security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
sigma-rules/rules/integrations/azure_openai
T
History
Eric Forte 7410ec7db9 [Rule Tuning] Updated ESQL Rules Based on Validation Results (#5151) 
* Updated ESQL rules based on validation results

* Patch bump

* Updated regex patterns

* added missing azure fields to non-ecs-schema.json; adjusted okta query logic to use LIKE instead of RLIKE

* fixed incorrect field in non-ecs-schema.json; changed logs-azure.signinlogs* sightings to logs-azure.signinlogs-*

* Add and

* Additional non-ecs fields

* Add EOF

* Add kibana.alert.rule.name

* removed azure.platforlogs.identity.claim.objectid; updated query for 'c07f7898-5dc3-11f0-9f27-f661ea17fbcd'

* Field removed from query removing from keep

* Patch Bump

---------

Co-authored-by: terrancedejesus <terrance.dejesus@elastic.co>
Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com>
2025-09-30 00:36:29 -04:00
..
azure_openai_denial_of_ml_service_detection.toml
[Rule Tuning] Updated ESQL Rules Based on Validation Results (#5151)
2025-09-30 00:36:29 -04:00
azure_openai_insecure_output_handling_detection.toml
[Rule Tuning] Updated ESQL Rules Based on Validation Results (#5151)
2025-09-30 00:36:29 -04:00
azure_openai_model_theft_detection.toml
[Rule Tuning] Updated ESQL Rules Based on Validation Results (#5151)
2025-09-30 00:36:29 -04:00