sigma-rules

Files

T

Isai 00ed573623 [Rule Tuning][Deprecation] AWS Root Console Login Rules (#5201 )

* [Rule Tuning][Deprecation] AWS Root Console Login Rules

Deprecate - AWS Root Login Without MFA
- Starting deprecation process for this rule. While root login without MFA should certainly be investigated, this rule overlaps with the broader AWS Successful Root Console login rule. Between the 2, the broader rule should remain since all succesful Root console login events should be investigated. Part of the investigation can include determining if MFA was or was not enabled.

Tuning - AWS Management Console Root Login
No major rule changes needed, telemetry is low as expected for this rule
- reduced execution window
- updated investigation guide
- adjusted tags
- added highlighted fields
- added Mitre subtechnique

Tuning - AWS Management Console Brute Force of Root User Identity
No major rule changes needed, telemetry is low as expected for this rule
- reduced execution window
- updated investigation guide
- adjusted tags
- added highlighted field (the only one available for threshold rule is the threshold field)

* adding AWS Sign-In tag

adding AWS Sign-In tag

2025-10-15 14:16:02 -04:00

aws

[Rule Tuning][Deprecation] AWS Root Console Login Rules (#5201 )

2025-10-15 14:16:02 -04:00

aws_bedrock

[Rule Tuning] Updated ESQL Rules Based on Validation Results (#5151 )

2025-09-30 00:36:29 -04:00

azure

[Rule Tuning] Excessive Secret or Key Retrieval from Azure Key Vault (#5220 )

2025-10-14 12:53:02 -05:00

azure_openai

[Rule Tuning] Updated ESQL Rules Based on Validation Results (#5151 )