This website requires JavaScript.
d1b102730c
[Rule Tuning] 3rd Party EDR - Add Crowdstrike FDR support - 8 (#4233 )
2024-11-07 12:38:27 -03:00
ef0f96c874
[Rule Tuning] 3rd Party EDR - Add Crowdstrike FDR support - 7 (#4232 )
2024-11-07 12:27:47 -03:00
d2dfd46b3e
Update credential_access_suspicious_lsass_access_generic.toml (#4188 )
2024-11-07 13:56:53 +00:00
d9154c698a
[Testing] Update release-drafter.yml (#4255 )
2024-11-06 16:21:05 -06:00
b2b92b0edc
[Testing] Update release-drafter.yml (#4254 )
2024-11-06 16:00:18 -06:00
c1ac8f0fae
[FR] DRAFT Release Workflow on PR Merge (#4253 )
2024-11-06 15:36:09 -06:00
a92fdc18a1
[New Rule] Adding Coverage for AWS IAM Customer-Managed Policy Attached to Role by Rare User (#4245 )
2024-11-06 13:36:13 -05:00
6a39009402
Add investigation guide for Amazon Bedrock Rules (#4247 )
2024-11-06 23:28:02 +05:30
1cc160fe2e
[Rule Tuning] Add Investigation Guides to AWS Rules (#4249 )
2024-11-06 12:29:14 -05:00
c602042954
[New Rule] Adding Coverage for AWS Discovery API Calls via CLI from a Single Resource (#4246 )
2024-11-06 12:14:38 -05:00
ef6344f5e6
[Rule Tuning] Tuning AWS STS Temporary Credentials via AssumeRole (#4228 )
2024-11-06 12:01:07 -05:00
f486571dc6
[New Rule] Adding Coverage for AWS SSM Command Document Created by Rare User (#4229 )
2024-11-06 11:53:51 -05:00
1c9177ef6f
[New Rule] Adding Coverage for AWS IAM Create User via Assumed Role on EC2 Instance (#4244 )
2024-11-06 11:28:41 -05:00
d5f36b3619
[New Rule] Adding Coverage for AWS SNS Email Subscription by Rare User (#4224 )
2024-11-06 11:19:30 -05:00
63732436b4
[FR] Update release-drafter.yml (#4252 )
2024-11-06 09:02:55 -06:00
77f42f1168
[FR] Add Versioning Processes to DR (#4223 )
2024-11-06 08:14:50 -06:00
6c2dad966a
[Rule Tuning] 3rd Party EDR - Add Crowdstrike FDR support - 9 (#4234 )
2024-11-05 15:39:32 -03:00
a743b9c8c4
[Rule Tuning] 3rd Party EDR - Add Crowdstrike FDR support - 6 (#4231 )
2024-11-05 15:00:43 -03:00
d5b5ba387d
[Rule Tuning] 3rd Party EDR - Add Crowdstrike FDR support - 5 (#4230 )
2024-11-05 14:46:10 -03:00
63956a6f51
[Rule Tuning] 3rd Party EDR - Add Crowdstrike FDR support - 4 (#4225 )
2024-11-05 14:22:14 -03:00
09ea35f33a
[New Rule] AWS STS AssumeRole with New MFA Device [Rule Tuning] AWS IAM Deactivation of MFA Device (#4210 )
2024-11-05 02:09:05 -05:00
2b6116e0ce
[Rule Tuning] 3rd Party EDR - Add Crowdstrike FDR support - 3 (#4222 )
2024-11-04 11:55:04 -03:00
80841b5619
[Rule Tuning] 3rd Party EDR - Add Crowdstrike FDR support - 2 (#4221 )
2024-11-04 11:47:43 -03:00
81292aee8a
[Rule Tuning] 3rd Party EDR - Add Crowdstrike FDR support - 1 (#4220 )
2024-11-04 11:32:22 -03:00
581ef73bc0
[FR] [DAC] Add id support (#4208 )
2024-11-01 07:47:34 -04:00
b6847c7a48
[New Rule] AWS STS Role Chaining (#4209 )
2024-10-30 12:18:04 -04:00
1278c27967
Sync RTA Attempt to Fix Sensor Regex Error (#4213 )
2024-10-29 04:20:12 +11:00
5d2940fa7c
Lock versions for releases: 8.10,8.11,8.12,8.13,8.14,8.15 (#4217 )
2024-10-28 21:07:46 +05:30
123e090e7d
Fix Minstack version for windows integration - Pahse 2 (#4216 )
2024-10-28 20:25:02 +05:30
92fe46b8ff
Fix Minstack version for windows integration (#4214 )
2024-10-28 19:28:10 +05:30
9e4fce6586
[Rule Tuning] Potential Linux Hack Tool Launched (#4191 )
2024-10-25 17:23:48 +02:00
b0bba39007
[Rule Tuning] Linux User Added to Privileged Group (#4206 )
