security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,511 Commits 1 Branch 57 Tags
e91fc4486e57fc40e30d12253694de4c80a9e4ea
Commit Graph

94 Commits

Author SHA1 Message Date
Florian Roth e91fc4486e refactor: first bigger log source refactoring 
see discussion here: https://github.com/SigmaHQ/sigma/discussions/2835
 2022-03-22 17:58:29 +01:00
Florian Roth e477264aa0 fix: azure log source fix 2022-03-21 11:20:07 +01:00
phantinuss 6ae28b7a1c fix: legitimate --> Legitimate 2022-03-16 14:35:19 +01:00
frack113 3ea09e9ec6 Update azure_mfa_disabled.yml 2022-02-10 06:40:03 +01:00
Feathers c4ed22aa8f Create azure_mfa_disabled.yml 2022-02-08 10:19:09 +01:00
frack113 73f258e2d1 Change double quote to quote 2022-01-06 14:02:35 +01:00
frack113 01dc930c17 Change status for old rules 2021-11-27 11:33:14 +01:00
frack113 efa099aec7 Merge pull request #2321 from austinsonger/Azure-Subscription-Permission-Elevation 
Azure subscription permission elevation
 2021-11-27 07:47:54 +01:00
frack113 7a5bf359a1 Merge pull request #2320 from austinsonger/azure_unusual_authentication_interruption.yml 
azure_unusual_authentication_interruption.yml
 2021-11-27 07:47:40 +01:00
Austin Songer 98084e857c Update azure_subscription_permissions_elevation_via_auditlogs.yml 2021-11-26 13:42:48 -06:00
Austin Songer 7e0634e43c Update azure_subscription_permissions_elevation_via_activitylogs.yml 2021-11-26 13:42:39 -06:00
Austin Songer 92f3705bd9 Update and rename activitylogs_azure_subscription_permissions_elevation.yml to azure_subscription_permissions_elevation_via_activitylogs.yml 2021-11-26 12:08:43 -06:00
Austin Songer 5508462029 Rename auditlogs_azure_subscription_permissions_elevation.yml to azure_subscription_permissions_elevation_via_auditlogs.yml 2021-11-26 12:08:13 -06:00
Austin Songer 8e78578892 Update activitylogs_azure_subscription_permissions_elevation.yml 2021-11-26 12:07:21 -06:00
Austin Songer 05c6e3dd12 Update azure_unusual_authentication_interruption.yml 2021-11-26 12:05:36 -06:00
Austin Songer d78bbb9333 Update activitylogs_azure_subscription_permissions_elevation.yml 2021-11-26 11:42:32 -06:00
Austin Songer 0a18b42445 Update azure_unusual_authentication_interruption.yml 2021-11-26 11:41:33 -06:00
Austin Songer 5e42b73a92 activitylogs_azure_subscription_permissions_elevation.yml 2021-11-26 11:33:37 -06:00
Austin Songer 26ae440bd0 auditlogs_azure_subscription_permissions_elevation.yml 2021-11-26 11:32:57 -06:00
Austin Songer b260f25cc0 Create azure_unusual_authentication_interruption.yml 2021-11-26 11:07:53 -06:00
Austin Songer d6f1edf5ab Update azure_kubernetes_admission_controller.yml 2021-11-26 10:34:50 -06:00
Austin Songer caf14e3fa0 Update azure_kubernetes_admission_controller.yml 2021-11-26 10:32:23 -06:00
Austin Songer 64179e3512 Update azure_kubernetes_admission_controller.yml 2021-11-26 10:31:36 -06:00
frack113 06d0fd02cc Merge pull request #2310 from austinsonger/kubernetes_cronjobs 
Updating azure_kubernetes_cronjob.yml
 2021-11-26 06:51:48 +01:00
frack113 a507848834 Update azure_kubernetes_cronjob.yml 2021-11-25 10:21:39 +01:00
Austin Songer a4969fe5d8 Update azure_kubernetes_admission_controller.yml 2021-11-25 00:12:55 -06:00
Austin Songer 55190e32ca Update azure_kubernetes_cronjob.yml 2021-11-25 00:11:07 -06:00
Austin Songer fd5ad4b940 Update azure_kubernetes_admission_controller.yml 2021-11-25 00:05:43 -06:00
Austin Songer 2d58a3c8f9 Update azure_kubernetes_admission_controller.yml 2021-11-25 00:00:28 -06:00
Austin Songer 47fb21fae6 Create azure_kubernetes_admission_controller.yml 2021-11-24 23:58:33 -06:00
Austin Songer 70d1e6d0f3 Update azure_kubernetes_cronjob.yml 2021-11-22 22:45:35 -06:00
Austin Songer 253ec56d1c Create azure_kubernetes_cronjob.yml 2021-11-22 22:40:06 -06:00
frack113 1c99a93cd8 Add azure product 2021-11-14 10:50:16 +01:00
Tran Trung Hieu 7c01710d9d Change the service to the form service: azure._a_name_ and add falsepositives field 2021-10-13 15:12:36 +04:00
Tran Trung Hieu 5fdaefc77d Azure Security Operations for Priveleged Accounts 2021-10-10 16:06:28 +04:00
MetallicHack 030fc2a03e change title and tags in order to match sigmarules 2021-10-05 09:40:25 +02:00
MetallicHack a4100e76b9 change title and tags in order to match sigmarules 2021-10-05 09:39:03 +02:00
MetallicHack fe439e1998 Rename azure_ad_user_added_to_sensitive_role.yml to azure_ad_user_added_to_admin_role.yml 2021-10-04 15:26:58 +02:00
MetallicHack 96f05f7f19 Update azure_ad_user_added_to_sensitive_role.yml 2021-10-04 15:25:55 +02:00
MetallicHack d888ce67bc Create azure_ad_user_added_to_sensitive_role.yml 2021-09-25 21:57:10 +02:00
Austin Songer 715b6ecdda Create azure_new_cloudshell_created.yml 2021-09-12 20:00:08 -05:00
Austin Songer 0de95e355a Update azure_federation_modified.yml 2021-09-06 11:31:52 -05:00
Austin Songer e6e3fc2eec Update azure_federation_modified.yml 2021-09-06 11:16:35 -05:00
Austin Songer 6025df63ee Create azure_federation_modified.yml 2021-09-06 11:06:58 -05:00
Austin Songer e7c5827776 Update azure_service_principal_removed.yml 2021-09-03 22:43:11 -05:00
Austin Songer 0612ea7f6e Update azure_device_no_longer_managed_or_compliant.yml 2021-09-03 22:42:26 -05:00
Austin Songer c420a17e05 Update azure_service_principal_removed.yml 2021-09-03 22:29:21 -05:00
Austin Songer fda1e3362e Update azure_owner_removed_from_application_or_service_principal.yml 2021-09-03 22:29:12 -05:00
Austin Songer 9d26116d27 Update azure_device_no_longer_managed_or_compliant.yml 2021-09-03 22:29:02 -05:00
Austin Songer 8fe7bfc452 Update azure_application_deleted.yml 2021-09-03 22:28:53 -05:00