3eaaa050b7
Merge PR #5452 from @david-syk - Update the MITRE ATT&CK tags for multiple rules
...
chore: update the MITRE ATT&CK tags for multiple rules
2025-06-04 14:39:25 +02:00
ec827cccb6
Merge PR #5448 from @nasbench - Promote older rules status from experimental to test
...
Co-authored-by: nasbench <nasbench@users.noreply.github.com >
2025-06-02 13:29:48 +02:00
8734022722
Merge PR #5149 from @nasbench - Promote older rules status from experimental to test
...
chore: promote older rules status from experimental to test
Co-authored-by: nasbench <nasbench@users.noreply.github.com >
2025-01-06 15:36:19 +01:00
598d29f811
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
...
chore: change tags, date, modified fields to comply with v2 of the Sigma spec.
chore: update the related type from `obsoletes` to `obsolete`.
chore: update local json schema to the latest version.
2024-08-12 12:02:50 +02:00
e1803cbc8e
Merge PR #4931 from @romain-gaillard - Add additional GitHub audit detection rules
...
new: Github SSH Certificate Configuration Changed
new: Github Fork Private Repositories Setting Enabled/Cleared
new: Github Repository/Organization Transferred
---------
Co-authored-by: nasbench <8741929+nasbench@users.noreply.github.com >
2024-07-29 23:17:11 +02:00
29d06798b3
Merge PR #4922 from @romain-gaillard - Update Github High Risk Configuration Disabled
...
update: Github High Risk Configuration Disabled - Add `business_advanced_security.disabled`, `business_advanced_security.disabled_for_new_repos`, `business_advanced_security.disabled_for_new_user_namespace_repos`, `business_advanced_security.user_namespace_repos_disabled`, `org.advanced_security_disabled_for_new_repos`, `org.advanced_security_disabled_on_all_repos`
---------
Co-authored-by: nasbench <8741929+nasbench@users.noreply.github.com >
2024-07-22 10:43:48 +02:00
bcb5e6b218
Merge PR #4921 from @romain-gaillard - update Github Secret Scanning Feature Disabled
...
update: Github Secret Scanning Feature Disabled - Add `secret_scanning_new_repos.disable`
---------
Co-authored-by: nasbench <8741929+nasbench@users.noreply.github.com >
2024-07-22 10:42:22 +02:00
09ca073e2b
Merge PR #4749 from @faisalusuf - Add new rules for GitHub secret scanning and push protection features
...
new: Github Push Protection Bypass Detected
new: Github Push Protection Disabled
new: Github Secret Scanning Feature Disabled
---------
Co-authored-by: nasbench <8741929+nasbench@users.noreply.github.com >
2024-03-07 00:14:25 +01:00
8af1ab8cac
Merge PR #4738 from @nasbench - Small fixes and metadata updates
...
new: HackTool - CobaltStrike Malleable Profile Patterns - Proxy
remove: CobaltStrike Malformed UAs in Malleable Profiles
remove: CobaltStrike Malleable (OCSP) Profile
remove: CobaltStrike Malleable Amazon Browsing Traffic Profile
remove: CobaltStrike Malleable OneDrive Browsing Traffic Profile
remove: iOS Implant URL Pattern
update: Chafer Malware URL Pattern - Reduce level to high and move to ET folder
2024-02-26 22:01:53 +01:00
ae960f0881
Merge PR #4611 from @nasbench - Promote Older Rules Status From experimental To test
...
chore: promote older rules status from experimental to test
Co-authored-by: nasbench <nasbench@users.noreply.github.com >
2023-12-01 12:50:36 +01:00
95793d73bd
Merge PR #4482 From @nasbench - Add New Automation Workflows
...
chore: update workflows and add quality of life updates and automation to the repository
---------
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com >
2023-10-18 11:53:44 +02:00
273fdb9985
fix: typos in multiple rules ( #4011 )
2023-02-06 13:53:23 +01:00
7b3a3ee254
fix: add missing space by the end
2023-01-30 10:26:13 +01:00
6de8009c88
fix: update metadata and prefix test
2023-01-30 10:23:13 +01:00
cd15e7beea
Rename github_new_org_member_alert.yml to github_new_org_member.yml
...
The rule name changed to match the updated rule title.
2023-01-30 00:02:20 +05:00
d8c18457a0
Update disabled_outdated_dependency_or_vulnerability.yml
...
Removed invalid mitre ID T1089, and removed mitigation ID which was included in an error.
2023-01-30 00:01:22 +05:00
493daf54f5
Update and rename github_high_risk_configuration_change.yml to disable_github_high_risk_configuration.yml
...
The severity level changed to high from critical. The rule name matched the modified title.
2023-01-29 23:59:53 +05:00
40d7ce83c7
Rename dependabot_alerts_disabled.yml to disabled_outdated_dependency_or_vulnerability.yml
...
The rule name matched to the modified title.
2023-01-29 23:57:17 +05:00
23e5faa382
Update rules/cloud/github/github_new_org_member_alert.yml
...
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com >
2023-01-29 23:05:28 +05:00
579ac60b7a
Update rules/cloud/github/github_high_risk_configuration_change.yml
...
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com >
2023-01-29 23:04:30 +05:00
1959e7936e
Update rules/cloud/github/dependabot_alerts_disabled.yml
...
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com >
2023-01-29 23:03:59 +05:00
60c3221fe1
selection item added.
2023-01-29 21:56:33 +05:00
6ef4ee26bb
Description updated.
2023-01-29 20:45:19 +05:00
1fa926ee31
New rules added.
2023-01-28 01:01:30 +05:00
6d535e032f
Remove operation
2023-01-22 18:42:54 +01:00
2bd14e4953
Small update
...
- Change service to audit
- Add operation
2023-01-22 08:55:24 +01:00
7bce67f940
fix: file extension
2023-01-21 11:52:13 +01:00
9ef8565556
fix: filename
2023-01-21 11:41:44 +01:00
9cc61a6e60
Single quotes added to non-integer values.
2023-01-20 23:28:23 +05:00
44a7b78950
New Rule is created.
2023-01-20 23:09:56 +05:00
e27d79e21a
New detection rule.
2023-01-20 21:29:31 +05:00
cc511af55e
Create github_delete action_invoked.yaml
2023-01-20 18:14:14 +05:00
david-syk