security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

refactor: first bigger log source refactoring

Browse Source 
see discussion here: https://github.com/SigmaHQ/sigma/discussions/2835
This commit is contained in:
Florian Roth
2022-03-22 17:58:29 +01:00
parent a5281c0eaf
commit e91fc4486e
78 changed files with 103 additions and 106 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/cloud/m365/microsoft365_activity_by_terminated_user.yml
+1 -1
View File
@@ -8,7 +8,7 @@ references:
- https://docs.microsoft.com/en-us/cloud-app-security/anomaly-detection-policy
- https://docs.microsoft.com/en-us/cloud-app-security/policy-template-reference
logsource:
category: ThreatManagement
service: threat_management
product: m365
detection:
selection:
rules/cloud/m365/microsoft365_activity_from_anonymous_ip_addresses.yml
+1 -1
View File
@@ -8,7 +8,7 @@ references:
- https://docs.microsoft.com/en-us/cloud-app-security/anomaly-detection-policy
- https://docs.microsoft.com/en-us/cloud-app-security/policy-template-reference
logsource:
category: ThreatManagement
service: threat_management
product: m365
detection:
selection:
rules/cloud/m365/microsoft365_activity_from_infrequent_country.yml
+1 -1
View File
@@ -8,7 +8,7 @@ references:
- https://docs.microsoft.com/en-us/cloud-app-security/anomaly-detection-policy
- https://docs.microsoft.com/en-us/cloud-app-security/policy-template-reference
logsource:
category: ThreatManagement
service: threat_management
product: m365
detection:
selection:
rules/cloud/m365/microsoft365_data_exfiltration_to_unsanctioned_app.yml
+1 -1
View File
@@ -8,7 +8,7 @@ references:
- https://docs.microsoft.com/en-us/cloud-app-security/anomaly-detection-policy
- https://docs.microsoft.com/en-us/cloud-app-security/policy-template-reference
logsource:
category: ThreatManagement
service: threat_management
product: m365
detection:
selection:
rules/cloud/m365/microsoft365_from_suspicious_ip_addresses.yml
+1 -1
View File
@@ -8,7 +8,7 @@ references:
- https://docs.microsoft.com/en-us/cloud-app-security/anomaly-detection-policy
- https://docs.microsoft.com/en-us/cloud-app-security/policy-template-reference
logsource:
category: ThreatDetection
service: threat_detection
product: m365
detection:
selection:
rules/cloud/m365/microsoft365_impossible_travel_activity.yml
+1 -1
View File
@@ -9,7 +9,7 @@ references:
date: 2020/07/06
modified: 2021/11/27
logsource:
category: ThreatManagement
service: threat_management
product: m365
detection:
selection:
rules/cloud/m365/microsoft365_logon_from_risky_ip_address.yml
+1 -1
View File
@@ -8,7 +8,7 @@ references:
- https://docs.microsoft.com/en-us/cloud-app-security/anomaly-detection-policy
- https://docs.microsoft.com/en-us/cloud-app-security/policy-template-reference
logsource:
category: ThreatManagement
service: threat_management
product: m365
detection:
selection:
rules/cloud/m365/microsoft365_new_federated_domain_added.yml
+1 -1
View File
@@ -11,7 +11,7 @@ references:
- https://www.sygnia.co/golden-saml-advisory
- https://o365blog.com/post/aadbackdoor/
logsource:
category: Exchange
service: exchange
product: m365
detection:
selection:
rules/cloud/m365/microsoft365_potential_ransomware_activity.yml
+1 -1
View File
@@ -8,7 +8,7 @@ references:
- https://docs.microsoft.com/en-us/cloud-app-security/anomaly-detection-policy
- https://docs.microsoft.com/en-us/cloud-app-security/policy-template-reference
logsource:
category: ThreatManagement
service: threat_management
product: m365
detection:
selection:
rules/cloud/m365/microsoft365_suspicious_inbox_forwarding.yml
+1 -1
View File
@@ -8,7 +8,7 @@ references:
- https://docs.microsoft.com/en-us/cloud-app-security/anomaly-detection-policy
- https://docs.microsoft.com/en-us/cloud-app-security/policy-template-reference
logsource:
category: ThreatManagement
service: threat_management
product: m365
detection:
selection:
rules/cloud/m365/microsoft365_suspicious_oauth_app_file_download_activities.yml
+1 -1
View File
@@ -8,7 +8,7 @@ references:
- https://docs.microsoft.com/en-us/cloud-app-security/anomaly-detection-policy
- https://docs.microsoft.com/en-us/cloud-app-security/policy-template-reference
logsource:
category: ThreatManagement
service: threat_management
product: m365
detection:
selection:
rules/cloud/m365/microsoft365_unusual_volume_of_file_deletion.yml
+1 -1
View File
@@ -8,7 +8,7 @@ references:
- https://docs.microsoft.com/en-us/cloud-app-security/anomaly-detection-policy
- https://docs.microsoft.com/en-us/cloud-app-security/policy-template-reference
logsource:
category: ThreatManagement
service: threat_management
product: m365
detection:
selection:
rules/cloud/m365/microsoft365_user_restricted_from_sending_email.yml
+1 -1
View File
@@ -8,7 +8,7 @@ references:
- https://docs.microsoft.com/en-us/cloud-app-security/anomaly-detection-policy
- https://docs.microsoft.com/en-us/cloud-app-security/policy-template-reference
logsource:
category: ThreatManagement
service: threat_management
product: m365
detection:
selection: