c43b958ac1
Merge pull request #3168 from mepples21/miepping-dev
...
Added device registration w/o MFA sigma rule
2022-07-04 13:29:58 +02:00
fa4af14545
Merge pull request #3174 from mepples21/miepping-dev6
...
Create azure_ad_users_added_to_device_admin_roles.yml
2022-07-04 13:28:57 +02:00
f5668cd223
fix id
2022-07-01 21:04:56 +02:00
8109af3ea3
Merge pull request #3170 from mepples21/miepping-dev3
...
Create azure_ad_device_registration_policy_changes.yml
2022-07-01 15:49:02 +02:00
d12293d3c1
Update azure_ad_device_registration_or_join_without_mfa.yml
2022-07-01 14:25:20 +02:00
d4c9e5640f
Update azure_ad_sign_ins_from_noncompliant_devices.yml
2022-07-01 14:24:38 +02:00
fa1eb1669c
Update azure_ad_users_added_to_device_admin_roles.yml
2022-07-01 14:18:26 +02:00
a2c10bcade
Update azure_ad_device_registration_policy_changes.yml
2022-07-01 14:17:21 +02:00
e516fd74cb
Merge pull request #3172 from mepples21/miepping-dev5
...
Create azure_ad_bitlocker_key_retrieval.yml
2022-06-29 19:40:36 +02:00
218e7f1491
Update azure_ad_device_registration_policy_changes.yml
2022-06-29 19:39:34 +02:00
c90b8fa7f3
Update azure_ad_users_added_to_device_admin_roles.yml
2022-06-29 19:38:37 +02:00
4fee43361c
Merge pull request #3171 from mepples21/miepping-dev4
...
Create azure_ad_sign_ins_from_unknown_devices.yml
2022-06-29 19:37:13 +02:00
ef47e7c8f2
Update azure_ad_bitlocker_key_retrieval.yml
2022-06-29 06:34:11 +02:00
0315f31cb0
Update azure_ad_sign_ins_from_unknown_devices.yml
2022-06-29 06:33:24 +02:00
c9e42d3dd2
Create azure_ad_users_added_to_device_admin_roles.yml
2022-06-28 15:01:10 -07:00
7aadcff92c
Create azure_ad_bitlocker_key_retrieval.yml
2022-06-28 14:23:36 -07:00
e446a23818
Create azure_ad_sign_ins_from_unknown_devices.yml
2022-06-28 14:12:30 -07:00
7c446f0d37
Create azure_ad_device_registration_policy_changes.yml
...
Rule from Azure AD SecOps guide
2022-06-28 13:11:45 -07:00
495a4fb1f0
Create azure_ad_device_registration_policy_changes.ym;
2022-06-28 13:10:38 -07:00
024514886f
Update azure_ad_sign_ins_from_noncompliant_devices.yml
2022-06-28 11:55:54 -07:00
749dd21a7b
Create azure_ad_sign_ins_from_noncompliant_devices.yml
2022-06-28 11:55:41 -07:00
ff178408c8
Added device registration w/o MFA sigma rule
2022-06-28 11:12:12 -07:00
272c29caea
Merge pull request #3138 from Yochana-H/Yochana-H
...
create azure_blocked_account_attempt.yml
2022-06-19 08:36:30 +02:00
37ed5f4bc5
Update azure_blocked_account_attempt.yml
2022-06-18 18:22:43 +02:00
e3ea9f7b42
Update azure_blocked_account_attempt.yml
2022-06-17 20:43:07 +02:00
d659088d4b
Merge branch 'Yochana-H' of https://github.com/Yochana-H/sigma into Yochana-H
2022-06-17 15:44:51 +01:00
6dc3c1d4dd
Create azure_blocked_account_attempt.yml
2022-06-17 15:44:40 +01:00
63400139bd
Merge pull request #3110 from FlorianBracq/patch-1
...
Updating azure federation modified rule
2022-06-08 22:19:17 +02:00
f5211710d6
Update modification date
2022-06-08 18:54:03 +02:00
d29eb1e48c
Change to all selection elements rather than a filter and a selection
2022-06-08 09:13:48 -07:00
9647183716
Updating azure federation modified
...
* Set logsource service to auditlogs instead of signinlogs
* Add reference to Microsoft documentation
* Set field name in selection to ActivityDisplayName instead of properties.message
2022-06-08 17:17:26 +02:00
04bcbcdb44
Minor change, filter param should not be a list
2022-06-08 06:58:19 -07:00
61df0b9218
Update with suggested changes
2022-06-08 06:47:30 -07:00
09e31d2045
update with command field
2022-06-07 10:45:05 -07:00
8a59eb594e
Add rule for ECS backdoors
2022-06-07 10:36:31 -07:00
db58345bc6
Update selection_source for AWS ec2 startup script rule
...
The JSON payload for `ModifyInstanceAttribute` event currently looks like:
```
"requestParameters": {
"attribute": "userData",
...
},
```
Updating the selection_source from `requestParameters.userData: "*"` to `requestParameters.attribute: "userData"` accordingly.
Signed-off-by: Rachel Rice <rachel.rice@lacework.net >
2022-06-07 13:20:08 +01:00
e8c70a05d1
Create azure_app_owner_added.yml
...
Added checking for new application owner.
2022-06-02 13:37:00 -07:00
fd5eb53e1d
Create azure_app_appid_uri_changes.yml
...
Adding AppID URI changes check
2022-06-02 09:46:23 -07:00
55666836e6
Create azure_app_uri_modifications.yml
...
Adding Application URI changes
2022-06-02 06:44:35 -07:00
3412f29250
Update azure_app_device_code_authentication.yml
2022-06-02 13:58:37 +02:00
5be01c8bb4
Update azure_app_device_code_authentication.yml
2022-06-02 13:50:49 +02:00
2b599c07c6
Update and rename azure_app_device_code_authentication to azure_app_device_code_authentication.yml
2022-06-02 06:20:26 +02:00
e148de65bb
Merge branch 'SigmaHQ:master' into markmorow
2022-06-01 10:59:56 -07:00
e09221d9f7
Create azure_app_device_code_authentication
...
Adding Device Code flow authentication check
2022-06-01 10:59:03 -07:00
dec8b93296
Merge pull request #3075 from MarkMorow/markmorow
...
Markmorow
2022-06-01 19:06:27 +02:00
4114ceef65
Update azure_app_ropc_authentication.yml
...
Update Properities.message since it's one element.
2022-06-01 09:35:45 -07:00
375eeab4fa
Update azure_app_ropc_authentication.yml
2022-06-01 08:42:44 -07:00
fe64f81674
Create azure_app_ropc_authentication.yml
...
Adding ROPC Auth check
2022-06-01 08:41:43 -07:00
5fd61875dc
fix title case
2022-06-01 17:37:17 +02:00
6b0584ddd2
Update azure_conditional_access_failure.yml
2022-06-01 17:27:00 +02:00
frack113