security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,934 Commits 1 Branch 57 Tags
95313aa2f434ebc8d85dab1bee3382dc1590da5f
Commit Graph

532 Commits

Author SHA1 Message Date
frack113 06d0fd02cc Merge pull request #2310 from austinsonger/kubernetes_cronjobs 
Updating azure_kubernetes_cronjob.yml
 2021-11-26 06:51:48 +01:00
frack113 a507848834 Update azure_kubernetes_cronjob.yml 2021-11-25 10:21:39 +01:00
frack113 34626e41de Update gcp_kubernetes_admission_controller.yml 2021-11-25 09:11:09 +01:00
Austin Songer 0873483e25 Update gcp_kubernetes_admission_controller.yml 2021-11-25 00:14:52 -06:00
Austin Songer a4969fe5d8 Update azure_kubernetes_admission_controller.yml 2021-11-25 00:12:55 -06:00
Austin Songer 55190e32ca Update azure_kubernetes_cronjob.yml 2021-11-25 00:11:07 -06:00
Austin Songer 9a5f3b415e Update gcp_kubernetes_admission_controller.yml 2021-11-25 00:06:36 -06:00
Austin Songer f54b618cd4 Update gcp_kubernetes_admission_controller.yml 2021-11-25 00:05:54 -06:00
Austin Songer fd5ad4b940 Update azure_kubernetes_admission_controller.yml 2021-11-25 00:05:43 -06:00
Austin Songer 2d58a3c8f9 Update azure_kubernetes_admission_controller.yml 2021-11-25 00:00:28 -06:00
Austin Songer 47fb21fae6 Create azure_kubernetes_admission_controller.yml 2021-11-24 23:58:33 -06:00
Austin Songer 8d50ab9e5f Create gcp_kubernetes_admission_controller.yml 2021-11-24 23:53:57 -06:00
Austin Songer 70d1e6d0f3 Update azure_kubernetes_cronjob.yml 2021-11-22 22:45:35 -06:00
Austin Songer 253ec56d1c Create azure_kubernetes_cronjob.yml 2021-11-22 22:40:06 -06:00
Austin Songer 5c118eef46 Create gcp_kubernetes_cronjob.yml 2021-11-22 22:39:39 -06:00
frack113 c7a2fe0ca4 Add onelogin product 2021-11-14 10:59:08 +01:00
frack113 6e4944e475 Add okta product 2021-11-14 10:58:26 +01:00
frack113 b4e7c350ee Add gworkspace product 2021-11-14 10:56:17 +01:00
frack113 7dfd6b1417 Add gcp product 2021-11-14 10:54:14 +01:00
frack113 1c99a93cd8 Add azure product 2021-11-14 10:50:16 +01:00
frack113 b293372913 Add product aws 2021-11-14 09:56:59 +01:00
frack113 3430943746 standardization 2021-11-09 07:27:25 +01:00
Stefan Grimminck 47502e6701 add MITRE technique mapping 2021-10-20 14:29:57 +02:00
frack113 cb98a63453 Merge pull request #2150 from austinsonger/gcp-cloudsql 
gcp_sql_database_modified_or_deleted.yml
 2021-10-16 06:24:46 +01:00
austinsonger 7fc1c50901 gcp_sql_database_modified_or_deleted.yml 2021-10-15 18:53:45 -05:00
frack113 2930c1624c Merge pull request #2142 from austinsonger/aws 
Aws
 2021-10-15 08:17:24 +01:00
Austin Songer 7ad0887704 Update passed_role_to_glue_development_endpoint.yml 2021-10-14 12:10:48 -05:00
Austin Songer 70b55f2c2d Update aws_lambda_function_created_or_invoked.yml 2021-10-14 12:10:29 -05:00
frack113 87f2326402 Merge pull request #2133 from hieuttmmo/master 
Sigma Rules for Privileged Accounts Activities Monitoring in Azure
 2021-10-14 16:53:53 +01:00
Austin Songer 40879252a8 Update aws_lambda_function_created_or_invoked.yml 2021-10-13 16:25:28 -05:00
Austin Songer f7dba3fbff Update passed_role_to_glue_development_endpoint.yml 2021-10-13 12:34:16 -05:00
Austin Songer 503a4bc72b Update and rename aws_pass_role_to_lambda_function.yml to aws_lambda_function_created_or_invoked.yml 2021-10-13 12:27:24 -05:00
Austin Songer 756d5b5aa6 Update onelogin_user_account_locked.yml 2021-10-13 07:02:01 -05:00
Austin Songer e08f6333b8 Update aws_pass_role_to_lambda_function.yml 2021-10-13 06:59:13 -05:00
Austin Songer 010b0e2868 Update passed_role_to_glue_development_endpoint.yml 2021-10-13 06:58:57 -05:00
Tran Trung Hieu 15c472ee19 Merge branch 'master' of https://github.com/hieuttmmo/sigma 2021-10-13 15:12:45 +04:00
Tran Trung Hieu 7c01710d9d Change the service to the form service: azure._a_name_ and add falsepositives field 2021-10-13 15:12:36 +04:00
Austin Songer 9faca2f3dc Update onelogin_assumed_another_user.yml 2021-10-11 22:54:05 -05:00
Austin Songer 0978ca92d8 Update onelogin_assumed_another_user.yml 2021-10-11 21:18:31 -05:00
austinsonger 0bf9f1cfd6 Onelogin Rules 2021-10-11 21:03:48 -05:00
hieuttmmo be314ae8bb Merge branch 'SigmaHQ:master' into master 2021-10-10 16:06:54 +04:00
Tran Trung Hieu 5fdaefc77d Azure Security Operations for Priveleged Accounts 2021-10-10 16:06:28 +04:00
frack113 d081d20a13 Merge pull request #2119 from austinsonger/privilege_escalation_pass_role_to_lambda_function.yml 
passed_role_to_glue_development_endpoint.yml and passed_role_to_lambda_function.yml
 2021-10-10 11:01:36 +02:00
Austin Songer 1987897a76 Update aws_pass_role_to_lambda_function.yml 2021-10-09 15:26:38 -05:00
Austin Songer de52890a62 Update passed_role_to_glue_development_endpoint.yml 2021-10-09 15:24:49 -05:00
frack113 d0561d361b Merge pull request #2123 from rachelrice/update_aws_rules 
Update AWS SAML and Lambda rules
 2021-10-05 19:49:54 +02:00
Rachel Rice d9e5da6c86 Use startswith for eventName selection 
Signed-off-by: Rachel Rice <rachel.rice@lacework.net>
 2021-10-05 17:52:52 +01:00
frack113 ba3356cdb0 Merge pull request #2120 from MetallicHack/master 
azure_ad_user_added_to_admin_role.yml
 2021-10-05 16:57:58 +02:00
Rachel Rice 4ae3ece314 Update AWS SAML and Lambda rules 
Use correct case for `AssumeRoleWithSAML` event name.
`UpdateFunctionConfiguration`, `UpdateFunctionConfiguration20150331` and `UpdateFunctionConfiguration20150331v2` are all valid event names for updating Lambda function configuration, added selection condition for any of these.
 2021-10-05 14:08:40 +01:00
MetallicHack 030fc2a03e change title and tags in order to match sigmarules 2021-10-05 09:40:25 +02:00