It works on my system

Initial upload
berthayes · Aug 28, 2021 · 6650d78 · 6650d78
commit 6650d78
Show file tree

Hide file tree

Showing 51 changed files with 33,790 additions and 0 deletions.
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,2 @@
+
+.DS_Store
diff --git a/config/sigma-dns.properties b/config/sigma-dns.properties
@@ -0,0 +1,11 @@
+application.id=zeek-rules-streams-app
+bootstrap.server=broker:29092
+schema.registry=http://schema-registry:8081
+data.topic=dns
+output.topic=dns-detection
+field.mapping.file=/tmp/config/splunk-zeek.yml
+sigma.rules.topic=sigma-rules
+sigma.rule.filter.product=zeek
+sigma.rule.filter.service=dns
+#sigma.rule.filter.title=Domain User Enumeration Network Recon 01
+#sigma.rule.filter.list=/Users/mpeacock/Development/KafkaSigma/kafka-sigma-streams/src/config/sigma_titles.txt
diff --git a/config/sigma-http.properties b/config/sigma-http.properties
@@ -0,0 +1,10 @@
+application.id=operation-rules-streams-app
+bootstrap.server=127.0.0.1:9092
+data.topic=http
+output.topic=http-detection
+field.mapping.file=config/splunk-zeek.yml
+sigma.rules.topic=sigma-rules
+sigma.rule.filter.product=zeek
+sigma.rule.filter.service=http
+sigma.rule.filter.title=Simple Http
+#sigma.rule.filter.list=config/sigma_titles.txt
diff --git a/config/sigma_titles.txt b/config/sigma_titles.txt
@@ -0,0 +1,4 @@
+Possible Windows Executable Download Without Matching Mime Type
+Executable from Webdav
+Possible Data Collection related to Office Docs and Email Archives and PDFs
+Domain User Enumeration Network Recon 01