security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,314 Commits 1 Branch 0 Tags
1ce072a4e58238d94deae33ff8de25458ac129d5
Commit Graph

4 Commits

Author SHA1 Message Date
shashank-elastic 818467f132 Replace master doc URLs with current (#4439) 2025-02-03 21:27:50 +05:30
Mika Ayenson fe8c81d762 [FR] Generate investigation guides (#4358) 2025-01-22 11:17:38 -06:00
shashank-elastic 2c848c5111 Prep for Release 8.18 (#4288) 2024-12-09 18:25:13 +05:30
Thijs Xhaflaire df1f0bc98e [New Rule] Add Jamf Protect detection rules (#4047) 
* Create privilege_escalation_user_added_to_admin_group.toml

* Update privilege_escalation_user_added_to_admin_group.toml

* Update privilege_escalation_user_added_to_admin_group.toml

* Adding pbpaste detection rule and minor adjustments to user added to group

* Update credential_access_high_volume_of_pbpaste.toml

* Update credential_access_high_volume_of_pbpaste.toml

* Adding two rules to validate our approach.

* Updated index to "logs-jamf_protect*"

* Update credential_access_high_volume_of_pbpaste.toml

Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>

* Update credential_access_high_volume_of_pbpaste.toml

Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>

* Update credential_access_high_volume_of_pbpaste.toml

Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>

* Update credential_access_high_volume_of_pbpaste.toml

Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>

* Update credential_access_high_volume_of_pbpaste.toml

Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>

* Update credential_access_high_volume_of_pbpaste.toml

Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>

* Update credential_access_high_volume_of_pbpaste.toml

Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>

* Update rules/integrations/jamf/credential_access_high_volume_of_pbpaste.toml

* Update rules/integrations/jamf/credential_access_high_volume_of_pbpaste.toml

* Update rules/integrations/jamf/credential_access_high_volume_of_pbpaste.toml

Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>

* Update rules/integrations/jamf/privilege_escalation_user_added_to_admin_group.toml

Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>

* Update rules/integrations/jamf/privilege_escalation_user_added_to_admin_group.toml

Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>

* Update rules/integrations/jamf/privilege_escalation_user_added_to_admin_group.toml

Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>

* Update rules/integrations/jamf/privilege_escalation_user_added_to_admin_group.toml

Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>

* Moved to rules/macos folder

* Removed rules from integration/jamf folder

* Update credential_access_high_volume_of_pbpaste.toml

Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>

* Update credential_access_high_volume_of_pbpaste.toml

Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>

* Update credential_access_high_volume_of_pbpaste.toml

Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>

* Update credential_access_high_volume_of_pbpaste.toml

Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com>

* minstack rules and support jamf_protect non-dataset

---------

Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>
Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com>
Co-authored-by: Mika Ayenson <Mika.ayenson@elastic.co>
 2024-09-12 15:03:56 -05:00