Merge new sigma features from google repository #2
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This reverts commit 00c19bc.
This reverts commit 3d0eba0.
…ogle#1831) * Display links * Revert style change
* Display links * Add context menu component * Add TsIOCMenu component * Add highlight component to EventListRowDetail * Add delete option to TsDynamicTable * Display local intelligence in Intelligence component * Improve display * Improve UX for adding IOCs * Add arbitrary selection as IOCs * Refresh attributes on component load * Menu styling * Cleanup * bugfix * Only offer to add intelligence if it doesn't exist * Fix space bug * Fix unclosed tag * Revert style change * Import ApiClient * Update timesketch/frontend/src/components/Common/TsContextMenu.vue Co-authored-by: Johan Berggren <jberggren@gmail.com> * Update timesketch/frontend/src/components/Common/TsIOCMenu.vue Co-authored-by: Johan Berggren <jberggren@gmail.com> * Update timesketch/frontend/src/components/Explore/EventListRowDetail.vue Co-authored-by: Johan Berggren <jberggren@gmail.com> * Drop console.log * Fix typo * Make highlight color darkmode-compatible Co-authored-by: Johan Berggren <jberggren@gmail.com>
Extend SSH regex to support public key authentication logs
Extend SSH regex
Co-authored-by: Thomas Chopitea <tomchop@gmail.com>
Co-authored-by: Thomas Chopitea <tomchop@gmail.com>
Co-authored-by: Thomas Chopitea <tomchop@gmail.com>
Add sysadmin guide to the documentation
Update timesketch_importer.py
* Make access to intelligence attributes safer * Change semantic to edit
…gle#1889) * Don't use UTC for date output render * add comment
* Extended tsctl.py to add users to a sketch A function to grant a user access to a sketch. * Update tsctl.py Fixed linter errors about bad indentation. * Update tsctl.py Fixed another linter error about a long line.
Co-authored-by: Hussein Khalifa <hkhalifa@google.com>
…#1879) * fix timeout error * Update timesketch/api/v1/resources/event.py Co-authored-by: Johan Berggren <jberggren@gmail.com>
* Fix google#1214 in UI: Display Data Sources per Timeline & Make them Clickable - for each of the timelines it lists of all data sources that it includes - each of these data sources is clickable - have a tick-box next to each of the data sources so that multiple of them can be selected * Added expand/collapse to the Data Source text. * Addressed comments from @berggren * Resolving merge conflict * 1) Fixed the fact that the disabled button 'Show data types' was still clickable. 2) Changed the collapse implementation to use Buefy. * Allow the users to update the time filters that they've created by clicking on them. Also added some UX improvements, such as closing the dropdown when the filter is added/updated, or auto-populating the end time input based on the start time. * Updated the comment about the focus change so it's more intuitive. * Addressed comments from the PR regarding the use of 'refs' instead of traversing the DOM. * Allow users to toggle time filters. * Removed unnecessary comment. * Merge with the upstream * Fixing the merge issues * Improve the UX of Time Filters * Sync with the upstream. * Fixed a bug - if the minus or plus boxes contained '0' then the Create button would be disabled. * Addressed the comments from the Pull Request * Aligned the colours of the 'radio' to blue (from purple). * Update from upstream * Added labels to the common buttons for each of the timeline entries (i.e. star, search, label) and shifted the 'Include/Exclude' buttons for each of the entry rows as some users complained they completely missed them when they were on the right hand side. * Early draft of implementing the vertical dots button in Timeline Chip * Almost there, it all works except that the list of timelines doesn't get re-populated as it should after a timeline is renamed. * Fixed the bug that the timeline chips were out of sync after the rename operation. * Got the color changing feature working. * Refactored and fixed all the bugs I discovered. * The commit hides the Timelines tab. It will need some more work to decouple it from the Overview tab so the Timeline components and the view can be deleted completely. * Addressed review comments from @tomchop, and @jaegeral . Co-authored-by: Kristinn <kristinn@log2timeline.net> Co-authored-by: Johan Berggren <jberggren@gmail.com>
