security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7,742 Commits 1 Branch 57 Tags
4bbe4962b01b5b2bffd02edf3659cd670dc9ddef
Commit Graph

398 Commits

Author SHA1 Message Date
Austin Songer e7c5827776 Update azure_service_principal_removed.yml 2021-09-03 22:43:11 -05:00
Austin Songer 0612ea7f6e Update azure_device_no_longer_managed_or_compliant.yml 2021-09-03 22:42:26 -05:00
Austin Songer c420a17e05 Update azure_service_principal_removed.yml 2021-09-03 22:29:21 -05:00
Austin Songer fda1e3362e Update azure_owner_removed_from_application_or_service_principal.yml 2021-09-03 22:29:12 -05:00
Austin Songer 9d26116d27 Update azure_device_no_longer_managed_or_compliant.yml 2021-09-03 22:29:02 -05:00
Austin Songer 8fe7bfc452 Update azure_application_deleted.yml 2021-09-03 22:28:53 -05:00
Austin Songer c021ae9e7c Update and rename azure_device_or_configuration_deleted.yml to azure_device_or_configuration_modified_or_deleted.yml 2021-09-03 22:28:35 -05:00
Austin Songer 6744fb7f2e Create azure_application_deleted.yml 2021-09-03 22:25:34 -05:00
Austin Songer 70ac0104cf Create azure_service_principal_removed.yml 2021-09-03 22:25:01 -05:00
Austin Songer 6e15618c75 Create azure_device_or_configuration_deleted.yml 2021-09-03 22:24:32 -05:00
Austin Songer b478132769 Create azure_owner_removed_from_application_or_service_principal.yml 2021-09-03 22:23:59 -05:00
Austin Songer c0bdc3fb1b Create azure_device_no_longer_managed_or_compliant.yml 2021-09-03 22:23:21 -05:00
frack113 89562273cc Merge pull request #1984 from austinsonger/azure_app_credential_modification.yml 
azure_app_credential_modification.yml
 2021-09-03 08:17:55 +02:00
frack113 88389f945d Merge pull request #1983 from austinsonger/azure_service_principal_created.yml 
azure_service_principal_created.yml
 2021-09-03 08:14:47 +02:00
frack113 d40cdec062 Merge pull request #1982 from austinsonger/azure_network_firewall_policy_modified_or_deleted.yml 
azure_network_firewall_policy_modified_or_deleted.yml
 2021-09-03 08:13:30 +02:00
frack113 bd1b4c0d70 Merge pull request #1978 from rachelrice/update_aws_login 
Update AWS Update Login Profile rule
 2021-09-03 08:12:28 +02:00
Austin Songer 775c0e8e7f Update azure_app_credential_modification.yml 2021-09-02 21:00:21 -05:00
Austin Songer 643ec0abe3 Update azure_service_principal_created.yml 2021-09-02 21:00:02 -05:00
Austin Songer 10af7bbdb1 Create azure_app_credential_modification.yml 2021-09-02 20:53:32 -05:00
Austin Songer d25fd420d6 Create azure_service_principal_created.yml 2021-09-02 20:48:35 -05:00
Austin Songer 1272c76ae7 Create azure_network_firewall_policy_modified_or_deleted.yml 2021-09-02 20:31:27 -05:00
Rachel Rice 78d3fa4795 Update AWS STS AssumeRole Misuse rule 
Update selection criteria for AWS STS AssumeRole Misuse rule for any event by an AssumedRole userIdentity.
Closes SigmaHQ/sigma#1963.
 2021-09-02 17:40:35 +01:00
Rachel Rice 7ccb773b20 Update AWS Update Login Profile rule 
Update selection criteria for AWS Update Login Profile rule to check for mismatch between userIdentity.arn and requestParameters.userName.
Closes SigmaHQ/sigma#1966.
 2021-09-02 17:37:41 +01:00
frack113 772fe06e10 fix Backend does not support map values of type <class 'bool'> (57) 2021-08-29 09:10:30 +02:00
frack113 0de795b0a2 Merge pull request #1936 from austinsonger/gworkspace_application_remove.yml 
add gworkspace_application_remove.yml
 2021-08-27 06:25:15 +02:00
frack113 00cceb7be8 Merge pull request #1935 from austinsonger/gworkspace_mfa_disabled.yml 
add gworkspace_mfa_disabled.yml
 2021-08-27 06:24:26 +02:00
Austin Songer 72485a5619 Update gworkspace_application_removed.yml 2021-08-26 21:16:21 -05:00
Austin Songer 62cefcc028 Rename gworkspace_application_remove.dyml to gworkspace_application_removed.yml 2021-08-26 21:15:56 -05:00
Austin Songer bc246ff59d Rename gworkspace_application_remove.yml to gworkspace_application_remove.dyml 2021-08-26 20:58:22 -05:00
Austin Songer 55f5ff3d89 Application Removed 2021-08-26 20:55:07 -05:00
Austin Songer 1fffb7a3f5 Gworkspace MFA disabled. 2021-08-26 20:28:35 -05:00
Roberto Rodriguez f98970ef06 adding basic rules to detect behavior around AAD health agents and AAD Hybrid Health AD FS services in Azure 2021-08-26 16:10:42 -04:00
frack113 1d725e8519 add gworkspace_user_granted_admin_privileges.yml 2021-08-25 08:15:18 +02:00
frack113 7028aba3bd Merge pull request #1919 from austinsonger/gworkspace-rules 
Role-Based Rules
 2021-08-24 21:46:15 +02:00
frack113 09a00232fb update references 2021-08-24 21:14:59 +02:00
frack113 a5f858b63c update references 2021-08-24 21:13:49 +02:00
Austin Songer ab8cc52dc6 Role-Based Rules 2021-08-24 10:53:59 -05:00
Austin Songer 62f2affd03 Spelling fix 2021-08-24 14:15:50 +00:00
frack113 ade7295cab Merge pull request #1911 from austinsonger/gworkspace_granted_domain_api_access.yml 
gworkspace_granted_domain_api_access.yml
 2021-08-24 08:01:34 +02:00
frack113 d8befe3a13 Update References 2021-08-24 07:34:33 +02:00
frack113 07dc04b1db Merge pull request #1910 from austinsonger/gworkspace_user_assigned_admin_role.yml 
gworkspace_user_assigned_admin_role.yml
 2021-08-24 07:22:25 +02:00
Austin Songer facd58bd0a Delete gworkspace_user_granted_admin_privileges.yml 2021-08-23 21:19:51 -05:00
Austin Songer 3cd43bfd9b Create gworkspace_granted_domain_api_access.yml 2021-08-23 21:19:44 -05:00
Austin Songer aa7a8a3e71 Update gworkspace_user_granted_admin_privileges.yml 2021-08-23 19:58:20 -05:00
Austin Songer 0fe2b3f569 Update and rename gworkspace_user_assigned_admin_role.yml to gworkspace_user_granted_admin_privileges.yml 2021-08-23 19:52:32 -05:00
Austin Songer ede0332f22 Delete microsoft365_suspicious_inbox_manipulation_rules.yml 2021-08-23 19:40:20 -05:00
Austin Songer 3dd201d36f Rename workspace_user_assigned_admin_role.yml to gworkspace_user_assigned_admin_role.yml 2021-08-23 19:38:58 -05:00
Austin Songer 6b1f0b83f4 Create workspace_user_assigned_admin_role.yml 2021-08-23 19:38:47 -05:00
Austin Songer c0e58d3c27 Update 2021-08-23 23:00:58 +00:00
Austin Songer 29e1ce7e8f Update 2021-08-23 22:50:39 +00:00