652b2c5e44
[New Rule] GCP Logging Sink Deletion ( #306 )
...
* Create gcp_logging_sink_deletion.toml
* update description
* update rule name
2020-09-24 17:19:27 -04:00
17e3d83b29
[New Rule] GCP Pub/Sub Subscription Deletion ( #334 )
...
* Create gcp_pub_sub_subscription_deletion.toml
* update rule name with mitre tactic
2020-09-24 13:21:28 -04:00
367d870654
[New Rule] GCP Logging Bucket Deletion ( #308 )
...
* Create gcp_logging_bucket_deletion.toml
* update rule name with mitre tactic
2020-09-24 13:14:18 -04:00
21d19863e2
[New Rule] GCP Pub/Sub Topic Deletion ( #307 )
...
* Create gcp_pub_sub_topic_deletion.toml
* Update rules/gcp/gcp_pub_sub_topic_deletion.toml
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
* linting
* update rule name with mitre tactic
* correct spelling error in rule
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
2020-09-24 13:09:50 -04:00
e34a969cd3
Create collection_gcp_pub_sub_subscription_creation.toml ( #332 )
2020-09-24 12:08:49 -04:00
bd2ec8a194
[New Rule] GCP Virtual Private Cloud Route Created ( #326 )
...
* [New Rule] GCP Virtual Private Cloud Route Created
* Update rule name to align with other rules
Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com >
Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com >
2020-09-24 09:47:21 -06:00
df19db4f67
[New Rule] GCP Virtual Private Cloud Network Deleted ( #325 )
...
* [New Rule] GCP Virtual Private Cloud Network Deleted
* Update rule name to align with other rules
Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com >
Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com >
2020-09-24 09:44:48 -06:00
de85f483a4
[New Rule] GCP Virtual Private Cloud Route Deleted ( #324 )
...
* [New Rule] GCP Virtual Private Cloud Route Deleted
* Update rule name to align with other rules
Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com >
Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com >
2020-09-24 09:31:48 -06:00
de6f326c72
[New Rule] GCP Storage Bucket Configuration Modified ( #322 )
...
* Create defense_evasion_gcp_storage_bucket_configuration_modified.toml
* Update rule name to align with other rules
Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com >
Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com >
2020-09-24 09:29:53 -06:00
01c904f2dd
[New Rule] GCP Firewall Rule Created ( #312 )
...
* new-rule-gcp-firewall-rule-created
* Add FP info to rule
* Add ATT&CK metadata
* Update name to align with other rules
Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com >
Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com >
2020-09-24 09:27:41 -06:00
6e61be64b2
Create impact_gcp_service_account_disabled.toml ( #320 )
2020-09-24 09:23:10 -06:00
586cf69ec6
[New Rule] GCP Service Account Deleted ( #319 )
...
* Create impact_gcp_service_account_deleted.toml
* Update rule name to align with other rules
Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com >
Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com >
2020-09-24 09:21:29 -06:00
142ad038c2
[New Rule] GCP Service Account Created ( #318 )
...
* new-rule-gcp-service-account-created
* Update name to align with other rules
Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com >
Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com >
2020-09-24 09:19:14 -06:00
be4b5bb1c1
[New Rule] GCP Storage Bucket Deleted ( #315 )
...
* new-rule-gcp-storage-bucket-deleted
* Add FP info to rule
* Update rule name
Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com >
Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com >
2020-09-24 09:17:52 -06:00
2b4044081e
[New Rule] GCP Key Created for Service Account ( #314 )
...
* new-rule-gcp-key-created-for-service-account
* Add FP info to rule
* Update name to align with other rules
Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com >
Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com >
2020-09-24 09:16:18 -06:00
bda33a559b
[New Rule] GCP Storage Bucket Permissions Modified ( #313 )
...
* new-rule-gcp-storage-bucket-permissions-modified
* Add FP info to rule
* Update name to make Brent a happy chappy
Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com >
Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com >
2020-09-24 09:14:13 -06:00
e6326afd5d
Create collection_gcp_pub_sub_topic_creation.toml ( #331 )
2020-09-24 11:12:59 -04:00
93f57b22f7
[New Rule] GCP Firewall Rule Modified ( #311 )
...
* new-rule-gcp-firewall-rule-modified
* Update rule maturity to production
* Add FP info to rule
* Add ATT&CK metadata
* Lint rule
* Update name to align with other rules
Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com >
Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com >
2020-09-24 09:06:19 -06:00
369d4f4a85
[New Rule] GCP Firewall Rule Deleted ( #310 )
...
* new-rule-gcp-firewall-rule-deleted
* Update rule maturity to production
* Add FP info to rule
* Update rule maturity to production
* Add ATT&CK metadata
* Lint rule
* Update name to align with other rules
Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com >
Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com >
2020-09-24 09:03:55 -06:00
968a3b4406
Create impact_gcp_iam_role_deltion.toml ( #329 )
2020-09-24 10:51:10 -04:00
275433596d
Create exfiltration_gcp_logging_sink_modification.toml ( #317 )
2020-09-24 10:32:10 -04:00
eef4f54dba
Create initial_access_gcp_iam_custom_role_creation.toml ( #316 )
...
Co-authored-by: David French <56409778+threat-punter@users.noreply.github.com >
2020-09-24 10:19:40 -04:00
56fc99f152
[New Rule] GCP IAM Service Account Key Deletion ( #309 )
...
* Create credential_access_gcp_iam_service_account_key_deletion.toml
* remove extra word in fp info
* linting
2020-09-24 10:15:15 -04:00
Brent Murphy