security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
15,807 Commits 1 Branch 57 Tags
291ca18d22f720f2ebcd30cf468f4434cecccdaa
Commit Graph

818 Commits

Author SHA1 Message Date
gleeiamglo 832c15a4c9 Merge pull request #4384 from @gleeiamglo 
new: Anonymous IP Address

---------

Co-authored-by: gllee <gllee@microsoft.com>
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2023-08-23 14:45:56 +02:00
frack113 450b619c13 Change field name in detection 2023-08-10 06:21:38 +02:00
Nasreddine Bencherchali 67d0d2afff chore: change service name to lowercase 2023-08-08 15:41:08 +02:00
frack113 a66b38d3df Fix to pass the tests 2023-08-08 06:47:08 +02:00
Mark Morowczynski fa780ec7b9 Update azure_identity_protectection_anomalous_token.yml 
Deleting extra space
 2023-08-07 18:36:25 -07:00
Mark Morowczynski ef2d8b4c99 Create azure_identity_protectection_anomalous_token.yml 
Adding the first of several identity protection alerts
 2023-08-07 18:33:35 -07:00
Nasreddine Bencherchali 2c3d19f335 Merge pull request #4293 from danielbohannon/patch-1 2023-07-17 12:19:05 +02:00
Nasreddine Bencherchali e59f9d6f61 chore: add missing quotes 2023-06-23 10:17:09 +02:00
Nasreddine Bencherchali 1562630a17 chore: update structure 2023-06-23 10:16:53 +02:00
Nasreddine Bencherchali fac3e34f92 fix: broken selection 2023-06-23 10:12:23 +02:00
Nasreddine Bencherchali 135855e9a7 chore: update structure 2023-06-23 10:10:13 +02:00
Daniel Bohannon 7dbfa195bd Permiso p0-LUCR-1 (aka GUI-vil) 
Adding Sigma rules outlined in the following blog post associated with named cloud-focused threat actor p0-LUCR-1 (aka GUI-vil): https://permiso.io/blog/s/unmasking-guivil-new-cloud-threat-actor
 2023-06-06 17:18:06 -04:00
Daniel Bohannon 0348c1adbb Permiso p0-LUCR-1 (aka GUI-vil) 
Adding Sigma rules outlined in the following blog post associated with named cloud-focused threat actor p0-LUCR-1 (aka GUI-vil): https://permiso.io/blog/s/unmasking-guivil-new-cloud-threat-actor
 2023-06-06 17:08:14 -04:00
Austin Songer b72e7fc6eb Update rules/cloud/okta/okta_fastpass_phishing_detection.yml 
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-05-10 01:18:00 -05:00
Austin Songer 3e9cfc3e7c Update okta_fastpass_phishing_detection.yml 2023-05-08 11:26:21 -05:00
Austin Songer 8dc803df95 Update okta_fastpass_phishing_detection.yml 2023-05-08 10:35:19 -05:00
Austin Songer df04652768 Update okta_fastpass_phishing_detection.yml 2023-05-07 20:16:54 -05:00
Austin Songer 616bf2a819 Update okta_fastpass_phishing_detection.yml 2023-05-07 20:06:23 -05:00
Austin Songer ce62346e4f Create okta_fastpass_phishing_detection.yml 2023-05-07 19:43:39 -05:00
Nasreddine Bencherchali 7ce4a9b7ec fix: add missing modified 2023-04-28 11:12:30 +02:00
muratogul 961aebb8ef corrected eventSource on aws_enum_buckets.yml file 2023-04-27 22:53:34 -07:00
erickatwork 91bc015216 feat: update description ECS TASK DEF rule (#4181) 2023-04-25 11:00:24 +02:00
Nick Moore 463d9fff82 feat: new rule Potential Okta Password in AlternateID Field (#4158) 2023-04-05 13:21:03 +02:00
Nasreddine Bencherchali 3d9372bef3 feat: new rules, updates and fp fixes (#4136) 2023-04-03 12:06:14 +02:00
FormindGMO fad662ab15 #4149 Fix ALA Rules Compilation (parser and broken azure rules) (#4150) 2023-03-29 23:07:40 +02:00
phantinuss 98ab4bcd6a fix: wording 2023-03-21 08:58:22 +01:00
Nasreddine Bencherchali b253e8cafc fix: apply suggestions from code review 2023-03-20 22:02:38 +01:00
phantinuss d6b91a9abf fix: file extension (3) 2023-03-20 09:54:28 +01:00
phantinuss 23fc8e1d0c fix: file extension (2) 2023-03-20 09:40:23 +01:00
phantinuss f53e9676bb fix: missing file extention 2023-03-20 08:55:49 +01:00
cyb3rjy0t 14eea4ebcb azure_ad_suspicious_signin_bypassingMFA 2023-03-20 00:41:33 -04:00
Wagga 273fdb9985 fix: typos in multiple rules (#4011) 2023-02-06 13:53:23 +01:00
frack113 9e51af56ca Merge pull request #3974 from MarkMorow/master 
Update tags for MITRE ATT&CK
 2023-01-31 07:34:34 +01:00
Nasreddine Bencherchali 7b3a3ee254 fix: add missing space by the end 2023-01-30 10:26:13 +01:00
Nasreddine Bencherchali 6de8009c88 fix: update metadata and prefix test 2023-01-30 10:23:13 +01:00
Mark Morowczynski b24e6d197b Update tags for MITRE ATT&CK 
Update tags for MITRE ATT&CK
 2023-01-29 11:29:12 -08:00
z00t cd15e7beea Rename github_new_org_member_alert.yml to github_new_org_member.yml 
The rule name changed to match the updated rule title.
 2023-01-30 00:02:20 +05:00
z00t d8c18457a0 Update disabled_outdated_dependency_or_vulnerability.yml 
Removed invalid mitre ID T1089, and removed mitigation ID which was included in an error.
 2023-01-30 00:01:22 +05:00
z00t 493daf54f5 Update and rename github_high_risk_configuration_change.yml to disable_github_high_risk_configuration.yml 
The severity level changed to high from critical. The rule name matched the modified title.
 2023-01-29 23:59:53 +05:00
z00t 40d7ce83c7 Rename dependabot_alerts_disabled.yml to disabled_outdated_dependency_or_vulnerability.yml 
The rule name matched to the modified title.
 2023-01-29 23:57:17 +05:00
z00t 23e5faa382 Update rules/cloud/github/github_new_org_member_alert.yml 
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-01-29 23:05:28 +05:00
z00t 579ac60b7a Update rules/cloud/github/github_high_risk_configuration_change.yml 
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-01-29 23:04:30 +05:00
z00t 1959e7936e Update rules/cloud/github/dependabot_alerts_disabled.yml 
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-01-29 23:03:59 +05:00
z00t 60c3221fe1 selection item added. 2023-01-29 21:56:33 +05:00
z00t 6ef4ee26bb Description updated. 2023-01-29 20:45:19 +05:00
z00t 352b477d5b Merge branch 'SigmaHQ:master' into master 2023-01-29 20:40:37 +05:00
Mark Morowczynski 29ca26b32c Updating MITRE Tactics & Techniques 
Updating MITRE Tactics & Techniques to align with existing classifications
 2023-01-28 13:26:15 -08:00
z00t 17640ab9d6 Merge branch 'master' of https://github.com/faisalusuf/sigma 2023-01-28 01:04:05 +05:00
z00t 1fa926ee31 New rules added. 2023-01-28 01:01:30 +05:00
frack113 1033b3f404 change status to test 2023-01-27 06:48:34 +01:00