blue-team-tools

security-tools/blue-team-tools

Fork 0

Commit Graph

Author	SHA1	Message	Date
Nasreddine Bencherchali	598d29f811	Merge PR #4950 from @nasbench - Comply With v2 Spec Changes chore: change tags, date, modified fields to comply with v2 of the Sigma spec. chore: update the related type from `obsoletes` to `obsolete`. chore: update local json schema to the latest version.	2024-08-12 12:02:50 +02:00
Nick Moore	97034d23b6	Merge PR #4899 from @kelnage - Add Kubernetes rules in audit log format new: Kubernetes Admission Controller Modification new: Kubernetes CronJob/Job Modification new: Kubernetes Rolebinding Modification new: Kubernetes Secrets Modified or Deleted new: Kubernetes Unauthorized or Unauthenticated Access --------- Co-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>	2024-07-11 16:09:01 +02:00
Leo Tsaousis	0d63f52ff5	Merge PR #4694 from @LAripping - Add native Kubernetes detections new: Container With A hostPath Mount Created new: Creation Of Pod In System Namespace new: Deployment Deleted From Kubernetes Cluster new: Kubernetes Events Deleted new: Kubernetes Secrets Enumeration new: New Kubernetes Service Account Created new: Potential Remote Command Execution In Pod Container new: Potential Sidecar Injection Into Running Deployment new: Privileged Container Deployed new: RBAC Permission Enumeration Attempt --------- Co-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>	2024-03-26 18:26:46 +01:00

Author

SHA1

Message

Date

Nasreddine Bencherchali

598d29f811

Merge PR #4950 from @nasbench - Comply With v2 Spec Changes

chore: change tags, date, modified fields to comply with v2 of the Sigma spec.
chore: update the related type from `obsoletes` to `obsolete`.
chore: update local json schema to the latest version.

2024-08-12 12:02:50 +02:00

Nick Moore

97034d23b6

Merge PR #4899 from @kelnage - Add Kubernetes rules in audit log format

new: Kubernetes Admission Controller Modification
new: Kubernetes CronJob/Job Modification
new: Kubernetes Rolebinding Modification
new: Kubernetes Secrets Modified or Deleted
new: Kubernetes Unauthorized or Unauthenticated Access 

---------

Co-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>

2024-07-11 16:09:01 +02:00

Leo Tsaousis

0d63f52ff5

Merge PR #4694 from @LAripping - Add native Kubernetes detections

new: Container With A hostPath Mount Created
new: Creation Of Pod In System Namespace
new: Deployment Deleted From Kubernetes Cluster
new: Kubernetes Events Deleted
new: Kubernetes Secrets Enumeration
new: New Kubernetes Service Account Created
new: Potential Remote Command Execution In Pod Container
new: Potential Sidecar Injection Into Running Deployment
new: Privileged Container Deployed
new: RBAC Permission Enumeration Attempt 

---------

Co-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>

2024-03-26 18:26:46 +01:00

3 Commits