity/vpatch-CVE-2023-6567 🔴
🔴 crowdsecurity/vpatch-CVE-2023-0900 🔴
🔴 crowdsecurity/vpatch-CVE-2023-23488 🔴
🔴 crowdsecurity/vpatch-CVE-2023-0600 🔴
🔴 crowdsecurity/vpatch-CVE-2024-1071 🔴
🔴 crowdsecurity/vpatch-CVE-2023-6623 🔴
🔴 crowdsecurity/vpatch-CVE-2023-4634 🔴
🔴 crowdsecurity/vpatch-CVE-2023-2009 🔴
🔴 crowdsecurity/vpatch-CVE-2023-23489 🔴
🔴 crowdsecurity/vpatch-CVE-2023-6360 🔴
🔴 crowdsecurity/vpatch-CVE-2024-1061 🔴

github-actions bot commented Dec 18, 2024

Hello @buixor,

Scenarios/AppSec Rule are compliant with the taxonomy, thank you for your contribution!

actions-user and others added 4 commits

December 18, 2024 09:58


          Update taxonomy

896a71e


          oopsie debug

1de45fc


          Update index

c45b845


          fix tests

52cea5e

github-actions bot commented Dec 18, 2024

Hello @buixor,

Scenarios/AppSec Rule are compliant with the taxonomy, thank you for your contribution!

actions-user and others added 3 commits

December 18, 2024 11:21


          Update index

51e0946


          debug mode

1f8c7a5


          Update index

018cff4

github-actions bot commented Dec 18, 2024

Hello @buixor,

Scenarios/AppSec Rule are compliant with the taxonomy, thank you for your contribution!

1 similar comment

github-actions bot commented Dec 18, 2024

Hello @buixor,

Scenarios/AppSec Rule are compliant with the taxonomy, thank you for your contribution!

buixor and others added 3 commits

December 18, 2024 13:56


          reflect changes on laurel and associated tests

e1dbfc8


          Update index

9a62b8e


          fix sigmahq tests

4d2d8fd

LaurenceJJones reviewed

View reviewed changes

parsers/s01-parse/crowdsecurity/laurel-logs.yaml Outdated Show resolved Hide resolved

LaurenceJJones reviewed

View reviewed changes

scenarios/crowdsecurity/auditd-sus-exec.yaml Outdated Show resolved Hide resolved


          fix comments, add test

e624671

github-actions bot commented Dec 30, 2024

Hello @buixor,

Scenarios/AppSec Rule are compliant with the taxonomy, thank you for your contribution!


          Update index

a47edd0

buixor and others added 4 commits

December 30, 2024 11:43


          fix parser

8ef1d56


          Update index

d7c3bb4


          debug

be52d45


          Update index

5ec3010

LaurenceJJones approved these changes

View reviewed changes

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet