sigma-rules

Files

T

James Valente 36d595ae2f [Rule Tuning] Add exceptions for non-interactive signin failures for Entra M365 Bruteforce (#4405 )

* Add exceptions for non-interactive signin failures.

Include exceptions for error codes, restricted to `NonInteractiveUserSignInLogs` and token refreshes:

- 70043 : Refresh token expired or no longer valid due to conditional access frequency checks
- 70044 : Session expired or no longer valid due to conditional access frequency checks
- 50057 : User account is disabled

* Update rules/integrations/azure/credential_access_entra_signin_brute_force_microsoft_365.toml

* Update metadata for `updated_date`

---------

Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>
Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>
Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com>
Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>

2025-05-06 22:43:15 +05:30

aws

[New Rule] Adding Coverage for AWS S3 Static Site JavaScript File Uploaded (#4617 )

2025-04-30 16:25:03 -04:00

aws_bedrock

Prep for Release 9.0 (#4550 )

2025-03-20 20:32:07 +05:30

azure

[Rule Tuning] Add exceptions for non-interactive signin failures for Entra M365 Bruteforce (#4405 )

2025-05-06 22:43:15 +05:30

azure_openai

Add investigation guides (#4600 )