This website requires JavaScript.
51b9717ac0
Adding setup templates to the ML rules (#3798 )
2024-06-19 10:04:41 -04:00
495539b697
[FR] Loosen Filters Schema Validation (#3753 )
2024-06-18 15:57:14 -05:00
259efaf716
[FR] Loosen Filters Schema Validation (#3753 )
2024-06-18 15:57:14 -05:00
96c7509c20
Closes #2216 (#2855 )
2024-06-14 04:52:54 +08:00
c1dcd21531
Closes #2216 (#2855 )
2024-06-14 04:52:54 +08:00
37ea64baf4
[New Rule] Rapid7 Threat Command CVEs Correlation (#3718 )
2024-06-12 18:01:44 -04:00
020ca4be24
[New Rule] Rapid7 Threat Command CVEs Correlation (#3718 )
2024-06-12 18:01:44 -04:00
c4a427178b
[New Rule] Potential DNS Server Privilege Escalation via ServerLevelPluginDll (#3717 )
2024-06-12 15:18:31 -03:00
4eff7c6c87
[New Rule] Potential DNS Server Privilege Escalation via ServerLevelPluginDll (#3717 )
2024-06-12 15:18:31 -03:00
cacdd7e717
[New hunts] 50 ES|QL Windows Hunt Queries (#3642 )
2024-06-12 09:09:09 -07:00
48e85439e0
[New hunts] 50 ES|QL Windows Hunt Queries (#3642 )
2024-06-12 09:09:09 -07:00
bc578b5464
Update FIM integration Setup sequence (#3781 )
2024-06-12 16:40:45 +05:30
89d89f15d2
Update FIM integration Setup sequence (#3781 )
2024-06-12 16:40:45 +05:30
24d79f230e
Lock versions for releases: 8.9,8.10,8.11,8.12,8.13,8.14 (#3778 )
2024-06-11 20:57:01 +05:30
e3a72c6c47
Lock versions for releases: 8.9,8.10,8.11,8.12,8.13,8.14 (#3778 )
2024-06-11 20:57:01 +05:30
0a69c19c83
Update Minstack versions for SentinelOne rules (#3777 )
2024-06-11 18:58:26 +05:30
d8131f9c60
Add exceptions to C2 Beaconing Activity (#3771 )
2024-06-11 09:13:46 -04:00
8baf5dc2d8
Add exceptions to C2 Beaconing Activity (#3771 )
2024-06-11 09:13:46 -04:00
d26951d94e
[New Rule] Suspicious File Modification (#3746 )
2024-06-11 13:03:20 +02:00
ec223a4a05
[New Rule] Suspicious File Modification (#3746 )
2024-06-11 13:03:20 +02:00
14de5313e8
[New Rules] PAM Module Creation & Unusual PAM Grantor (#3743 )
2024-06-11 11:51:33 +02:00
c87c4c9f5d
[New Rules] PAM Module Creation & Unusual PAM Grantor (#3743 )
2024-06-11 11:51:33 +02:00
b6d29a6775
[Rule Tuning] Systemd-udevd Rule File Creation (#3738 )
2024-06-11 11:40:54 +02:00
4cf0c2b9af
[Rule Tuning] Systemd-udevd Rule File Creation (#3738 )
2024-06-11 11:40:54 +02:00
1e16e806c7
[New Rule] APT Package Manager Configuration File Creation (#3739 )
2024-06-11 09:43:35 +02:00
4003219aa1
[New Rule] APT Package Manager Configuration File Creation (#3739 )
2024-06-11 09:43:35 +02:00
62eea772d0
[New Rule] AWS S3 Bucket Ransom Note Uploaded (#3604 )
2024-06-10 10:47:20 -04:00
cee60a88af
fixed index (#3770 )
2024-06-10 09:35:28 -04:00
13140d532c
fixed index (#3770 )
2024-06-10 09:35:28 -04:00
6fadd533fe
[New Rule] Network Connection Initiated by SSH Parent Process (#3759 )
2024-06-10 10:30:45 +02:00
74f049cc7c
[New Rule] Network Connection Initiated by SSH Parent Process (#3759 )
2024-06-10 10:30:45 +02:00
9f5c795ea5
[New Rule] Netcon through XDG Autostart Entry (#3741 )
2024-06-10 10:17:09 +02:00
29bb52d2fb
[New Rule] Netcon through XDG Autostart Entry (#3741 )
2024-06-10 10:17:09 +02:00
7ba1a863b5
[New Rule] Executable Bit Set for rc.local/rc.common (#3736 )
2024-06-10 09:57:14 +02:00
70496f813f
[New Rule] Executable Bit Set for rc.local/rc.common (#3736 )
2024-06-10 09:57:14 +02:00
e1cbf9f684
[New rules] AWS IAM AdministratorAccess Policy Attached to : User, Group, Role(es|ql) (#3735 )
2024-06-07 18:31:06 -04:00
fff49e7f09
[Rule Tuning] User Added to Privileged Group (#3763 )
2024-06-07 13:43:30 -03:00
087e8a6e85
[Rule Tuning] User Added to Privileged Group (#3763 )
2024-06-07 13:43:30 -03:00
dbfdb7f804
Test deprecated rule modification (#3727 )
2024-06-07 19:24:36 +05:30
f9b3534cdd
Test deprecated rule modification (#3727 )
2024-06-07 19:24:36 +05:30
4077572a3b
react_sync_rta_updates_3575 (#3762 )
2024-06-06 14:42:37 -04:00
57095a28b9
react_sync_rta_updates_3575 (#3762 )
2024-06-06 14:42:37 -04:00
886ce70678
[New Rule] Process Capability Set via setcap Utility (#3744 )
2024-06-06 12:44:31 +02:00
d3e2f70ce2
[New Rule] Process Capability Set via setcap Utility (#3744 )
2024-06-06 12:44:31 +02:00
71394edb86
[Rule Tuning] System Binary Moved or Copied (#3742 )
2024-06-06 12:24:48 +02:00
8e6114f76c
[Rule Tuning] System Binary Moved or Copied (#3742 )
2024-06-06 12:24:48 +02:00
fb82c0fe1b
[Rule Tuning] Potential Sudo Hijacking (#3745 )
2024-06-06 11:59:26 +02:00
61ab035f41
[Rule Tuning] Potential Sudo Hijacking (#3745 )
2024-06-06 11:59:26 +02:00
1d6361dece
[New Rule] SSH Key Generated via ssh-keygen (#3731 )
2024-06-06 11:50:38 +02:00
342fde097f
[New Rule] SSH Key Generated via ssh-keygen (#3731 )
2024-06-06 11:50:38 +02:00
522719cc9e
[New Rule] AWS EC2 Instance Connect SSH Public Key Uploaded (#3634 )
2024-06-05 10:33:42 -04:00
9f67585332
[New Rule] AWS EC2 Instance Connect SSH Public Key Uploaded (#3634 )
2024-06-05 10:33:42 -04:00
124fdc93a7
[New Rule] AWS Systems Manager SecureString Parameter Request with Decryption Flag (#3590 )
2024-06-05 10:22:38 -04:00
05ac4e1bd3
[New Rule] AWS Systems Manager SecureString Parameter Request with Decryption Flag (#3590 )
2024-06-05 10:22:38 -04:00
9475cf942d
[New Rule] AWS IAM Roles Anywhere Profile Creation and Trusted Anchor with External CA Created (#3609 )
2024-06-05 10:10:53 -04:00
c77eb1d915
[New Rule] AWS IAM Roles Anywhere Profile Creation and Trusted Anchor with External CA Created (#3609 )
2024-06-05 10:10:53 -04:00
6ff8f3a75f
[Rule Tuning] Shell Configuration Creation or Modification (#3732 )
2024-06-05 10:28:13 +02:00
5f36f3a03e
[Rule Tuning] Shell Configuration Creation or Modification (#3732 )
2024-06-05 10:28:13 +02:00
1b3ccdd1d5
[Rule Tuning] Message-of-the-Day (MOTD) (#3730 )
2024-06-05 10:18:30 +02:00
e41a57f2ad
[Rule Tuning] Message-of-the-Day (MOTD) (#3730 )
2024-06-05 10:18:30 +02:00
2d55e67da7
[Rule Tuning] Systemd Service & Timer (#3728 )
2024-06-05 10:01:15 +02:00
bebf671881
[Rule Tuning] Systemd Service & Timer (#3728 )
2024-06-05 10:01:15 +02:00
8eea11e6ab
[New Rule & Tuning] (Ana)Cron & At Job Creation (#3726 )
2024-06-05 09:53:42 +02:00
81ee6380ec
[New Rule & Tuning] (Ana)Cron & At Job Creation (#3726 )
2024-06-05 09:53:42 +02:00
06660cb2e1
Refresh MITRE Attack v15.1.0 (#3725 )
2024-06-04 20:14:58 +05:30
e357a2c050
Refresh MITRE Attack v15.1.0 (#3725 )
2024-06-04 20:14:58 +05:30
d7db6be0aa
[New Rule] Rapid Secret Retrieval Attempts from AWS SecretsManager (#3589 )
2024-06-04 09:20:04 -04:00
59b7e3bde4
[New Rule] Rapid Secret Retrieval Attempts from AWS SecretsManager (#3589 )
2024-06-04 09:20:04 -04:00
b719927d66
[Rule Tuning] Agent Spoofing (#3729 )
