security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
21628611a99b24abc00934de6a7e083b85b4e463
sigma-rules/rules/integrations
T
History
Nic 20a814c47f [Rule tuning] Azure Active Directory High Risk Sign-in (#1463) 
* Add Aggregated Risk Level
* There can be a risk_level_during_signin:low but have a risk_level_aggregated:high which is also just as concerning and must be alerted on.
* An example is a password spray attack and have a successful login. Which makes me consider a new rule for interesting risk event types

(cherry picked from commit 8b2c8c2e03)
2021-08-30 22:34:47 +00:00
..
aws
[Rule Tuning] AWS Security Group Configuration Change Detection (#1426)
2021-08-15 04:35:07 +00:00
azure
[Rule tuning] Azure Active Directory High Risk Sign-in (#1463)
2021-08-30 22:34:47 +00:00
cyberarkpas
[Fleet] Track integrations in folder and metadata (#1372)
2021-07-21 21:25:48 +00:00
endpoint
Remove the 7.15+ behavior protection promotion rule
2021-08-26 08:51:38 -06:00
gcp
[Fleet] Track integrations in folder and metadata (#1372)
2021-07-21 21:25:48 +00:00
google_workspace
[Rule tuning] Revise rule description and other text (#1398)
2021-08-03 21:08:48 +00:00
o365
[Rule Tuning] Rule description tweaks (#1388)
2021-07-29 18:57:11 +00:00
okta
[Fleet] Track integrations in folder and metadata (#1372)
2021-07-21 21:25:48 +00:00