security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,295 Commits 1 Branch 57 Tags
930d2d4223667564ecfcf1f91b0b3fe7ee8809d1
Commit Graph

482 Commits

Author SHA1 Message Date
frack113 d0561d361b Merge pull request #2123 from rachelrice/update_aws_rules 
Update AWS SAML and Lambda rules
 2021-10-05 19:49:54 +02:00
Rachel Rice d9e5da6c86 Use startswith for eventName selection 
Signed-off-by: Rachel Rice <rachel.rice@lacework.net>
 2021-10-05 17:52:52 +01:00
frack113 ba3356cdb0 Merge pull request #2120 from MetallicHack/master 
azure_ad_user_added_to_admin_role.yml
 2021-10-05 16:57:58 +02:00
Rachel Rice 4ae3ece314 Update AWS SAML and Lambda rules 
Use correct case for `AssumeRoleWithSAML` event name.
`UpdateFunctionConfiguration`, `UpdateFunctionConfiguration20150331` and `UpdateFunctionConfiguration20150331v2` are all valid event names for updating Lambda function configuration, added selection condition for any of these.
 2021-10-05 14:08:40 +01:00
MetallicHack 030fc2a03e change title and tags in order to match sigmarules 2021-10-05 09:40:25 +02:00
MetallicHack a4100e76b9 change title and tags in order to match sigmarules 2021-10-05 09:39:03 +02:00
MetallicHack fe439e1998 Rename azure_ad_user_added_to_sensitive_role.yml to azure_ad_user_added_to_admin_role.yml 2021-10-04 15:26:58 +02:00
MetallicHack 96f05f7f19 Update azure_ad_user_added_to_sensitive_role.yml 2021-10-04 15:25:55 +02:00
Austin Songer 0d07a78a2d Update aws_attached_malicious_lambda_layer.yml 2021-09-27 23:41:19 -05:00
MetallicHack d888ce67bc Create azure_ad_user_added_to_sensitive_role.yml 2021-09-25 21:57:10 +02:00
Austin Songer 8203a2d5f2 Update aws_attached_malicious_lambda_layer.yml 2021-09-23 08:40:26 -05:00
Austin Songer fdc45505e0 Create aws_attached_malicious_lambda_layer.yml 2021-09-23 08:38:02 -05:00
Austin Songer b9123422b8 Delete aws_attached_malicious_lambda_layer.yml 2021-09-23 08:37:34 -05:00
Austin Songer 9e9fd4c23d Create aws_attached_malicious_lambda_layer.yml 2021-09-23 08:37:20 -05:00
frack113 934e391159 fix filename 2021-09-23 14:51:59 +02:00
Florian Roth 3107ede1c4 Merge branch 'pr/2065' 2021-09-23 09:18:15 +02:00
frack113 605fa2dd80 update filename 2021-09-23 07:58:50 +02:00
frack113 cce90a669a Merge pull request #2067 from austinsonger/aws_suspicious_saml_activity.yml 
aws_suspicious_saml_activity.yml
 2021-09-23 06:34:18 +02:00
Austin Songer 6942b9c5e8 Update aws_suspicious_saml_activity.yml 2021-09-22 20:16:50 -05:00
Austin Songer d1337bbfbf Create aws_suspicious_saml_activity.yml 2021-09-22 20:15:36 -05:00
Austin Songer 097c6c3537 Update okta_user_account_locked_out.yml 2021-09-22 19:54:46 -05:00
Austin Songer 05d454d794 Update okta_unauthorized_access_to_app.yml 2021-09-22 19:54:39 -05:00
Austin Songer 26b99a44c0 Update okta_security_threat_detected.yml 2021-09-22 19:54:32 -05:00
Austin Songer f55b9ef024 Update okta_policy_rule_modified_or_deleted.yml 2021-09-22 19:54:23 -05:00
Austin Songer 100eb06e7a Update okta_policy_modified_or_deleted.yml 2021-09-22 19:54:15 -05:00
Austin Songer 9d910d823a Update okta_network_zone_deactivated_or_deleted.yml 2021-09-22 19:54:09 -05:00
Austin Songer ea73c692d7 Update okta_mfa_reset_or_deactivated.yml 2021-09-22 19:54:02 -05:00
Austin Songer f673eb413e Update okta_application_sign-on_policy_modified_or_deleted.yml 2021-09-22 19:53:56 -05:00
Austin Songer 1effd8b187 Update okta_application_modified_or_deleted.yml 2021-09-22 19:53:49 -05:00
Austin Songer ccd9f8d6dc Update okta_api_token_revoked.yml 2021-09-22 19:53:43 -05:00
Austin Songer 6401f9b4d9 Update okta_api_token_created.yml 2021-09-22 19:53:36 -05:00
Austin Songer ecb18ec149 Update okta_admin_role_assigned_to_user_or_group.yml 2021-09-22 19:53:28 -05:00
Austin Songer 74452347fb Update okta_user_account_locked_out.yml 2021-09-22 19:52:43 -05:00
Austin Songer 275ebf7884 Update okta_unauthorized_access_to_app.yml 2021-09-22 19:52:36 -05:00
Austin Songer 2ab5ba0a0c Update okta_security_threat_detected.yml 2021-09-22 19:52:29 -05:00
Austin Songer 1aec430291 Update okta_policy_rule_modified_or_deleted.yml 2021-09-22 19:52:23 -05:00
Austin Songer cead26637b Update okta_policy_modified_or_deleted.yml 2021-09-22 19:52:17 -05:00
Austin Songer e1eb8c6222 Update okta_network_zone_deactivated_or_deleted.yml 2021-09-22 19:52:10 -05:00
Austin Songer 38e09f061d Update okta_mfa_reset_or_deactivated.yml 2021-09-22 19:52:04 -05:00
Austin Songer 12f76cdf6b Update okta_application_sign-on_policy_modified_or_deleted.yml 2021-09-22 19:51:58 -05:00
Austin Songer 11732970fc Update okta_application_modified_or_deleted.yml 2021-09-22 19:51:51 -05:00
Austin Songer 8dfae4c785 Update okta_api_token_revoked.yml 2021-09-22 19:51:44 -05:00
Austin Songer 1a64dc03a1 Update okta_api_token_created.yml 2021-09-22 19:51:31 -05:00
Austin Songer f186235d8f Update okta_admin_role_assigned_to_user_or_group.yml 2021-09-22 19:51:25 -05:00
frack113 3c906b52a0 fix filename 2021-09-22 16:21:07 +02:00
frack113 34111b3aaf Merge pull request #2023 from austinsonger/okta 
Okta Rules
 2021-09-13 14:34:52 +02:00
Austin Songer 8e1f36ec39 Update okta_api_token_created.yml 2021-09-12 23:34:08 -05:00
frack113 e4d3d313c7 Update okta_policy_rule_modified_or_deleted.yml 2021-09-13 06:33:49 +02:00
frack113 18223a37cd Update okta_application_sign-on_policy_modified_or_deleted.yml 2021-09-13 06:26:01 +02:00
Austin Songer e1ef3857fb Update and rename okta_user_account_lockout.yml to okta_user_account_locked_out.yml 2021-09-12 20:49:44 -05:00