2024-10-25 14:21:20 +02:00
5d9b295bb6
Sync RTA Potential Mining Pool Command Detection (#4204 )
2024-10-25 03:17:17 +11:00
ae2adc766d
Sync RTA Renice or Ulimit Execution from Unusual Parent (#4203 )
2024-10-25 03:08:49 +11:00
4d41496e1d
Sync RTA Linux Powershell Egress Network Connection (#4202 )
2024-10-25 02:05:15 +11:00
933020a5c1
Sync RTA Suspicious Execution from Foomatic-rip or Cupsd Parent (#4201 )
2024-10-25 01:19:15 +11:00
6ec5c5b04b
Sync RTA Foomatic-rip Shell Execution (#4200 )
2024-10-25 00:43:38 +11:00
be656ae740
Tune Bedrock rule to accept multivalued column (#4205 )
2024-10-23 20:48:56 +05:30
77f0ee85d9
react_sync_rta_updates_4215 Network Connection by Foomatic-rip Child (#4196 )
2024-10-24 00:48:36 +11:00
a54f83981e
Sync RTA File Downloaded via Curl or Wget to Hidden Directory (#4197 )
2024-10-24 00:31:17 +11:00
0ef122632e
Sync RTA Shared Object Load via LoLBin (#4198 )
2024-10-24 00:18:11 +11:00
f8d08f92f3
Sync RTA Suspicious Kernel Feature Activity (#4199 )
2024-10-24 00:10:21 +11:00
faafc4f19d
Sync RTA Potential Proxy Execution via PHP (#4195 )
2024-10-23 21:37:32 +11:00
c336e30dee
Sync RTA Suspicious Download and Redirect by Web Server (#4194 )
2024-10-23 21:25:10 +11:00
6a740a6a61
Sync RTA File Downloaded and Piped to Interpreter by Web Server (#4193 )
2024-10-23 21:15:45 +11:00
c5b108400c
Sync RTA File Downloaded from Suspicious Source by Web Server (#4192 )
2024-10-23 20:45:56 +11:00
91fbc39084
Sync RTA MSR Write Access Enabled (#4189 )
2024-10-23 19:43:47 +11:00
21c45f97fe
Sync RTA Reverse or Bind Shell via Suspicious Utility (#4187 )
2024-10-23 19:07:44 +11:00
9cb2974e70
Sync RTA Potential Gsocket Activity (#4186 )
2024-10-23 18:51:33 +11:00
fe6459d784
Sync RTA Bind Shell via Socket (#4185 )
2024-10-23 17:40:45 +11:00
08fc5a5e35
Sync RTA Bind Shell via Node (#4184 )
2024-10-23 17:13:10 +11:00
fb963628f2
Sync RTA Potential Proxy Execution via Sed (#4183 )
2024-10-23 17:01:10 +11:00
6d430be209
Sync RTA Bind Shell via Netcat Traditional (#4182 )
2024-10-23 16:53:12 +11:00
2e1daeeaa0
Sync RTA Base64 Shebang Payload Decoded via Built-in Utility (#4181 )
2024-10-23 16:42:43 +11:00
31d3b6417b
Sync RTA Potential Proxy Execution via Tcpdump (#4180 )
2024-10-23 16:30:09 +11:00
3e1fe91a1c
Sync RTA Potential Proxy Execution via Sysctl (#4179 )
2024-10-23 16:22:28 +11:00
519a3688c8
Sync RTA Potential Proxy Execution via Split (#4178 )
2024-10-23 16:07:38 +11:00
fff957c0f5
Sync RTA Potential Proxy Execution via Pidstat (#4177 )
2024-10-23 15:57:11 +11:00
bc821f56e1
Sync RTA System Binary Proxy Execution via ld.so (#4176 )
2024-10-23 15:42:44 +11:00
fb4bc72607
Sync RTA Potential Proxy Execution via Crash (#4175 )
2024-10-23 03:19:13 +11:00
d1f44270e1
Sync RTA Potential Process Masquerading via Exec
2024-10-23 03:11:27 +11:00
275c7288a3
Add testcase to check for related_integrations based on index (#4096 )
2024-10-22 00:17:30 +05:30
d0225c37df
[Rule Tuning] Tuning 'Unusual Instance Metadata Service (IMDS) API Request' (#4169 )
2024-10-18 11:50:57 -04:00
42f6c8f9a5
[Rule Tuning] Q2 Linux DR Tuning - Part 4 (#4165 )
2024-10-18 17:13:44 +02:00
b309bcb7ae
[Rule Tuning] Q2 Linux DR Tuning - Part 5 (#4166 )
2024-10-18 17:02:26 +02:00
601254488b
[BBR Promotion] Q2 Linux BBR Promotion (#4172 )
2024-10-18 16:55:09 +02:00
592ad0fe9a
[Rule Tuning] Q2 Linux DR Tuning - BBR (#4171 )
