security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,629 Commits 1 Branch 57 Tags
f2cc5c8ce7ddeb6727e0c76f3364735dfd6dfdce
Commit Graph

145 Commits

Author SHA1 Message Date
frack113 8109af3ea3 Merge pull request #3170 from mepples21/miepping-dev3 
Create azure_ad_device_registration_policy_changes.yml
 2022-07-01 15:49:02 +02:00
frack113 a2c10bcade Update azure_ad_device_registration_policy_changes.yml 2022-07-01 14:17:21 +02:00
Florian Roth e516fd74cb Merge pull request #3172 from mepples21/miepping-dev5 
Create azure_ad_bitlocker_key_retrieval.yml
 2022-06-29 19:40:36 +02:00
Florian Roth 218e7f1491 Update azure_ad_device_registration_policy_changes.yml 2022-06-29 19:39:34 +02:00
Florian Roth 4fee43361c Merge pull request #3171 from mepples21/miepping-dev4 
Create azure_ad_sign_ins_from_unknown_devices.yml
 2022-06-29 19:37:13 +02:00
frack113 ef47e7c8f2 Update azure_ad_bitlocker_key_retrieval.yml 2022-06-29 06:34:11 +02:00
frack113 0315f31cb0 Update azure_ad_sign_ins_from_unknown_devices.yml 2022-06-29 06:33:24 +02:00
Michael Epping 7aadcff92c Create azure_ad_bitlocker_key_retrieval.yml 2022-06-28 14:23:36 -07:00
Michael Epping e446a23818 Create azure_ad_sign_ins_from_unknown_devices.yml 2022-06-28 14:12:30 -07:00
Michael Epping 7c446f0d37 Create azure_ad_device_registration_policy_changes.yml 
Rule from Azure AD SecOps guide
 2022-06-28 13:11:45 -07:00
Michael Epping 495a4fb1f0 Create azure_ad_device_registration_policy_changes.ym; 2022-06-28 13:10:38 -07:00
frack113 272c29caea Merge pull request #3138 from Yochana-H/Yochana-H 
create azure_blocked_account_attempt.yml
 2022-06-19 08:36:30 +02:00
Florian Roth 37ed5f4bc5 Update azure_blocked_account_attempt.yml 2022-06-18 18:22:43 +02:00
frack113 e3ea9f7b42 Update azure_blocked_account_attempt.yml 2022-06-17 20:43:07 +02:00
Yochana-H d659088d4b Merge branch 'Yochana-H' of https://github.com/Yochana-H/sigma into Yochana-H 2022-06-17 15:44:51 +01:00
Yochana-H 6dc3c1d4dd Create azure_blocked_account_attempt.yml 2022-06-17 15:44:40 +01:00
FlorianBracq f5211710d6 Update modification date 2022-06-08 18:54:03 +02:00
FlorianBracq 9647183716 Updating azure federation modified 
* Set logsource service to auditlogs instead of signinlogs
* Add reference to Microsoft documentation
* Set field name in selection to ActivityDisplayName instead of properties.message
 2022-06-08 17:17:26 +02:00
Mark Morowczynski e8c70a05d1 Create azure_app_owner_added.yml 
Added checking for new application owner.
 2022-06-02 13:37:00 -07:00
Mark Morowczynski fd5eb53e1d Create azure_app_appid_uri_changes.yml 
Adding AppID URI changes check
 2022-06-02 09:46:23 -07:00
Mark Morowczynski 55666836e6 Create azure_app_uri_modifications.yml 
Adding Application URI changes
 2022-06-02 06:44:35 -07:00
phantinuss 3412f29250 Update azure_app_device_code_authentication.yml 2022-06-02 13:58:37 +02:00
phantinuss 5be01c8bb4 Update azure_app_device_code_authentication.yml 2022-06-02 13:50:49 +02:00
frack113 2b599c07c6 Update and rename azure_app_device_code_authentication to azure_app_device_code_authentication.yml 2022-06-02 06:20:26 +02:00
Mark Morowczynski e148de65bb Merge branch 'SigmaHQ:master' into markmorow 2022-06-01 10:59:56 -07:00
Mark Morowczynski e09221d9f7 Create azure_app_device_code_authentication 
Adding Device Code flow authentication check
 2022-06-01 10:59:03 -07:00
frack113 dec8b93296 Merge pull request #3075 from MarkMorow/markmorow 
Markmorow
 2022-06-01 19:06:27 +02:00
Mark Morowczynski 4114ceef65 Update azure_app_ropc_authentication.yml 
Update Properities.message since it's one element.
