Mostafa Moradian
f627ff2270
update: Okta 2023 Breach Indicator Of Compromise - Update field name to use CamleCase update: Okta Admin Role Assigned to an User or Group - Update field name to use CamleCase update: Okta Admin Role Assignment Created - Update field name to use CamleCase update: Okta API Token Created - Update field name to use CamleCase update: Okta API Token Revoked - Update field name to use CamleCase update: Okta Application Modified or Deleted - Update field name to use CamleCase update: Okta Application Sign-On Policy Modified or Deleted - Update field name to use CamleCase update: Okta FastPass Phishing Detection - Update field name to use CamleCase update: Okta Identity Provider Created - Update field name to use CamleCase update: Okta MFA Reset or Deactivated - Update field name to use CamleCase update: Okta Network Zone Deactivated or Deleted - Update field name to use CamleCase update: Okta New Admin Console Behaviours - Update field name to use CamleCase update: Potential Okta Password in AlternateID Field - Update field name to use CamleCase update: Okta Policy Modified or Deleted - Update field name to use CamleCase update: Okta Policy Rule Modified or Deleted - Update field name to use CamleCase update: Okta Security Threat Detected - Update field name to use CamleCase update: Okta Suspicious Activity Reported by End-user - Update field name to use CamleCase update: Okta Unauthorized Access to App - Update field name to use CamleCase update: Okta User Account Locked Out - Update field name to use CamleCase update: New Okta User Created - Update field name to use CamleCase update: Okta User Session Start Via An Anonymising Proxy Service - Update field name to use CamleCase
Emerging Threats Rules
This folder contains rules that belongs to the "emerging-threats" category of SIGMA. This category aims to cover specific threats that are timely and relevant for certain periods of time. These threats include specific APT campaigns, exploitation of Zero-Day vulnerabilities, specific malware used during an attack,...etc.
The folder structure is split by year and every folder can contain two sub-folders
Exploits: Contains specific rules that cover exploitation of vulnerabilities.Malware: Contains specific rules that cover malware, ransomware and any type of suspicious software used by Threat Actors or malicious actorsTA: Contains specific rules that cover APT, Threat Actor and malware activities.