sigma-rules

Files

T

Terrance DeJesus 2691273c93 [New Rule] AWS EC2 VPC Security Group Rule Added for Any Address or Remote Access Ports (#3599 )

* new rule 'AWS EC2 VPC Security Group Rule Added for Any Address or Remote Access Ports'

* updated rule name

* changed file name; added false-positive note

* changed rule UUID

* adjusted file name

* updated tags

* added investigation guide; updated query logic

* Update rules/integrations/aws/defense_evasion_vpc_security_group_ingress_rule_added_for_remote_connections.toml

Co-authored-by: Justin Ibarra <16747370+brokensound77@users.noreply.github.com>

* updated query and name

* updated query optimization

---------

Co-authored-by: Justin Ibarra <16747370+brokensound77@users.noreply.github.com>

(cherry picked from commit 527f785a60)

2024-05-28 14:52:40 +00:00

aws

[New Rule] AWS EC2 VPC Security Group Rule Added for Any Address or Remote Access Ports (#3599 )

2024-05-28 14:52:40 +00:00

azure

Back-porting Version Trimming (#3704 )

2024-05-22 19:18:10 +00:00

beaconing

Beaconing - Add whitelist to rules, with some more processes (#3497 )

2024-03-14 19:56:12 +00:00

cloud_defend

Back-porting Version Trimming (#3704 )