security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
30 Commits 1 Branch 0 Tags
f438a222d5508fb65dd97f7fb22fce5a8a830fa4
Commit Graph

30 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
David French f438a222d5 [New Rule] Attempt to Modify or Delete Okta Application Sign On Policy (#10) 
* Add okta rule for policy modification/delete

* Update rule name

Co-authored-by: Ross Wolf <31489089+rw-access@users.noreply.github.com>

* Update rules/okta/okta_attempt_to_modify_or_delete_application_sign_on_policy.toml

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

* Add event.module value to query

* Update okta_attempt_to_modify_or_delete_application_sign_on_policy.toml

Add event.category and event.type values to query

* Update rules/okta/okta_attempt_to_modify_or_delete_application_sign_on_policy.toml

Co-authored-by: Ross Wolf <31489089+rw-access@users.noreply.github.com>
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>
 2020-07-02 08:52:55 -06:00
Ross Wolf a3b9be60d7 Fix issue templates 2020-07-01 12:37:08 -06:00
Ross Wolf 80c584f0dd Fix issue templates 2020-07-01 12:36:26 -06:00
Ross Wolf f8c3e3c33d Fix yaml in issue templates 2020-07-01 12:35:08 -06:00
Francesco Soncina 46a4008570 [Rule tuning] Fix evasion for disable iptables rule (#5) 2020-07-01 12:08:32 -06:00
Ross Wolf f800050e6b Update default labels for issues 2020-07-01 11:08:20 -06:00
Erkin Djindjiev 1fac018f10 Update MySQL port to 3306 not 3336 (#2) 2020-07-01 09:52:04 -06:00
Ross Wolf e48a987ce4 Cleanup issue/PR templates 2020-06-30 14:58:46 -06:00
Ross Wolf 4fd66d690d Fix blog post link 2020-06-30 11:20:42 -06:00
Ross Wolf d8675b0599 Add links to blog post and rule reference 2020-06-30 10:57:45 -06:00
Ross Wolf 975aa61bc0 Remove links to empty rules subfolders 2020-06-30 10:32:03 -06:00
Ross Wolf e2d97b0a74 Remove unreachable and legacy code 
Co-Authored-By: Justin Ibarra <brokensound77@users.noreply.github.com>
 2020-06-30 10:12:23 -06:00
Ross Wolf fac5473aca Rename PsRunner_License to PsRunner_LICENSE 2020-06-30 10:04:11 -06:00
Ross Wolf ba50b6dd20 Create PsRunner_License 2020-06-30 10:03:41 -06:00
Ross Wolf 5e7ea22eef Fix directory order 2020-06-30 09:57:02 -06:00
Ross Wolf e1317386ca Edits to documentation 2020-06-30 08:08:30 -06:00
Ross Wolf 0ddb8ee798 Switch to click.echo() for the banner 2020-06-29 23:58:20 -06:00
Ross Wolf 133d335728 Alphabetize the subdirectory order 2020-06-29 23:57:31 -06:00
Ross Wolf 3ff75e32e2 Noop to trigger GitHub actions 2020-06-29 23:46:02 -06:00
Ross Wolf dc0a275bbe Integrate with GitHub actions 2020-06-29 23:43:40 -06:00
Ross Wolf 7a00c36e04 Populate issue and PR templates 
Co-Authored-By: David French <56409778+threat-punter@users.noreply.github.com>
Co-Authored-By: Justin Ibarra <brokensound77@users.noreply.github.com>
 2020-06-29 23:25:02 -06:00
Ross Wolf a008fe05ed Add a makefile 2020-06-29 23:21:42 -06:00
Ross Wolf fb0d36941c Add documentation and update license notice 2020-06-29 23:21:16 -06:00
Ross Wolf d51474f0a7 Add unit tests 
Co-Authored-By: Justin Ibarra <brokensound77@users.noreply.github.com>
 2020-06-29 23:19:25 -06:00
Ross Wolf 3b305d3003 Add rule loader and dependencies 
Co-Authored-By: Justin Ibarra <brokensound77@users.noreply.github.com>
 2020-06-29 23:17:42 -06:00
Ross Wolf a0d3b4bd23 Populate RTA directory. 
Co-Authored-By: Brent Murphy <56412096+bm11100@users.noreply.github.com>
Co-Authored-By: Daniel Stepanic <57736958+dstepanic17@users.noreply.github.com>
Co-Authored-By: David French <56409778+threat-punter@users.noreply.github.com>
Co-Authored-By: Joe Desimone <56411054+joe-desimone@users.noreply.github.com>
Co-Authored-By: Justin Ibarra <brokensound77@users.noreply.github.com>
 2020-06-29 23:07:18 -06:00
Ross Wolf 83e28da7f3 Add Kibana connector 2020-06-29 23:05:43 -06:00
Ross Wolf 41809f1dc5 Add KQL module 2020-06-29 23:05:14 -06:00
Ross Wolf 5fcece8416 Populate rules/ directory. 
Co-Authored-By: Brent Murphy <56412096+bm11100@users.noreply.github.com>
Co-Authored-By: Craig Chamberlain <randomuserid@users.noreply.github.com>
Co-Authored-By: David French <56409778+threat-punter@users.noreply.github.com>
Co-Authored-By: Derek Ditch <dcode@users.noreply.github.com>
Co-Authored-By: Justin Ibarra <brokensound77@users.noreply.github.com>
 2020-06-29 22:57:03 -06:00
Ross Wolf cb1ae2f84a Initial commit 2020-06-24 16:56:47 -06:00