sigma-rules

Author SHA1 Message Date

Author	SHA1	Message	Date
Austin Songer	09f49da822	[New Rule] Azure Frontdoor Web Application Firewall (WAF) Policy Deleted (#1393 ) (cherry picked from commit `d28c48f20f`)	2021-09-29 17:09:18 +00:00
Nic	20a814c47f	[Rule tuning] Azure Active Directory High Risk Sign-in (#1463 ) * Add Aggregated Risk Level * There can be a risk_level_during_signin:low but have a risk_level_aggregated:high which is also just as concerning and must be alerted on. * An example is a password spray attack and have a successful login. Which makes me consider a new rule for interesting risk event types (cherry picked from commit `8b2c8c2e03`)	2021-08-30 22:34:47 +00:00
Ross Wolf	600acca704	[Fleet] Track integrations in folder and metadata (#1372 ) * Track integrations in folder and metadata * Remove duplicate entry * Update note and tests (cherry picked from commit `1882f4456c`)	2021-07-21 21:25:48 +00:00

Austin Songer

09f49da822

[New Rule] Azure Frontdoor Web Application Firewall (WAF) Policy Deleted (#1393 )

(cherry picked from commit d28c48f20f)

2021-09-29 17:09:18 +00:00

Nic

20a814c47f

[Rule tuning] Azure Active Directory High Risk Sign-in (#1463 )

* Add Aggregated Risk Level
* There can be a risk_level_during_signin:low but have a risk_level_aggregated:high which is also just as concerning and must be alerted on.
* An example is a password spray attack and have a successful login. Which makes me consider a new rule for interesting risk event types

(cherry picked from commit 8b2c8c2e03)

2021-08-30 22:34:47 +00:00

Ross Wolf

600acca704

[Fleet] Track integrations in folder and metadata (#1372 )

* Track integrations in folder and metadata
* Remove duplicate entry
* Update note and tests

(cherry picked from commit 1882f4456c)

2021-07-21 21:25:48 +00:00

3 Commits