security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
176 Commits 1 Branch 0 Tags
01c904f2ddfa7eebfcbdb8d84656ef6fb2f51631
Commit Graph

14 Commits

Author SHA1 Message Date
David French 01c904f2dd [New Rule] GCP Firewall Rule Created (#312) 
* new-rule-gcp-firewall-rule-created

* Add FP info to rule

* Add ATT&CK metadata

* Update name to align with other rules

Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>

Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>
 2020-09-24 09:27:41 -06:00
David French 6e61be64b2 Create impact_gcp_service_account_disabled.toml (#320) 2020-09-24 09:23:10 -06:00
David French 586cf69ec6 [New Rule] GCP Service Account Deleted (#319) 
* Create impact_gcp_service_account_deleted.toml

* Update rule name to align with other rules

Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>

Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>
 2020-09-24 09:21:29 -06:00
David French 142ad038c2 [New Rule] GCP Service Account Created (#318) 
* new-rule-gcp-service-account-created

* Update name to align with other rules

Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>

Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>
 2020-09-24 09:19:14 -06:00
David French be4b5bb1c1 [New Rule] GCP Storage Bucket Deleted (#315) 
* new-rule-gcp-storage-bucket-deleted

* Add FP info to rule

* Update rule name

Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>

Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>
 2020-09-24 09:17:52 -06:00
David French 2b4044081e [New Rule] GCP Key Created for Service Account (#314) 
* new-rule-gcp-key-created-for-service-account

* Add FP info to rule

* Update name to align with other rules

Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>

Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>
 2020-09-24 09:16:18 -06:00
David French bda33a559b [New Rule] GCP Storage Bucket Permissions Modified (#313) 
* new-rule-gcp-storage-bucket-permissions-modified

* Add FP info to rule

* Update name to make Brent a happy chappy

Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>

Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>
 2020-09-24 09:14:13 -06:00
Brent Murphy e6326afd5d Create collection_gcp_pub_sub_topic_creation.toml (#331) 2020-09-24 11:12:59 -04:00
David French 93f57b22f7 [New Rule] GCP Firewall Rule Modified (#311) 
* new-rule-gcp-firewall-rule-modified

* Update rule maturity to production

* Add FP info to rule

* Add ATT&CK metadata

* Lint rule

* Update name to align with other rules

Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>

Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>
 2020-09-24 09:06:19 -06:00
David French 369d4f4a85 [New Rule] GCP Firewall Rule Deleted (#310) 
* new-rule-gcp-firewall-rule-deleted

* Update rule maturity to production

* Add FP info to rule

* Update rule maturity to production

* Add ATT&CK metadata

* Lint rule

* Update name to align with other rules

Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>

Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>
 2020-09-24 09:03:55 -06:00
Brent Murphy 968a3b4406 Create impact_gcp_iam_role_deltion.toml (#329) 2020-09-24 10:51:10 -04:00
Brent Murphy 275433596d Create exfiltration_gcp_logging_sink_modification.toml (#317) 2020-09-24 10:32:10 -04:00
Brent Murphy eef4f54dba Create initial_access_gcp_iam_custom_role_creation.toml (#316) 
Co-authored-by: David French <56409778+threat-punter@users.noreply.github.com>
 2020-09-24 10:19:40 -04:00
Brent Murphy 56fc99f152 [New Rule] GCP IAM Service Account Key Deletion (#309) 
* Create credential_access_gcp_iam_service_account_key_deletion.toml

* remove extra word in fp info

* linting
 2020-09-24 10:15:15 -04:00