security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,199 Commits 1 Branch 57 Tags
e10fa684bdd0254b5ba5102feae293b8564f4628
Commit Graph

115 Commits

Author SHA1 Message Date
frack113 5fd61875dc fix title case 2022-06-01 17:37:17 +02:00
frack113 6b0584ddd2 Update azure_conditional_access_failure.yml 2022-06-01 17:27:00 +02:00
Yochana-H 21da958f98 Delete azure_conditional_access_failure.txt 2022-06-01 12:58:34 +01:00
Yochana-H b912a8a7c2 Merge branch 'Yochana-H' of https://github.com/Yochana-H/sigma into Yochana-H 2022-06-01 12:04:28 +01:00
Yochana-H 8d8e74d44d Create azure_conditional_access_failure.txt 
Sign-In failures due to Conditional Access requirements not being met.
 2022-06-01 12:04:24 +01:00
Yochana-H eec0dfe821 Create azure_conditional_access_failure.txt 
Sign-In failures due to Conditional Access requirements not being met.
 2022-06-01 10:22:43 +01:00
frack113 95a0263799 Rename azure_aad_secops _signin_failure_bad_password_threshold.yml to azure_aad_secops_signin_failure_bad_password_threshold.yml 2022-05-31 20:43:32 +02:00
frack113 cafc12e334 Update azure_aad_secops _signin_failure_bad_password_threshold.yml 2022-05-31 20:36:37 +02:00
Corissa Lea Koopmans 9f115af449 Update azure_aad_secops _signin_failure_bad_password_threshold.yml 
updated title to remove capital letters and replaced a tag with the proper MITRE tactic check.
 2022-05-31 11:25:03 -05:00
Corissa Lea Koopmans b5a47ef967 Create azure_aad_secops _signin_failure_bad_password_threshold.yml 2022-05-30 05:35:52 -05:00
frack113 32e6a82cf2 Update azure_app_credential_added.yml 2022-05-27 06:56:07 +02:00
Mark Morowczynski 5229c05cab Update azure_app_credential_added.yml 
Changes based on Sigma template rules
 2022-05-26 12:36:38 -07:00
Mark Morowczynski 97efeada5f Update .gitignore 2022-05-26 09:39:00 -07:00
Mark Morowczynski 34d06708e5 Create azure_app_credential_added.yml 
App Credential Add rule
 2022-05-25 19:13:26 -07:00
phantinuss 112b715dd6 chore: test rules: reactivate single value list check 2022-05-10 17:13:04 +02:00
phantinuss 7cbfc7f16a fix: remove . from title 2022-04-06 17:04:10 +02:00
Florian Roth 15c6fad973 Merge pull request #2850 from hieuttmmo/master 
Rule to detect when any MFA Denied recorded by Azure SigninLogs
 2022-03-25 11:35:49 +01:00
Florian Roth 0b97d37faf Update azure_mfa_denies.yml 2022-03-24 21:26:13 +01:00
hieuttmmo 1fe45bd593 Merge branch 'SigmaHQ:master' into master 2022-03-24 16:53:41 +04:00
Tran Trung Hieu 713bc24750 Add new MFA Denied rule 2022-03-24 16:53:01 +04:00
Florian Roth 70acb06c16 fix: old azure notation 2022-03-22 18:15:33 +01:00
Florian Roth e91fc4486e refactor: first bigger log source refactoring 
see discussion here: https://github.com/SigmaHQ/sigma/discussions/2835
 2022-03-22 17:58:29 +01:00
Florian Roth e477264aa0 fix: azure log source fix 2022-03-21 11:20:07 +01:00
phantinuss 6ae28b7a1c fix: legitimate --> Legitimate 2022-03-16 14:35:19 +01:00
frack113 3ea09e9ec6 Update azure_mfa_disabled.yml 2022-02-10 06:40:03 +01:00
Feathers c4ed22aa8f Create azure_mfa_disabled.yml 2022-02-08 10:19:09 +01:00
frack113 73f258e2d1 Change double quote to quote 2022-01-06 14:02:35 +01:00
frack113 01dc930c17 Change status for old rules 2021-11-27 11:33:14 +01:00
frack113 efa099aec7 Merge pull request #2321 from austinsonger/Azure-Subscription-Permission-Elevation 
Azure subscription permission elevation
 2021-11-27 07:47:54 +01:00
frack113 7a5bf359a1 Merge pull request #2320 from austinsonger/azure_unusual_authentication_interruption.yml 
azure_unusual_authentication_interruption.yml
 2021-11-27 07:47:40 +01:00
Austin Songer 98084e857c Update azure_subscription_permissions_elevation_via_auditlogs.yml 2021-11-26 13:42:48 -06:00
Austin Songer 7e0634e43c Update azure_subscription_permissions_elevation_via_activitylogs.yml 2021-11-26 13:42:39 -06:00
Austin Songer 92f3705bd9 Update and rename activitylogs_azure_subscription_permissions_elevation.yml to azure_subscription_permissions_elevation_via_activitylogs.yml 2021-11-26 12:08:43 -06:00
Austin Songer 5508462029 Rename auditlogs_azure_subscription_permissions_elevation.yml to azure_subscription_permissions_elevation_via_auditlogs.yml 2021-11-26 12:08:13 -06:00
Austin Songer 8e78578892 Update activitylogs_azure_subscription_permissions_elevation.yml 2021-11-26 12:07:21 -06:00
Austin Songer 05c6e3dd12 Update azure_unusual_authentication_interruption.yml 2021-11-26 12:05:36 -06:00
Austin Songer d78bbb9333 Update activitylogs_azure_subscription_permissions_elevation.yml 2021-11-26 11:42:32 -06:00
Austin Songer 0a18b42445 Update azure_unusual_authentication_interruption.yml 2021-11-26 11:41:33 -06:00
Austin Songer 5e42b73a92 activitylogs_azure_subscription_permissions_elevation.yml 2021-11-26 11:33:37 -06:00
Austin Songer 26ae440bd0 auditlogs_azure_subscription_permissions_elevation.yml 2021-11-26 11:32:57 -06:00
Austin Songer b260f25cc0 Create azure_unusual_authentication_interruption.yml 2021-11-26 11:07:53 -06:00
Austin Songer d6f1edf5ab Update azure_kubernetes_admission_controller.yml 2021-11-26 10:34:50 -06:00
Austin Songer caf14e3fa0 Update azure_kubernetes_admission_controller.yml 2021-11-26 10:32:23 -06:00
Austin Songer 64179e3512 Update azure_kubernetes_admission_controller.yml 2021-11-26 10:31:36 -06:00
frack113 06d0fd02cc Merge pull request #2310 from austinsonger/kubernetes_cronjobs 
Updating azure_kubernetes_cronjob.yml
 2021-11-26 06:51:48 +01:00
frack113 a507848834 Update azure_kubernetes_cronjob.yml 2021-11-25 10:21:39 +01:00
Austin Songer a4969fe5d8 Update azure_kubernetes_admission_controller.yml 2021-11-25 00:12:55 -06:00
Austin Songer 55190e32ca Update azure_kubernetes_cronjob.yml 2021-11-25 00:11:07 -06:00
Austin Songer fd5ad4b940 Update azure_kubernetes_admission_controller.yml 2021-11-25 00:05:43 -06:00
Austin Songer 2d58a3c8f9 Update azure_kubernetes_admission_controller.yml 2021-11-25 00:00:28 -06:00