Advertisement
JohnGalt14

Sigma Converter Targets : October 2021

Oct 22nd, 2021
277
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.07 KB | None | 0 0
  1. Configurations (Sources):
  2. ala : Azure Sentinel
  3. ala-azure-activitylogs : Azure Activity Logs mapping for Azure Log Analytics
  4. ala-azure-ad_auditlogs : Azure AD Audit Logs mapping for Azure Log Analytics
  5. ala-azure-aws_cloudtrail : AWS CloudTrail Logs mapping for Azure Log Analytics
  6. ala-suricata : Suricata logs mapping for Azure Log Analytics
  7. arcsight : ArcSight
  8. arcsight-zeek : ArcSight Corelight Zeek and Corelight Opensource Zeek Configuration
  9. carbon-black : CarbonBlack field mapping
  10. carbon-black-eedr : CarbonBlack Enterprise EDR
  11. chronicle : Google Chronicle field mapping
  12. crowdstrike : Splunk used in Falcon Portal
  13. devo-network : Devo sourcetype mappings for network sources
  14. devo-web : Devo sourcetype mappings for web sources
  15. devo-windows : Devo sourcetype mappings for windows sources
  16. ecs-auditbeat-modules-enabled : Elastic Auditbeat (from 7.x) index pattern and field mapping
  17. ecs-auditd : Elastic Auditbeat (from 7.x) index pattern and field mapping following Elastic enabled Modules
  18. ecs-azure-activitylogs : Azure Activity Logs Elasticsearch ecs mapping
  19. ecs-azure-ad_auditlogs : Azure AD Audit Logs Elasticsearch ecs mapping
  20. ecs-azure-ad_signinlogs : Azure AD Signin Audit Logs Elasticsearch ecs mapping
  21. ecs-cloudtrail : Elastic Common Schema And Elastic Exported Fields Mapping For AWS CloudTrail Logs
  22. ecs-dns : Elastic Common Schema mapping for proxy and webserver logs including NSM DNS logs (zeek/suricata)
  23. ecs-filebeat : Elastic filebeat (from 7.x) index pattern and field mapping following Elastic Common Schema
  24. ecs-ms365_defender : Microsoft 365 Defender Elasticsearch ecs mapping
  25. ecs-okta : Elastic Exported Fields Mapping For Okta logs
  26. ecs-proxy : Elastic Common Schema mapping for proxy and webserver logs including NSM logs (zeek/suricata)
  27. ecs-suricata : Elastic Common Schema And Elastic Exported Fields Mapping For Suricata Logs
  28. ecs-zeek-corelight : Corelight Zeek and Corelight Opensource Zeek Elastic Common Schema (ECS) implementation
  29. ecs-zeek-elastic-beats-implementation : Elastic Common Schema (ECS) implementation for Zeek using filebeat modules enabled based on version 7.6.1
  30. elk-defaultindex : ELK default indices logstash-* and filebeat-*
  31. elk-defaultindex-filebeat : ELK default indices filebeat-*
  32. elk-defaultindex-logstash : ELK default indices logstash-*
  33. elk-linux : ELK Linux Indices and Mappings
  34. elk-windows : ELK Windows Indices and Mappings
  35. elk-winlogbeat : ELK Ingested with Winlogbeat
  36. elk-winlogbeat-sp : ELK Ingested with Winlogbeat
  37. filebeat-defaultindex : Elastic Filebeat default index name
  38. fireeye-helix : FireEye Helix
  39. helk : HELK index patterns and OSSEM field mappings
  40. humio : Humio log source conditions
  41. limacharlie : LimaCharlie
  42. logpoint-windows : Logpoint
  43. logrhythm_winevent : LogRhythm Windows EventID Field Mapping
  44. logstash-defaultindex : Generic Logstash index prefix
  45. logstash-linux : Logstash Linux project (https://github.com/thomaspatzke/logstash-linux)
  46. logstash-windows : Logstash Windows common log sources
  47. logstash-zeek-default-json : Zeek field mappings for default collection of JSON logs with no parsing/normalization done and sending into logstash-*index
  48. m365 : Microsoft 365 Rules
  49. netwitness : NetWitness
  50. netwitness-epl : NetWitness
  51. powershell : Logsource to LogName mappings for PowerShell backend
  52. qradar : QRadar
  53. qualys : Qualys
  54. splunk-windows : Splunk Windows log source conditions
  55. splunk-windows-index : Splunk Windows index and EventID field mapping
  56. splunk-zeek : Splunk Zeek sourcetype mappings
  57. stix-custom : Additional STIX mapping for future use
  58. stix-shifter : Custom mappings for stix-shifter project
  59. stix2.0 : Official STIX 2.0
  60. sumologic : SumoLogic
  61. sumologic-cse : SumoLogic
  62. sysmon : Conversion of Generic Rules into Sysmon Specific Rules
  63. thor : THOR
  64. windows-audit : Conversion for Windows Native Auditing Events
  65. winlogbeat : Elastic Winlogbeat (from 7.x) index pattern and field mapping
  66. winlogbeat-modules-enabled : Elastic Winlogbeat (from 7.x) index pattern and field mapping following Elastic enabled Modules
  67. winlogbeat-old : Elastic Winlogbeat (<=6.x) index pattern and field mapping
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement