 frack113
|
278edffbbd
|
Merge pull request #1829 from SigmaHQ/frack113-patch-1
fix duplicate id
|
2021-08-12 06:19:18 +02:00 |
|
|
frack113
|
b144523ad2
|
fix duplicate id
|
2021-08-11 22:37:01 +02:00 |
|
|
frack113
|
4c2159455d
|
Merge pull request #1821 from austinsonger/gcp_kubernetes_role_access.yml
gcp_kubernetes_rolebinding.yml
|
2021-08-11 20:58:52 +02:00 |
|
|
frack113
|
b2a0d97b5e
|
Merge pull request #1822 from austinsonger/gcp_kubernetes_secrets_modified_or_deleted.yml
gcp_kubernetes_secrets_modified_or_deleted.yml
|
2021-08-11 20:58:07 +02:00 |
|
|
Austin Songer
|
22d672187c
|
Update gcp_kubernetes_secrets_modified_or_deleted.yml
|
2021-08-11 11:26:32 -05:00 |
|
|
Austin Songer
|
ae85bf2b28
|
Update gcp_kubernetes_rolebinding.yml
|
2021-08-11 11:26:14 -05:00 |
|
|
Austin Songer
|
9b9d3c28c7
|
Update gcp_kubernetes_secrets_modified_or_deleted.yml
|
2021-08-11 11:24:40 -05:00 |
|
|
Austin Songer
|
4aec212e08
|
Update gcp_kubernetes_rolebinding.yml
|
2021-08-11 11:24:15 -05:00 |
|
|
frack113
|
f4268d8054
|
Merge pull request #1707 from heyibrahimkhan/patch-6
Create ala-suricata.yml
|
2021-08-11 15:55:44 +02:00 |
|
|
Florian Roth
|
d9d1e2c578
|
Merge pull request #1823 from SigmaHQ/rule-devel
rule: ProxyLogon rule for MS Exchange
|
2021-08-11 09:43:41 +02:00 |
|
|
Thomas Patzke
|
3dea956812
|
Merge pull request #1789 from frack113/fix_issue_1771
add hash_normalise option for ElasticsearchWildcardHandlingMixin
|
2021-08-11 08:21:43 +02:00 |
|
|
frack113
|
63ead346e8
|
fix modified value
|
2021-08-10 19:09:34 +02:00 |
|
|
Florian Roth
|
73a4bd74dc
|
fix: FPs script exec from temp
|
2021-08-10 17:10:46 +02:00 |
|
|
frack113
|
3a3da5b376
|
Merge pull request #1826 from JonGalarneau/patch-1
Correcting regex in win_modif_of_services_for_via_commandline.yml
|
2021-08-10 16:23:29 +02:00 |
|
|
frack113
|
6d869feb43
|
update modified
|
2021-08-10 15:12:45 +02:00 |
|
|
Jon Galarneau
|
1544a351a3
|
Correcting regex in win_modif_of_services_for_via_commandline.yml
The ^ symbol designates the beginning of the string, but in this rule it is clearly intended to be the end of the string.
|
2021-08-10 08:29:39 -04:00 |
|
|
Florian Roth
|
17c6fc7038
|
rule: ProxyLogon rule for MS Exchange
|
2021-08-10 09:16:30 +02:00 |
|
|
Florian Roth
|
17fb418271
|
Merge pull request #1817 from SigmaHQ/rule-devel
rules: ProxyShell refactoring and new rule
|
2021-08-10 08:18:32 +02:00 |
|
|
frack113
|
89e3fb1d86
|
Merge pull request #1814 from austinsonger/azure_vpn_connection_modified_or_deleted.yml
azure_vpn_connection_modified_or_deleted.yml
|
2021-08-10 06:36:46 +02:00 |
|
|
frack113
|
711619e90e
|
remove 'or' as not need
|
2021-08-10 06:28:35 +02:00 |
|
|
frack113
|
a1917b4247
|
Merge pull request #1813 from austinsonger/azure_virtual_network_modified_or_deleted.yml
azure_virtual_network_modified_or_deleted.yml
|
2021-08-10 06:22:25 +02:00 |
|
|
frack113
|
f7d3f93907
|
Merge pull request #1807 from austinsonger/azure_network_security_modified_or_deleted.yml
azure_network_security_modified_or_deleted.yml
|
2021-08-10 06:21:45 +02:00 |
|
|
frack113
|
9bd60c45c6
|
Merge pull request #1806 from austinsonger/azure_network_p2s_vpn_modified_or_deleted.yml
azure_network_p2s_vpn_modified_or_deleted.yml
|
2021-08-10 06:21:19 +02:00 |
|
|
Austin Songer
|
a48fd2135e
|
Create gcp_kubernetes_secrets_modified_or_deleted.yml
|
2021-08-09 22:08:14 -05:00 |
|
|
Austin Songer
|
cc4b3d7d38
|
Delete gcp_kubernetes_secrets_modified_or_deleted.yml
