security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,413 Commits 1 Branch 0 Tags
09ea35f33a6ebf3e6255a7d8e2bb3d72fcdafb76
Commit Graph

5 Commits

Author SHA1 Message Date
Terrance DeJesus 2559b7bb41 [Rule Tuning] Tuning AWS Rules for SAML Provider Updates and Assumed Roles via STS (#3898) 
* tuning AWS rules for SAML provider updates and assumed roles via STS

* fixed mitre mapping

* adjusted new terms and added user ID to query

* reverting new terms value change

* adding non-ecs to new term checks

* fixing mitre mapping

* Update rules/integrations/aws/privilege_escalation_sts_temp_creds_via_assume_role.toml

* reverting file removal to add diff changes

* changeing rule contents

* reverting rule changes

* added rule contents

* changed file name

* linted

* reverting lint
 2024-08-20 11:53:46 -04:00
Eric Forte 47d7a3acaa [DaC] Beta Release (#3889) 
Co-authored-by: Justin Ibarra <16747370+brokensound77@users.noreply.github.com>
Co-authored-by: brokensound77 <brokensound77@users.noreply.github.com>
Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com>
Co-authored-by: Mika Ayenson <mika.ayenson@elastic.co>
 2024-08-06 18:07:12 -04:00
Justin Ibarra ce21acef9c [Bug] Fix test_os_and_platform_in_query test and rules (#3695) 
Co-authored-by: brokensound77 <brokensound77@users.noreply.github.com>
 2024-05-20 08:43:30 -07:00
Eric Forte a4a0bc6a7e [Bug] Query validation failing to capture InSet edge case with ip field types (#3572) 
* Move test case to separate file

---------

Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com>
Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>
 2024-05-06 07:58:42 -04:00
Mika Ayenson 7514c0a206 [FR] Add Support for ES|QL Rule Type and Remote Validation (#3281) 
* add suuport for esql type
* add unit tests
* set clients in RemoteConnector from auth methods
* thread remote rules; add engine test
* Add versions to remote validation results

---------

Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>
Co-authored-by: brokensound77 <brokensound77@users.noreply.github.com>
Co-authored-by: Justin Ibarra <16747370+brokensound77@users.noreply.github.com>
 2023-12-08 12:46:28 -07:00