Mirrors/marcredhat-siem-toolkit-patched
1
0
Fork 0
mirror of https://github.com/marcredhat/SIEM-toolkit-patched synced 2026-06-13 06:31:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

Commit Graph

  • 4df8e844e5 Sigma -> SentinelOne PowerQuery pipeline main marc 2026-05-28 12:29:37 +02:00
  • 1c36bac9e8 Add tools/sync-upstream.sh: safe upstream-sync workflow marc 2026-05-22 20:46:30 +02:00
  • 7d19c57a5d Ingest Dashboard: optional background cache pre-warmer marc 2026-05-22 20:41:36 +02:00
  • bfff0eeec0 Ingest Dashboard: 5min TTL cache + days->hours normalisation marc 2026-05-22 20:10:03 +02:00
  • 8c4298ca2a Health Score: cap MITRE Coverage at 100% by canonicalising tactics marc 2026-05-22 19:41:48 +02:00
  • 2eea2d9510 Parser Test Runner: filter non-parser SDL artefacts from dropdown pr/parser-dropdown-filter marc 2026-05-22 21:12:47 +02:00
  • 99d63837b5 Add tools/sync-upstream.sh: safe upstream-sync workflow rebase/upstream-20260522 marc 2026-05-22 20:46:30 +02:00
  • fec356829c Ingest Dashboard: optional background cache pre-warmer marc 2026-05-22 20:41:36 +02:00
  • 0a01a56218 Ingest Dashboard: 5min TTL cache + days->hours normalisation marc 2026-05-22 20:10:03 +02:00
  • f82115143c Health Score: cap MITRE Coverage at 100% by canonicalising tactics marc 2026-05-22 19:41:48 +02:00
  • 70f3f83db3 Parser Test Runner: filter non-parser SDL artefacts from dropdown marc 2026-05-22 19:36:58 +02:00
  • 7c1687efce Sync upstream features; preserve fork KV scanner, parsers, verifier marc 2026-05-22 18:19:52 +02:00
  • a7ebcac9a6 Revert "Add product grouping to rule displays across coverage and threat pages" Mick 2026-05-22 12:08:56 -04:00
  • b494c751aa Revert "Preserve parser_detected across syncs to prevent coverage regression" Mick 2026-05-22 12:08:56 -04:00
  • 21c8644443 Preserve parser_detected across syncs to prevent coverage regression Mick 2026-05-22 12:07:03 -04:00
  • 7620d1fcc8 Add product grouping to rule displays across coverage and threat pages Mick 2026-05-22 11:56:27 -04:00
  • bb2c00f2fa Collapse MITRE tactic cards by default — click to expand Mick 2026-05-22 11:31:23 -04:00
  • 1a2b289f32 Rename pipeline sections to Full Pipeline / Partial Pipeline Mick 2026-05-22 11:27:05 -04:00
  • 800d3c545a Split onboarding pipeline into detection-mapped vs parser-only groups Mick 2026-05-22 11:26:26 -04:00
  • 62e29d131d Collapse onboarding pipeline table by default Mick 2026-05-22 11:23:52 -04:00
  • d0299e0f23 Add health score, coverage trends, dependency map, PowerQuery playground, onboarding tracker Mick 2026-05-22 11:09:43 -04:00
  • d6d0faf218 Add Stormshield ingest verifier archive/main-before-resync- marc 2026-05-22 17:03:26 +02:00
  • b4314c07df Update README to reflect current feature set Mick 2026-05-22 10:46:56 -04:00
  • 7b4eceefb8 Fix MITRE extraction to use actual S1 API structure + use generatedAlerts for firing status Mick 2026-05-22 10:42:48 -04:00
  • 7922de315e Add MITRE ATT&CK heatmap and detection rule firing status Mick 2026-05-22 10:25:45 -04:00
  • 12fec66d9a Update README.md Marc Chisinevski 2026-05-22 16:17:44 +02:00
  • 2c40bf81ee Cherry-pick improvements from PR #2 (marcredhat) Mick 2026-05-22 10:11:42 -04:00