|
2021-08-09 22:07:49 -05:00 |
|
|
Austin Songer
|
23d5ed9d23
|
Create gcp_kubernetes_secrets_modified_or_deleted.yml
|
2021-08-09 22:06:56 -05:00 |
|
|
Austin Songer
|
019bdaac90
|
Update gcp_kubernetes_rolebinding.yml
|
2021-08-09 22:05:46 -05:00 |
|
|
Austin Songer
|
4542ab9a14
|
Create gcp_kubernetes_rolebinding.yml
|
2021-08-09 22:01:16 -05:00 |
|
|
Austin Songer
|
fa54a38394
|
Update azure_virtual_network_modified_or_deleted.yml
|
2021-08-09 15:51:43 -05:00 |
|
|
Austin Songer
|
27441d7093
|
Update azure_network_p2s_vpn_modified_or_deleted.yml
|
2021-08-09 15:37:53 -05:00 |
|
|
Austin Songer
|
5b25f56964
|
Update azure_network_security_modified_or_deleted.yml
|
2021-08-09 15:36:30 -05:00 |
|
|
frack113
|
3a873f6e7a
|
Merge pull request #1811 from austinsonger/azure_firewall_modified_or_deleted.yml
azure_firewall_modified_or_deleted.yml
|
2021-08-09 22:24:41 +02:00 |
|
|
frack113
|
51eab7f366
|
Merge pull request #1810 from austinsonger/azure_firewall_rule_collection_modified_or_deleted.yml
azure_firewall_rule_collection_modified_or_deleted.yml
|
2021-08-09 22:23:06 +02:00 |
|
|
frack113
|
b4e6e0eab3
|
Merge pull request #1809 from austinsonger/azure_network_firewall_rule_modified_or_deleted.yml
azure_network_firewall_rule_modified_or_deleted.yml
|
2021-08-09 22:21:04 +02:00 |
|
|
frack113
|
3b4d782135
|
Merge pull request #1812 from austinsonger/azure_dns_zone_modified_or_deleted.yml
azure_dns_zone_modified_or_deleted.yml
|
2021-08-09 22:14:07 +02:00 |
|
|
frack113
|
ee777350ab
|
Merge pull request #1808 from austinsonger/azure_network_virtual_device_modified_or_deleted.yml
azure_network_virtual_device_modified_or_deleted.yml
|
2021-08-09 22:11:28 +02:00 |
|
|
Austin Songer
|
1f1aa7c31f
|
Update azure_dns_zone_modified_or_deleted.yml
|
2021-08-09 14:38:15 -05:00 |
|
|
Austin Songer
|
b9026f2dfe
|
Update azure_dns_zone_modified_or_deleted.yml
|
2021-08-09 14:36:50 -05:00 |
|
|
Austin Songer
|
27ce557562
|
Update azure_virtual_network_modified_or_deleted.yml
|
2021-08-09 14:35:45 -05:00 |
|
|
Austin Songer
|
70e2bb06a2
|
Update azure_vpn_connection_modified_or_deleted.yml
|
2021-08-09 14:35:27 -05:00 |
|
|
Austin Songer
|
c3efcbe292
|
Update azure_network_virtual_device_modified_or_deleted.yml
|
2021-08-09 14:30:57 -05:00 |
|
|
Florian Roth
|
dbf8aecd83
|
fix: typo in cmdlet name
|
2021-08-09 18:05:51 +02:00 |
|
|
Florian Roth
|
a9ad4eda4a
|
rules: ProxyShell refactoring and new rule
|
2021-08-09 17:57:34 +02:00 |
|
|
frack113
|
5df2706669
|
Merge pull request #1800 from austinsonger/azure_kubernetes_network_policy_change.yml
azure_kubernetes_network_policy_change.yml
|
2021-08-09 10:57:55 +02:00 |
|
|
frack113
|
5cf01c5a05
|
Merge pull request #1799 from austinsonger/azure_kubernetes_sensitive_role_access.yml
azure_kubernetes_role_access.yml
|
2021-08-09 10:29:27 +02:00 |
|
|
frack113
|
6b21a881ca
|
Merge pull request #1700 from heyibrahimkhan/patch-5
Create ala-azure-aws_cloudtrail.yml
|
2021-08-09 10:21:34 +02:00 |
|
|
frack113
|
30260e8bf7
|
formatting falsepositives
|
2021-08-09 10:07:26 +02:00 |
|
|
frack113
|
f63b4147ce
|
formatting falsepositives
|
2021-08-09 10:06:31 +02:00 |
|
|
frack113
|
68914879ee
|
Merge pull request #1798 from austinsonger/azure_kubernetes_cluster_created_or_deleted.yml
azure_kubernetes_cluster_created_or_deleted.yml
|
2021-08-09 10:04:55 +02:00 |
|
|
frack113
|
d662302065
|
formatting falsepositives
|
2021-08-09 09:26:04 +02:00 |
|