257 Commits

Author	SHA1	Message	Date
Nasreddine Bencherchali	3d9372bef3	feat: new rules, updates and fp fixes (#4136)	2023-04-03 12:06:14 +02:00
FormindGMO	fad662ab15	#4149 Fix ALA Rules Compilation (parser and broken azure rules) (#4150)	2023-03-29 23:07:40 +02:00
phantinuss	98ab4bcd6a	fix: wording	2023-03-21 08:58:22 +01:00
Nasreddine Bencherchali	b253e8cafc	fix: apply suggestions from code review	2023-03-20 22:02:38 +01:00
phantinuss	d6b91a9abf	fix: file extension (3)	2023-03-20 09:54:28 +01:00
phantinuss	23fc8e1d0c	fix: file extension (2)	2023-03-20 09:40:23 +01:00
phantinuss	f53e9676bb	fix: missing file extention	2023-03-20 08:55:49 +01:00
cyb3rjy0t	14eea4ebcb	azure_ad_suspicious_signin_bypassingMFA	2023-03-20 00:41:33 -04:00
Wagga	273fdb9985	fix: typos in multiple rules (#4011)	2023-02-06 13:53:23 +01:00
Mark Morowczynski	b24e6d197b	Update tags for MITRE ATT&CK ... Update tags for MITRE ATT&CK	2023-01-29 11:29:12 -08:00
Mark Morowczynski	29ca26b32c	Updating MITRE Tactics & Techniques ... Updating MITRE Tactics & Techniques to align with existing classifications	2023-01-28 13:26:15 -08:00
frack113	1033b3f404	change status to test	2023-01-27 06:48:34 +01:00
TheLawsOfChaos	8607588a13	11 Files with updates Tactics/techniques/sub-techs (#3904)	2023-01-11 06:30:46 +01:00
frack113	0c3ba418db	Merge pull request #3898 from cyb3rjy0t/patch-2 ... New rule	2023-01-10 20:47:48 +01:00
frack113	8e7187e861	Rename azure_ad_risky_sign_ins_with_singlefactorauthencation_from_unknown_devices.yml to azure_ad_risky_sign_ins_with_singlefactorauth_from_unknown_devices.yml	2023-01-10 20:37:56 +01:00
Nasreddine Bencherchali	2820210945	fix: broken title	2023-01-10 19:43:19 +01:00
frack113	4023bf2c83	Remove mitre url	2023-01-10 18:09:04 +01:00
frack113	a6116a5fdc	Merge pull request #3894 from TheLawsOfChaos/patch-5 ... Update azure_device_or_configuration_modified_or_deleted.yml	2023-01-10 17:49:12 +01:00
Nasreddine Bencherchali	23278ead62	Merge pull request #3893 from TheLawsOfChaos/patch-4 ... Update azure_dns_zone_modified_or_deleted.yml	2023-01-10 13:50:11 +01:00
Nasreddine Bencherchali	82c2b635a9	fix: yaml syntax	2023-01-10 00:49:44 +01:00
Nasreddine Bencherchali	3b149675b2	Merge pull request #3896 from TheLawsOfChaos/patch-7 ... Patch 7	2023-01-10 00:45:38 +01:00
cyb3rjy0t	907252c00f	New rule ... Detecting risky user sign from non AD registered device with single factor authenciation	2023-01-09 17:07:39 -05:00
Nasreddine Bencherchali	032db9f799	Merge pull request #3897 from TheLawsOfChaos/patch-8 ... Update azure_firewall_modified_or_deleted.yml	2023-01-09 22:39:41 +01:00
Nasreddine Bencherchali	f0505a7a22	fix: remove mitre links from ref section	2023-01-09 22:34:13 +01:00
Nasreddine Bencherchali	e237aec830	Merge pull request #3895 from TheLawsOfChaos/patch-6 ... Update azure_creating_number_of_resources_detection.yml	2023-01-09 22:33:30 +01:00
Nasreddine Bencherchali	3ec4c3e98b	fix: apply suggestions from code review	2023-01-09 22:23:19 +01:00
Nasreddine Bencherchali	c8cbdefba5	fix: remove unnecessary spaces	2023-01-09 22:22:40 +01:00
Nasreddine Bencherchali	b728332228	fix: remove mitre link from the reference section	2023-01-09 22:21:46 +01:00
Nasreddine Bencherchali	0e06d9e9b9	fix: remove mitre link from the reference section	2023-01-09 22:21:21 +01:00
Nasreddine Bencherchali	a3cee700af	fix: add missing "t" to mitre tag	2023-01-09 22:20:48 +01:00
Nasreddine Bencherchali	0f75a1d361	fix: remove mitre reference link	2023-01-09 22:19:57 +01:00
TheLawsOfChaos	8caf115e33	Update azure_firewall_modified_or_deleted.yml ... Added sub-tech reference, new tactic, and sub-tech.	2023-01-09 16:09:18 -05:00
TheLawsOfChaos	e97efe445c	Update azure_change_to_authentication_method.yml	2023-01-09 15:46:05 -05:00
TheLawsOfChaos	42875d2bba	Update azure_change_to_authentication_method.yml ... Updated description, added two tactics and one technique, and added technique reference.	2023-01-09 15:43:07 -05:00
TheLawsOfChaos	1c0c29f45f	Update azure_creating_number_of_resources_detection.yml ... Added tactic and MITRE reference for technique.	2023-01-09 15:35:00 -05:00
TheLawsOfChaos	57a23e0b41	Update azure_device_or_configuration_modified_or_deleted.yml ... Added technique and sub-tech, along with references.	2023-01-09 15:32:02 -05:00
TheLawsOfChaos	a7208e7f69	Update azure_dns_zone_modified_or_deleted.yml ... Added sub-tech and reference to the page. Didn't modify the date per earlier discussion.	2023-01-09 15:27:15 -05:00
Nasreddine Bencherchali	8956242b43	fix: rollback modified date	2023-01-09 21:14:42 +01:00
TheLawsOfChaos	8aac18a554	Update azure_application_deleted.yml ... Updated modified date.	2023-01-09 15:06:39 -05:00
TheLawsOfChaos	a992ed6372	Update azure_application_deleted.yml ... Added Tactic impact and t1489. https://attack.mitre.org/tactics/TA0040/ https://attack.mitre.org/techniques/T1489 Deleting an application absolutely is part of Impact, and Stop/Disable a service if that application was running it.	2023-01-09 14:58:16 -05:00
TheLawsOfChaos	ea26adb55a	Update azure_ad_only_single_factor_auth_required.yml ... .004 is for valid cloud accounts	2023-01-09 14:00:09 -05:00
frack113	7d5fb8db30	update logsource	2023-01-04 19:36:37 +01:00
frack113	756a248032	update logsource	2023-01-04 18:52:24 +01:00
frack113	7060db3d47	Promotion rules (#3821) ... * Promotion rules * fix missing null * fix: modified date Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>	2022-12-27 12:29:10 +01:00
frack113	646351808e	Refractor (#3794) ... Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>	2022-12-18 21:00:14 +01:00
BlueTeamOps	47b5272fcd	Create azure_ad_azurehound_discovery.yml (#3762) ... Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>	2022-12-08 20:21:02 +01:00
frack113	556dd8f400	Order yaml field	2022-10-25 07:34:10 +02:00
frack113	931fb30853	old experimental rule promotion	2022-10-09 16:54:04 +02:00
Nasreddine Bencherchali	88f10a5d39	Fix issues	2022-10-05 17:19:48 +02:00
Nasreddine Bencherchali	18e43cff02	Fix valid accounts tag	2022-10-05 17:18:01 +02:00