security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,511 Commits 1 Branch 57 Tags
e91fc4486e57fc40e30d12253694de4c80a9e4ea
Commit Graph

568 Commits

Author SHA1 Message Date
Florian Roth e91fc4486e refactor: first bigger log source refactoring 
see discussion here: https://github.com/SigmaHQ/sigma/discussions/2835
 2022-03-22 17:58:29 +01:00
Florian Roth e477264aa0 fix: azure log source fix 2022-03-21 11:20:07 +01:00
phantinuss 043747822f fix: more falsepositives harmonization 2022-03-16 14:57:06 +01:00
phantinuss 6ae28b7a1c fix: legitimate --> Legitimate 2022-03-16 14:35:19 +01:00
phantinuss b23eee6ebf fix: unknown --> Unknown 2022-03-16 13:43:54 +01:00
Florian Roth a2031b7898 fix: condition with 1 of them 2022-03-05 12:39:04 +01:00
frack113 5f99b405e8 Merge pull request #2664 from ionsor/patch-2 
Create microsoft365_new_federated_domain_added.yml
 2022-02-11 06:40:44 +01:00
frack113 3ea09e9ec6 Update azure_mfa_disabled.yml 2022-02-10 06:40:03 +01:00
frack113 69413c26bb Update microsoft365_new_federated_domain_added.yml 2022-02-10 06:39:02 +01:00
Feathers 7cb55b1704 Create microsoft365_new_federated_domain_added.yml 2022-02-08 10:31:47 +01:00
Feathers c4ed22aa8f Create azure_mfa_disabled.yml 2022-02-08 10:19:09 +01:00
frack113 4631d0c482 remove invalid tag 2022-01-19 18:23:30 +01:00
frack113 73f258e2d1 Change double quote to quote 2022-01-06 14:02:35 +01:00
phantinuss 07a0a37273 feat: discourage the usage of 'all of them' and migrate existing rules to use the preferred method 'all of selection*' 2021-12-02 14:47:39 +01:00
Florian Roth 330fcf485c Merge branch 'master' into promote_status 2021-11-27 17:15:56 +01:00
frack113 01dc930c17 Change status for old rules 2021-11-27 11:33:14 +01:00
frack113 c6caab9e1e Fix optional section name 2021-11-27 11:27:40 +01:00
frack113 efa099aec7 Merge pull request #2321 from austinsonger/Azure-Subscription-Permission-Elevation 
Azure subscription permission elevation
 2021-11-27 07:47:54 +01:00
frack113 7a5bf359a1 Merge pull request #2320 from austinsonger/azure_unusual_authentication_interruption.yml 
azure_unusual_authentication_interruption.yml
 2021-11-27 07:47:40 +01:00
Austin Songer 98084e857c Update azure_subscription_permissions_elevation_via_auditlogs.yml 2021-11-26 13:42:48 -06:00
Austin Songer 7e0634e43c Update azure_subscription_permissions_elevation_via_activitylogs.yml 2021-11-26 13:42:39 -06:00
Austin Songer 92f3705bd9 Update and rename activitylogs_azure_subscription_permissions_elevation.yml to azure_subscription_permissions_elevation_via_activitylogs.yml 2021-11-26 12:08:43 -06:00
Austin Songer 5508462029 Rename auditlogs_azure_subscription_permissions_elevation.yml to azure_subscription_permissions_elevation_via_auditlogs.yml 2021-11-26 12:08:13 -06:00
Austin Songer 8e78578892 Update activitylogs_azure_subscription_permissions_elevation.yml 2021-11-26 12:07:21 -06:00
Austin Songer 05c6e3dd12 Update azure_unusual_authentication_interruption.yml 2021-11-26 12:05:36 -06:00
Austin Songer d78bbb9333 Update activitylogs_azure_subscription_permissions_elevation.yml 2021-11-26 11:42:32 -06:00
Austin Songer 0a18b42445 Update azure_unusual_authentication_interruption.yml 2021-11-26 11:41:33 -06:00
Austin Songer 5e42b73a92 activitylogs_azure_subscription_permissions_elevation.yml 2021-11-26 11:33:37 -06:00
Austin Songer 26ae440bd0 auditlogs_azure_subscription_permissions_elevation.yml 2021-11-26 11:32:57 -06:00
Austin Songer b260f25cc0 Create azure_unusual_authentication_interruption.yml 2021-11-26 11:07:53 -06:00
Austin Songer 2f42753b6c Update gcp_kubernetes_admission_controller.yml 2021-11-26 10:35:04 -06:00
Austin Songer d6f1edf5ab Update azure_kubernetes_admission_controller.yml 2021-11-26 10:34:50 -06:00
Austin Songer caf14e3fa0 Update azure_kubernetes_admission_controller.yml 2021-11-26 10:32:23 -06:00
Austin Songer 2c271f5be8 Update gcp_kubernetes_admission_controller.yml 2021-11-26 10:32:11 -06:00
Austin Songer 64179e3512 Update azure_kubernetes_admission_controller.yml 2021-11-26 10:31:36 -06:00
Austin Songer 60743f75da Update gcp_kubernetes_admission_controller.yml 2021-11-26 10:31:33 -06:00
frack113 06d0fd02cc Merge pull request #2310 from austinsonger/kubernetes_cronjobs 
Updating azure_kubernetes_cronjob.yml
 2021-11-26 06:51:48 +01:00
frack113 a507848834 Update azure_kubernetes_cronjob.yml 2021-11-25 10:21:39 +01:00
frack113 34626e41de Update gcp_kubernetes_admission_controller.yml 2021-11-25 09:11:09 +01:00
Austin Songer 0873483e25 Update gcp_kubernetes_admission_controller.yml 2021-11-25 00:14:52 -06:00
Austin Songer a4969fe5d8 Update azure_kubernetes_admission_controller.yml 2021-11-25 00:12:55 -06:00
Austin Songer 55190e32ca Update azure_kubernetes_cronjob.yml 2021-11-25 00:11:07 -06:00
Austin Songer 9a5f3b415e Update gcp_kubernetes_admission_controller.yml 2021-11-25 00:06:36 -06:00
Austin Songer f54b618cd4 Update gcp_kubernetes_admission_controller.yml 2021-11-25 00:05:54 -06:00
Austin Songer fd5ad4b940 Update azure_kubernetes_admission_controller.yml 2021-11-25 00:05:43 -06:00
Austin Songer 2d58a3c8f9 Update azure_kubernetes_admission_controller.yml 2021-11-25 00:00:28 -06:00
Austin Songer 47fb21fae6 Create azure_kubernetes_admission_controller.yml 2021-11-24 23:58:33 -06:00
Austin Songer 8d50ab9e5f Create gcp_kubernetes_admission_controller.yml 2021-11-24 23:53:57 -06:00
Austin Songer 70d1e6d0f3 Update azure_kubernetes_cronjob.yml 2021-11-22 22:45:35 -06:00
Austin Songer 253ec56d1c Create azure_kubernetes_cronjob.yml 2021-11-22 22:40:06 -06:00