2024-06-03 19:28:24 +02:00
90bb8b53d8
[Rule Tuning] Agent Spoofing (#3729 )
2024-06-03 19:28:24 +02:00
6727460385
updating upload-artifact to version 4 (#3733 )
2024-06-03 12:04:01 -04:00
f09a640ddf
updating upload-artifact to version 4 (#3733 )
2024-06-03 12:04:01 -04:00
6924fddf65
[New Rule] AWS Lambda Function Policy Updated To Allow Public Invocation (#3632 )
2024-06-03 11:42:38 -04:00
0885032b2c
[New Rule] AWS Lambda Function Policy Updated To Allow Public Invocation (#3632 )
2024-06-03 11:42:38 -04:00
856c6c5a1f
[New Rule] AWS EC2 EBS Snapshot Shared with Another Account (#3601 )
2024-06-02 10:30:08 -04:00
1b586e7485
[New Rule] AWS Lambda Layer Added to Existing Function (#3631 )
2024-06-02 08:41:04 -04:00
70469b4cdb
[New Rule] AWS Lambda Layer Added to Existing Function (#3631 )
2024-06-02 08:41:04 -04:00
e564221d87
[New Rule] Building Block - AWS Lambda Function Created or Updated (#3610 )
2024-06-01 10:40:13 -04:00
2e366741dc
[New Rule] Building Block - AWS Lambda Function Created or Updated (#3610 )
2024-06-01 10:40:13 -04:00
9b487a7ea3
[New Rule] AWS S3 Bucket Policy Added to Share with External Account (#3603 )
2024-06-01 10:31:41 -04:00
7c82e75cf4
[New Rule] AWS S3 Bucket Policy Added to Share with External Account (#3603 )
2024-06-01 10:31:41 -04:00
032a8c9623
[New Rule] AWS GetCallerIdentity API Called for the First Time (#3711 )
2024-05-31 17:55:06 -04:00
23ce41d8af
[New Rule] AWS GetCallerIdentity API Called for the First Time (#3711 )
2024-05-31 17:55:06 -04:00
9a92326b0d
Remove unwanted backticks (#3724 )
2024-05-31 21:46:24 +05:30
418a95205e
Remove unwanted backticks (#3724 )
2024-05-31 21:46:24 +05:30
444ae196ac
Add exceptions to brute force threshold rule. (#3712 )
2024-05-30 04:12:36 -04:00
34294fbe6d
Add exceptions to brute force threshold rule. (#3712 )
2024-05-30 04:12:36 -04:00
5839b408ca
Lock versions for releases: 8.9,8.10,8.11,8.12,8.13,8.14 (#3716 )
2024-05-29 19:48:22 +05:30
259bab7a5a
Lock versions for releases: 8.9,8.10,8.11,8.12,8.13,8.14 (#3716 )
2024-05-29 19:48:22 +05:30
5d585ac3d4
Fix nodeenv version dependancy (#3715 )
2024-05-29 18:52:34 +05:30
9d019dcf26
Fix nodeenv version dependancy (#3715 )
2024-05-29 18:52:34 +05:30
e1230b6b26
Update rule setup instructions for UEBA packages (#3652 )
2024-05-28 14:21:46 -05:00
8b28a515c1
Update rule setup instructions for UEBA packages (#3652 )
2024-05-28 14:21:46 -05:00
a32759a51f
[New Rule] First Occurrence of AWS Resource Starting SSM Session to EC2 Instance (#3598 )
2024-05-28 11:23:17 -04:00
d5c57463e1
[New Rule] First Occurrence of AWS Resource Starting SSM Session to EC2 Instance (#3598 )
2024-05-28 11:23:17 -04:00
a25d3cd23a
[New Rule] Building Block Rule - Attempt to Retrieve User Data from AWS EC2 Instance (#3593 )
2024-05-28 11:15:04 -04:00
3b994c1133
[New Rule] Building Block Rule - Attempt to Retrieve User Data from AWS EC2 Instance (#3593 )
2024-05-28 11:15:04 -04:00
2691273c93
[New Rule] AWS EC2 VPC Security Group Rule Added for Any Address or Remote Access Ports (#3599 )
2024-05-28 10:49:20 -04:00
527f785a60
[New Rule] AWS EC2 VPC Security Group Rule Added for Any Address or Remote Access Ports (#3599 )
2024-05-28 10:49:20 -04:00
cfb386285d
[New RTA] Input Capture via Keylog (#3033 )
2024-05-24 11:37:42 +01:00
Kirti Sodhi