  • c5a4f796a0 Add unlabelled event detection, stub parser quality, Sync All, and modern UI redesign Mick 2026-05-22 10:00:21 -04:00
  • a9dcf48e65 Snapshot 95 demo-tenant parsers (incl. stormshield) + un-ignore parsers/ marc 2026-05-22 14:11:39 +02:00
  • 1e61fa9814 Update README.md Marc Chisinevski 2026-05-22 13:58:13 +02:00
  • d1d92d3967 Stormshield/F5/WatchGuard parser test fix + SDL KV-scanner support marc 2026-05-22 13:45:23 +02:00
  • 79efb6bf7d v0.1 Mick Marc merged marc 2026-05-20 23:44:53 +02:00
  • 0013adbe7e Merge pull request #1 from marcredhat/fix/json-parser-and-pq-syntax Mick 2026-05-20 15:25:39 -04:00
  • 6cd9da82da Auto-load detection library from S1 API, improve coverage map accuracy Mick 2026-05-20 15:14:10 -04:00
  • d8d62478c0 Add helper scripts: SDL parser sync, PQ probes, test-parser smoke tests marc 2026-05-20 19:41:00 +02:00
  • 8dbd38f3bb Fix Parser Test Runner JSON mode, Filter Simulator PQ syntax, dropdown source marc 2026-05-20 19:40:24 +02:00
  • 6e137438b1 Add Detection Fields Missing column + STAR_LIBRARY_ONLY setting Mick 2026-05-19 15:46:05 -04:00
  • a50fd35934 Filter STAR rules to Library only (creator @sentinelone.com) Mick 2026-05-19 15:42:09 -04:00
  • 4d6125eb4d Add Default Parser Only and No Parser filters to Coverage Map Mick 2026-05-19 15:35:30 -04:00
  • 1a68fbea2d Rewrite README in the Queen's English, inspired by Pineapple Boy Mick 2026-05-19 13:28:15 -04:00
  • 3f80e4c344 Add README with full feature documentation Mick 2026-05-19 13:25:28 -04:00
  • 74c3a8d6a3 Auto-discover fields from log sample when source selected in Field Population Rate Mick 2026-05-19 13:23:36 -04:00
  • 1aca7154c2 Default Live Event Sampler to 10 events Mick 2026-05-19 13:21:51 -04:00
  • 799e413041 Add per-row copy button to Live Event Sampler message column Mick 2026-05-19 13:18:44 -04:00
  • 5421b2de61 Populate source dropdowns in Parser Quality from synced active sources Mick 2026-05-19 13:16:50 -04:00
  • 1b07a59991 Use parsed event detection in data lake as coverage signal Mick 2026-05-19 13:06:29 -04:00
  • 81e3656c46 Fix coverage map matching: three-tier lookup for parser-to-source mapping Mick 2026-05-19 12:56:51 -04:00
  • 999c0f7b83 Add Parser Quality page: Live Event Sampler, Field Population Rate, Parser Test Runner Mick 2026-05-19 12:53:48 -04:00
  • 058b1e7cf1 Default Ingest Dashboard to 1h view on load Mick 2026-05-19 12:46:30 -04:00
  • a5d0be0a7c Show events-by-source bar chart in 1h mode instead of blank message Mick 2026-05-19 12:45:55 -04:00
  • ac97196435 Improve coverage map matching, bar chart gradients, and add 1h time filter Mick 2026-05-19 12:43:10 -04:00
  • f0bd56aee8 Rewrite coverage map as source-centric view Mick 2026-05-19 12:31:48 -04:00
  • 2262892859 Improve daily volume bar chart readability Mick 2026-05-19 11:59:12 -04:00
  • 08c7a8a5b5 Add Filter Simulator help panel on Ingest Dashboard Mick 2026-05-19 11:56:52 -04:00
  • 735e364b71 Fix Ingest Dashboard timeout causing failed to fetch Mick 2026-05-19 11:53:37 -04:00
  • 2e55e21a77 Add Settings page with .env manager Mick 2026-05-19 11:43:41 -04:00
  • c182d837ee Initial commit: SIEM Toolkit for SentinelOne Mick 2026-05-19 11:39:26 -04:00