security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2bb9fdb7243d5a5f61cd4f758483a7efa0fba3aa
sigma-rules/rules/integrations/azure
T
History
Nic 20a814c47f [Rule tuning] Azure Active Directory High Risk Sign-in (#1463) 
* Add Aggregated Risk Level
* There can be a risk_level_during_signin:low but have a risk_level_aggregated:high which is also just as concerning and must be alerted on.
* An example is a password spray attack and have a successful login. Which makes me consider a new rule for interesting risk event types

(cherry picked from commit 8b2c8c2e03)
2021-08-30 22:34:47 +00:00
..
collection_update_event_hub_auth_rule.toml
[Fleet] Track integrations in folder and metadata (#1372)
2021-07-21 21:25:48 +00:00
credential_access_key_vault_modified.toml
[Fleet] Track integrations in folder and metadata (#1372)
2021-07-21 21:25:48 +00:00
credential_access_storage_account_key_regenerated.toml
[Fleet] Track integrations in folder and metadata (#1372)
2021-07-21 21:25:48 +00:00
defense_evasion_azure_application_credential_modification.toml
[Fleet] Track integrations in folder and metadata (#1372)
2021-07-21 21:25:48 +00:00
defense_evasion_azure_diagnostic_settings_deletion.toml
[Fleet] Track integrations in folder and metadata (#1372)
2021-07-21 21:25:48 +00:00
defense_evasion_azure_service_principal_addition.toml
[Fleet] Track integrations in folder and metadata (#1372)
2021-07-21 21:25:48 +00:00
defense_evasion_event_hub_deletion.toml
[Fleet] Track integrations in folder and metadata (#1372)
2021-07-21 21:25:48 +00:00
defense_evasion_firewall_policy_deletion.toml
[Fleet] Track integrations in folder and metadata (#1372)
2021-07-21 21:25:48 +00:00
defense_evasion_network_watcher_deletion.toml
[Fleet] Track integrations in folder and metadata (#1372)
2021-07-21 21:25:48 +00:00
discovery_blob_container_access_mod.toml
[Fleet] Track integrations in folder and metadata (#1372)
2021-07-21 21:25:48 +00:00
execution_command_virtual_machine.toml
[Fleet] Track integrations in folder and metadata (#1372)
2021-07-21 21:25:48 +00:00
impact_azure_automation_runbook_deleted.toml
[Fleet] Track integrations in folder and metadata (#1372)
2021-07-21 21:25:48 +00:00
impact_azure_service_principal_credentials_added.toml
[Fleet] Track integrations in folder and metadata (#1372)
2021-07-21 21:25:48 +00:00
impact_resource_group_deletion.toml
[Fleet] Track integrations in folder and metadata (#1372)
2021-07-21 21:25:48 +00:00
initial_access_azure_active_directory_high_risk_signin.toml
[Rule tuning] Azure Active Directory High Risk Sign-in (#1463)
2021-08-30 22:34:47 +00:00
initial_access_azure_active_directory_powershell_signin.toml
[Fleet] Track integrations in folder and metadata (#1372)
2021-07-21 21:25:48 +00:00
initial_access_consent_grant_attack_via_azure_registered_application.toml
[Fleet] Track integrations in folder and metadata (#1372)
2021-07-21 21:25:48 +00:00
initial_access_external_guest_user_invite.toml
[Fleet] Track integrations in folder and metadata (#1372)
2021-07-21 21:25:48 +00:00
persistence_azure_automation_account_created.toml
[Fleet] Track integrations in folder and metadata (#1372)
2021-07-21 21:25:48 +00:00
persistence_azure_automation_runbook_created_or_modified.toml
[Fleet] Track integrations in folder and metadata (#1372)
2021-07-21 21:25:48 +00:00
persistence_azure_automation_webhook_created.toml
[Fleet] Track integrations in folder and metadata (#1372)
2021-07-21 21:25:48 +00:00
persistence_azure_conditional_access_policy_modified.toml
[Fleet] Track integrations in folder and metadata (#1372)
2021-07-21 21:25:48 +00:00
persistence_azure_pim_user_added_global_admin.toml
[Fleet] Track integrations in folder and metadata (#1372)
2021-07-21 21:25:48 +00:00
persistence_azure_privileged_identity_management_role_modified.toml
[Fleet] Track integrations in folder and metadata (#1372)
2021-07-21 21:25:48 +00:00
persistence_mfa_disabled_for_azure_user.toml
[Fleet] Track integrations in folder and metadata (#1372)
2021-07-21 21:25:48 +00:00
persistence_user_added_as_owner_for_azure_application.toml
[Fleet] Track integrations in folder and metadata (#1372)
2021-07-21 21:25:48 +00:00
persistence_user_added_as_owner_for_azure_service_principal.toml
[Fleet] Track integrations in folder and metadata (#1372)
2021-07-21 21:25:48 +00:00