 2022-06-01 09:35:45 -07:00
Mark Morowczynski 375eeab4fa Update azure_app_ropc_authentication.yml 2022-06-01 08:42:44 -07:00
Mark Morowczynski fe64f81674 Create azure_app_ropc_authentication.yml 
Adding ROPC Auth check
 2022-06-01 08:41:43 -07:00
frack113 5fd61875dc fix title case 2022-06-01 17:37:17 +02:00
frack113 6b0584ddd2 Update azure_conditional_access_failure.yml 2022-06-01 17:27:00 +02:00
Yochana-H 21da958f98 Delete azure_conditional_access_failure.txt 2022-06-01 12:58:34 +01:00
Yochana-H b912a8a7c2 Merge branch 'Yochana-H' of https://github.com/Yochana-H/sigma into Yochana-H 2022-06-01 12:04:28 +01:00
Yochana-H 8d8e74d44d Create azure_conditional_access_failure.txt 
Sign-In failures due to Conditional Access requirements not being met.
 2022-06-01 12:04:24 +01:00
Yochana-H eec0dfe821 Create azure_conditional_access_failure.txt 
Sign-In failures due to Conditional Access requirements not being met.
 2022-06-01 10:22:43 +01:00
frack113 95a0263799 Rename azure_aad_secops _signin_failure_bad_password_threshold.yml to azure_aad_secops_signin_failure_bad_password_threshold.yml 2022-05-31 20:43:32 +02:00
frack113 cafc12e334 Update azure_aad_secops _signin_failure_bad_password_threshold.yml 2022-05-31 20:36:37 +02:00
Corissa Lea Koopmans 9f115af449 Update azure_aad_secops _signin_failure_bad_password_threshold.yml 
updated title to remove capital letters and replaced a tag with the proper MITRE tactic check.
 2022-05-31 11:25:03 -05:00
Corissa Lea Koopmans b5a47ef967 Create azure_aad_secops _signin_failure_bad_password_threshold.yml 2022-05-30 05:35:52 -05:00
frack113 32e6a82cf2 Update azure_app_credential_added.yml 2022-05-27 06:56:07 +02:00
Mark Morowczynski 5229c05cab Update azure_app_credential_added.yml 
Changes based on Sigma template rules
 2022-05-26 12:36:38 -07:00
Mark Morowczynski 97efeada5f Update .gitignore 2022-05-26 09:39:00 -07:00
Mark Morowczynski 34d06708e5 Create azure_app_credential_added.yml 
App Credential Add rule
 2022-05-25 19:13:26 -07:00
phantinuss 112b715dd6 chore: test rules: reactivate single value list check 2022-05-10 17:13:04 +02:00
phantinuss 7cbfc7f16a fix: remove . from title 2022-04-06 17:04:10 +02:00
Florian Roth 15c6fad973 Merge pull request #2850 from hieuttmmo/master 
Rule to detect when any MFA Denied recorded by Azure SigninLogs
 2022-03-25 11:35:49 +01:00
Florian Roth 0b97d37faf Update azure_mfa_denies.yml 2022-03-24 21:26:13 +01:00
hieuttmmo 1fe45bd593 Merge branch 'SigmaHQ:master' into master 2022-03-24 16:53:41 +04:00
Tran Trung Hieu 713bc24750 Add new MFA Denied rule 2022-03-24 16:53:01 +04:00