* Initial commit of geoip analyzer * Fix multiline string * Fix typo * Add geoip tests * Fix analyzer based on unittests * Add more IP fields * Updates: * only process global IP addresses (ignoring private, multicast, reserved, etc) * account for IP field attributes to contain lists of IP addresses * Updates to unittest script * Update geoip_test.py * Update timesketch.conf * Added test for multiple IP in one attribute * Generalise module to allow different geolocation services. * Update geoip.py - fix comments * Update timesketch/lib/analyzers/geoip.py Co-authored-by: Johan Berggren <jberggren@gmail.com> * Update data/timesketch.conf Co-authored-by: Johan Berggren <jberggren@gmail.com> * Update timesketch/lib/analyzers/geoip.py Co-authored-by: Thomas Chopitea <tomchop@gmail.com> * Update timesketch/lib/analyzers/geoip.py Co-authored-by: Johan Berggren <jberggren@gmail.com> * Update timesketch/lib/analyzers/geoip.py Co-authored-by: Johan Berggren <jberggren@gmail.com> * Update timesketch/lib/analyzers/geoip.py Co-authored-by: Johan Berggren <jberggren@gmail.com> * Update timesketch/lib/analyzers/geoip.py Co-authored-by: Johan Berggren <jberggren@gmail.com> * Update emojis.py * Fix typo * Update emojis.py * Update geoip_test.py * Update geoip_test.py for IPv6 addresses * Update geoip.py * Fix typing annotations * Update geoip.py * Update timesketch/lib/analyzers/geoip.py Co-authored-by: Johan Berggren <jberggren@gmail.com> * Update timesketch/lib/analyzers/geoip.py Co-authored-by: Johan Berggren <jberggren@gmail.com> * Update timesketch/lib/analyzers/geoip.py Co-authored-by: Johan Berggren <jberggren@gmail.com> * Fix lint errors * Fix whitespace * Fix lint errors and update tests * Update timesketch/lib/analyzers/geoip.py * Update timesketch/lib/analyzers/geoip.py * Update geoip_test.py Co-authored-by: Johan Berggren <jberggren@gmail.com> Co-authored-by: Thomas Chopitea <tomchop@gmail.com>
* add logo color * build * style * build * Color fixes, dropdown and color picket * no side effects
* first shot * lint fix * lint * some minor updates * cleanup routing * pull the ruleid dynamically * SigmaGetRuleByText first attempt * Update timesketch/frontend/src/components/Sigma/SigmaList.vue Co-authored-by: Johan Berggren <jberggren@gmail.com> * Update timesketch/frontend/src/components/Sigma/SigmaRuleDetail.vue Co-authored-by: Johan Berggren <jberggren@gmail.com> * Update timesketch/frontend/src/views/SigmaOverview.vue Co-authored-by: Johan Berggren <jberggren@gmail.com> * feeedback updates * feedback from review, lint, removal of some testing stuff * camel case * formatting SigmaRuleDetails * documentation draft * removing tags from list, making detail page a table * make SigmaRuleDetail with go away buttons * some minor modifircations * remove manual java script code to copy stuff * bugfixes * eslint Co-authored-by: Johan Berggren <jberggren@gmail.com>
Sigma: Rule detail inline with table rows
* Initial commit of geoip analyzer * Fix multiline string * Fix typo * Add geoip tests * Fix analyzer based on unittests * Add more IP fields * Updates: * only process global IP addresses (ignoring private, multicast, reserved, etc) * account for IP field attributes to contain lists of IP addresses * Updates to unittest script * Update geoip_test.py * Update timesketch.conf * Added test for multiple IP in one attribute * Generalise module to allow different geolocation services. * Update geoip.py - fix comments * Update timesketch/lib/analyzers/geoip.py Co-authored-by: Johan Berggren <jberggren@gmail.com> * Update data/timesketch.conf Co-authored-by: Johan Berggren <jberggren@gmail.com> * Update timesketch/lib/analyzers/geoip.py Co-authored-by: Thomas Chopitea <tomchop@gmail.com> * Update timesketch/lib/analyzers/geoip.py Co-authored-by: Johan Berggren <jberggren@gmail.com> * Update timesketch/lib/analyzers/geoip.py Co-authored-by: Johan Berggren <jberggren@gmail.com> * Update timesketch/lib/analyzers/geoip.py Co-authored-by: Johan Berggren <jberggren@gmail.com> * Update timesketch/lib/analyzers/geoip.py Co-authored-by: Johan Berggren <jberggren@gmail.com> * Update emojis.py * Fix typo * Update emojis.py * Update geoip_test.py * Update geoip_test.py for IPv6 addresses * Update geoip.py * Fix typing annotations * Update geoip.py * Update timesketch/lib/analyzers/geoip.py Co-authored-by: Johan Berggren <jberggren@gmail.com> * Update timesketch/lib/analyzers/geoip.py Co-authored-by: Johan Berggren <jberggren@gmail.com> * Update timesketch/lib/analyzers/geoip.py Co-authored-by: Johan Berggren <jberggren@gmail.com> * Fix lint errors * Fix whitespace * Fix lint errors and update tests * Update timesketch/lib/analyzers/geoip.py * Update timesketch/lib/analyzers/geoip.py * Update geoip_test.py * Update geoip.py * Fix linter * Update geoip.py Co-authored-by: Johan Berggren <jberggren@gmail.com> Co-authored-by: Thomas Chopitea <tomchop@gmail.com>
* remove copy button from EventList * Copy Button: Dark. hover, moved * dist folder * Revert "dist folder" This reverts commit 10729a8.
* introduce a Timesketch roadmap doc and Sigma * Update docs/developers/roadmap.md Co-authored-by: Johan Berggren <jberggren@gmail.com> Co-authored-by: Johan Berggren <jberggren@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.