security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,324 Commits 1 Branch 57 Tags
ccf6c8df38ef8ded5bbc679e73e4ead486b965f5
Commit Graph

494 Commits

Author SHA1 Message Date
Tran Trung Hieu 15c472ee19 Merge branch 'master' of https://github.com/hieuttmmo/sigma 2021-10-13 15:12:45 +04:00
Tran Trung Hieu 7c01710d9d Change the service to the form service: azure._a_name_ and add falsepositives field 2021-10-13 15:12:36 +04:00
hieuttmmo be314ae8bb Merge branch 'SigmaHQ:master' into master 2021-10-10 16:06:54 +04:00
Tran Trung Hieu 5fdaefc77d Azure Security Operations for Priveleged Accounts 2021-10-10 16:06:28 +04:00
frack113 d081d20a13 Merge pull request #2119 from austinsonger/privilege_escalation_pass_role_to_lambda_function.yml 
passed_role_to_glue_development_endpoint.yml and passed_role_to_lambda_function.yml
 2021-10-10 11:01:36 +02:00
Austin Songer 1987897a76 Update aws_pass_role_to_lambda_function.yml 2021-10-09 15:26:38 -05:00
Austin Songer de52890a62 Update passed_role_to_glue_development_endpoint.yml 2021-10-09 15:24:49 -05:00
frack113 d0561d361b Merge pull request #2123 from rachelrice/update_aws_rules 
Update AWS SAML and Lambda rules
 2021-10-05 19:49:54 +02:00
Rachel Rice d9e5da6c86 Use startswith for eventName selection 
Signed-off-by: Rachel Rice <rachel.rice@lacework.net>
 2021-10-05 17:52:52 +01:00
frack113 ba3356cdb0 Merge pull request #2120 from MetallicHack/master 
azure_ad_user_added_to_admin_role.yml
 2021-10-05 16:57:58 +02:00
Rachel Rice 4ae3ece314 Update AWS SAML and Lambda rules 
Use correct case for `AssumeRoleWithSAML` event name.
`UpdateFunctionConfiguration`, `UpdateFunctionConfiguration20150331` and `UpdateFunctionConfiguration20150331v2` are all valid event names for updating Lambda function configuration, added selection condition for any of these.
 2021-10-05 14:08:40 +01:00
MetallicHack 030fc2a03e change title and tags in order to match sigmarules 2021-10-05 09:40:25 +02:00
MetallicHack a4100e76b9 change title and tags in order to match sigmarules 2021-10-05 09:39:03 +02:00
frack113 ad9362e043 Update passed_role_to_glue_development_endpoint.yml 2021-10-05 07:41:41 +02:00
frack113 3b01425936 Update aws_pass_role_to_lambda_function.yml 2021-10-05 07:40:42 +02:00
MetallicHack fe439e1998 Rename azure_ad_user_added_to_sensitive_role.yml to azure_ad_user_added_to_admin_role.yml 2021-10-04 15:26:58 +02:00
MetallicHack 96f05f7f19 Update azure_ad_user_added_to_sensitive_role.yml 2021-10-04 15:25:55 +02:00
Austin Songer d694d6faa8 Create passed_role_to_glue_development_endpoint.yml 2021-10-03 23:03:39 -05:00
Austin Songer 60eccf711d Rename pass_role_to_lambda_function.yml to aws_pass_role_to_lambda_function.yml 2021-10-03 22:54:19 -05:00
Austin Songer 92b1ce4cf4 Create pass_role_to_lambda_function.yml 2021-10-03 22:54:01 -05:00
Austin Songer 0d07a78a2d Update aws_attached_malicious_lambda_layer.yml 2021-09-27 23:41:19 -05:00
MetallicHack d888ce67bc Create azure_ad_user_added_to_sensitive_role.yml 2021-09-25 21:57:10 +02:00
Austin Songer 8203a2d5f2 Update aws_attached_malicious_lambda_layer.yml 2021-09-23 08:40:26 -05:00
Austin Songer fdc45505e0 Create aws_attached_malicious_lambda_layer.yml 2021-09-23 08:38:02 -05:00
Austin Songer b9123422b8 Delete aws_attached_malicious_lambda_layer.yml 2021-09-23 08:37:34 -05:00
Austin Songer 9e9fd4c23d Create aws_attached_malicious_lambda_layer.yml 2021-09-23 08:37:20 -05:00
frack113 934e391159 fix filename 2021-09-23 14:51:59 +02:00
Florian Roth 3107ede1c4 Merge branch 'pr/2065' 2021-09-23 09:18:15 +02:00
frack113 605fa2dd80 update filename 2021-09-23 07:58:50 +02:00
frack113 cce90a669a Merge pull request #2067 from austinsonger/aws_suspicious_saml_activity.yml 
aws_suspicious_saml_activity.yml
 2021-09-23 06:34:18 +02:00
Austin Songer 6942b9c5e8 Update aws_suspicious_saml_activity.yml 2021-09-22 20:16:50 -05:00
Austin Songer d1337bbfbf Create aws_suspicious_saml_activity.yml 2021-09-22 20:15:36 -05:00
Austin Songer 097c6c3537 Update okta_user_account_locked_out.yml 2021-09-22 19:54:46 -05:00
Austin Songer 05d454d794 Update okta_unauthorized_access_to_app.yml 2021-09-22 19:54:39 -05:00
Austin Songer 26b99a44c0 Update okta_security_threat_detected.yml 2021-09-22 19:54:32 -05:00
Austin Songer f55b9ef024 Update okta_policy_rule_modified_or_deleted.yml 2021-09-22 19:54:23 -05:00
Austin Songer 100eb06e7a Update okta_policy_modified_or_deleted.yml 2021-09-22 19:54:15 -05:00
Austin Songer 9d910d823a Update okta_network_zone_deactivated_or_deleted.yml 2021-09-22 19:54:09 -05:00
Austin Songer ea73c692d7 Update okta_mfa_reset_or_deactivated.yml 2021-09-22 19:54:02 -05:00
Austin Songer f673eb413e Update okta_application_sign-on_policy_modified_or_deleted.yml 2021-09-22 19:53:56 -05:00
Austin Songer 1effd8b187 Update okta_application_modified_or_deleted.yml 2021-09-22 19:53:49 -05:00
Austin Songer ccd9f8d6dc Update okta_api_token_revoked.yml 2021-09-22 19:53:43 -05:00
Austin Songer 6401f9b4d9 Update okta_api_token_created.yml 2021-09-22 19:53:36 -05:00
Austin Songer ecb18ec149 Update okta_admin_role_assigned_to_user_or_group.yml 2021-09-22 19:53:28 -05:00
Austin Songer 74452347fb Update okta_user_account_locked_out.yml 2021-09-22 19:52:43 -05:00
Austin Songer 275ebf7884 Update okta_unauthorized_access_to_app.yml 2021-09-22 19:52:36 -05:00
Austin Songer 2ab5ba0a0c Update okta_security_threat_detected.yml 2021-09-22 19:52:29 -05:00
Austin Songer 1aec430291 Update okta_policy_rule_modified_or_deleted.yml 2021-09-22 19:52:23 -05:00
Austin Songer cead26637b Update okta_policy_modified_or_deleted.yml 2021-09-22 19:52:17 -05:00
Austin Songer e1eb8c6222 Update okta_network_zone_deactivated_or_deleted.yml 2021-09-22 19:52:10 -05:00