security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
04dcf09c0360837e2a3ab02f3eff6def31c79e28
sigma-rules/rules/integrations
T
History
Isai 026a822840 [New Rule] Kubernetes Suspicious Self-Subject Review (#2067) 
* Create discovery_suspicious_self_subject_review.toml

Adding new rule

* non-ecs-schema fields added and query change to specify fields

added non ecs-schema fields for all coming k8s rules and added specific fields to the query instead of using regex

* Update discovery_suspicious_self_subject_review.toml

* Update rules/integrations/kubernetes/discovery_suspicious_self_subject_review.toml

Co-authored-by: Colson Wilhoit <48036388+DefSecSentinel@users.noreply.github.com>
Co-authored-by: Jonhnathan <jonhnathancesar@gmail.com>
Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>
2022-07-28 15:30:47 -04:00
..
aws
[Security Content] Add Investigation Guides - Cloud - 3 (#2132)
2022-07-27 15:40:09 -03:00
azure
[Security Content] Add Investigation Guides - Cloud - 3 (#2132)
2022-07-27 15:40:09 -03:00
cyberarkpas
2058 add setup field to metadata (#2061)
2022-07-18 15:41:32 -04:00
endpoint
Add missing Integration field (#1537)
2021-10-26 12:05:12 -03:00
gcp
[Rule Tuning] Missing MITRE ATT&CK Mappings (#2073)
2022-07-22 14:30:34 -04:00
google_workspace
[Security Content] Add Investigation Guides - Cloud - 3 (#2132)
2022-07-27 15:40:09 -03:00
kubernetes
[New Rule] Kubernetes Suspicious Self-Subject Review (#2067)
2022-07-28 15:30:47 -04:00
o365
[Rule Tuning] Missing MITRE ATT&CK Mappings (#2073)
2022-07-22 14:30:34 -04:00
okta
[Rule Tuning] Missing MITRE ATT&CK Mappings (#2073)
2022-07-22 14:30:34 -04:00