2024-10-18 16:45:23 +02:00
09bd4cef16
[Rule Tuning] Q2 Linux DR Tuning - CP (#4170 )
2024-10-18 16:38:14 +02:00
ac6a49eeea
[Rule Tuning] Q2 Linux DR Tuning - Part 6 (#4167 )
2024-10-18 16:25:54 +02:00
39fc23cb3d
[Rule Tuning] Q2 Linux DR Tuning - Part 3 (#4164 )
2024-10-18 16:18:14 +02:00
3982228132
[Rule Tuning] Q2 Linux DR Tuning - Part 2 (#4163 )
2024-10-18 16:07:09 +02:00
af9f9e2456
[Rule Tuning] Q2 Linux DR Tuning - Part 1 (#4162 )
2024-10-18 15:59:51 +02:00
61b731c300
[Rule Tuning] Remove Salesforce Client User-Agent Whitelisting in MFA Deactivation with no Re-Activation for Okta User Account (#4145 )
2024-10-16 11:41:50 -04:00
b1e91ddb14
Add setuptools as project dependency (#4160 )
2024-10-16 20:09:23 +05:30
4b4b2cc9c8
[Hunt Tuning] Enforce STATS or KEEP functions in ES|QL hunting queries (#4157 )
2024-10-16 09:16:28 -04:00
c1ce0d43d1
Lock versions for releases: 8.10,8.11,8.12,8.13,8.14,8.15 (#4159 )
2024-10-16 10:23:33 +05:30
2c07e88c07
[Rule Tuning] Fix double bumps caused by Windows Integration Update (#4156 )
2024-10-15 15:27:44 -03:00
8f56b7de5e
Update privilege_escalation_gpo_schtask_service_creation.toml (#4152 )
2024-10-15 14:06:35 +01:00
a98161ad2a
[Tuning] Suspicious DLL Loaded for Persistence or Privilege Escalation (#4144 )
2024-10-15 10:49:01 +01:00
8404d41cca
[New] Untrusted DLL Loaded by Azure AD Sync Service (#4151 )
2024-10-14 18:04:46 +01:00
e1addc6a8f
[Rule Tuning] 3rd Party EDR Compatibility - 18 (#4056 )
2024-10-13 20:25:17 -03:00
6f69b33529
[Rule Tuning] 3rd Party EDR Compatibility - 17 (#4042 )
2024-10-13 18:34:22 -03:00
7385f9dd2e
[Rule Tuning] 3rd Party EDR Compatibility - 16 (#4041 )
2024-10-13 18:14:24 -03:00
080a891c79
[Rule Tuning] 3rd Party EDR Compatibility - 15 (#4040 )
2024-10-11 18:33:22 -03:00
10a8cef21f
[Rule Tuning] 3rd Party EDR Compatibility - 14 (#4039 )
2024-10-11 17:22:53 -03:00
07c4535871
[Rule Tuning] 3rd Party EDR Compatibility - 13 (#4038 )
2024-10-11 16:55:02 -03:00
0cbbae4f83
[Rule Tuning] 3rd Party EDR Compatibility - 12 (#4037 )
2024-10-11 16:37:20 -03:00
32d02ae7aa
[Rule Tuning] 3rd Party EDR Compatibility - 11 (#4036 )
2024-10-11 16:14:40 -03:00
7b655759ab
[Rule Tuning] 3rd Party EDR Compatibility - 10 (#4035 )
2024-10-11 15:58:37 -03:00
8938f09668
[Rule Tuning] 3rd Party EDR Compatibility - 9 (#4034 )
2024-10-11 15:41:36 -03:00
5b17dfa63a
[Rule Tuning] 3rd Party EDR Compatibility - 8 (#4032 )
2024-10-11 15:12:58 -03:00
6b71ad7ab9
[Rule Tuning] 3rd Party EDR Compatibility - 7 (#4031 )
2024-10-11 15:01:45 -03:00
fbe17eb1ee
[Rule Tuning] 3rd Party EDR Compatibility - 6 (#4030 )
2024-10-11 14:34:42 -03:00
f91a6fa8d6
[Rule Tuning] 3rd Party EDR Compatibility - 5 (#4022 )
2024-10-11 14:21:17 -03:00
1d9cb6a195
[Rule Tuning] Active Directory Forced Authentication from Linux Host - SMB Named Pipes (#4117 )
2024-10-11 13:46:57 -03:00
f021229da4
[Rule Tuning] 3rd Party EDR Compatibility - 4 (#4021 )
2024-10-11 13:33:32 -03:00
2afb4038db
[Rule Tuning] 3rd Party EDR Compatibility - 3 (#4020 )
2024-10-11 13:19:56 -03:00
4538bfcd9f
[Rule Tuning] 3rd Party EDR Compatibility - 2 (#4019 )
2024-10-11 12:55:31 -03:00
6be1f0bad6
[Rule Tuning] 3rd Party EDR Compatibility - 1 (#4017 )
2024-10-11 12:09:11 -03:00
acb01cf9ee
Refresh to fetch latest ECS & Beats schemas, Integration manifests & schemas. (#4140 )
2024-10-10 11:30:00 +05:30
Jonhnathan