security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
576 Commits 1 Branch 0 Tags
8ee1b2ffd477ebb5c267ea6527bfadddee7cbbca
Commit Graph

15 Commits

Author SHA1 Message Date
Justin Ibarra 3fc34b86f2 Update License to Elastic v2 (#944) 2021-03-03 22:12:11 -09:00
Justin Ibarra 90a9320f93 [Rule Tuning] Remove timestamp_override for endgame-* promotion rules (#951) 
* remove timestamp_override from endgame promotion rules
* updated version.lock to previous state for endgame promotion rule changes
* fix incorrect year in updated_date
 2021-02-17 13:48:57 -09:00
Justin Ibarra 61deed3fd2 [Rule Tuning] 7.11.2: Add timestamp_override to all query and non-sequence EQL rules (#948) 
* [Rule Tuning] Add timestamp_override field to 7.11.0 rules
* Lock versions for 7.11.2 rules
 2021-02-16 10:52:48 -09:00
Brent Murphy 627610401c [Rule Tuning] Update rules for new Fleet integrations (#729) 
* update azure indicies

* remove . in index to match prior cloud rules

* update o365 indicies

* add event.dataset:google_workspace.admin to existing google workspace rules

* gcp syntax

* add gcp index

* update gcp index

* update index patterns for google workspace rules

* update gcp index2

* update updated_date

* update event outcome for azure

Co-authored-by: David French <56409778+threat-punter@users.noreply.github.com>
 2020-12-18 12:23:12 -05:00
Justin Ibarra 97ee8cc9ac Refresh beats and ecs schemas and default to use latest to validate (#570) 
* Refresh beats and ecs schemas and default to use latest to validate
* remove incorrect ecs_version from zoom rule
* remove stale ecs_version from rules
 2020-12-01 13:24:20 -09:00
David French a05f160159 [New Rule] Application Added to Google Workspace Domain (#564) 
* Create application_added_to_google_workspace_domain.toml

* Update rules/google-workspace/application_added_to_google_workspace_domain.toml

Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>

* Update rules/google-workspace/application_added_to_google_workspace_domain.toml

Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>

Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>
 2020-11-18 09:23:15 -07:00
David French dd8c276e42 Create google_workspace_mfa_enforcement_disabled.toml (#563) 2020-11-18 09:20:31 -07:00
David French 4425bbf436 Create domain_added_to_google_workspace_trusted_domains.toml (#562) 2020-11-18 09:17:48 -07:00
David French 56bc91cc70 Create google_workspace_admin_role_deletion.toml (#561) 2020-11-18 09:15:53 -07:00
David French 10d4e5d8c9 [New Rule] Google Workspace Role Modified (#556) 
* Create persistence_google_workspace_role_modified.toml

* fix tpyo 🙃
 2020-11-18 09:13:44 -07:00
David French acf8102607 Create persistence_google_workspace_custom_admin_role_created.toml (#555) 2020-11-18 09:10:50 -07:00
David French 72fee8d16f Create persistence_google_workspace_admin_role_assigned_to_user.toml (#554) 2020-11-18 09:07:39 -07:00
David French 78b8d5c761 new-rule-mfa-disabled-for-google-workspace-organization (#553) 2020-11-18 09:05:07 -07:00
David French 6aca322cfd [New Rule] Google Workspace Password Policy Modified (#552) 
* new-rule-google-workspace-policy-modified

* lint rule
 2020-11-18 09:02:59 -07:00
David French 88b8bca929 Create persistence_google_workspace_api_access_granted_via_domain_wide_delegation_of_authority.toml (#530) 2020-11-17 08:44:37 -07:00