sigma-rules

Files

T

Terrance DeJesus 38e0f13e23 [New Rule] First Occurrence of User Identity Retrieving Credentials from EC2 Instance with an Assumed Role (#3586 )

* new rule 'First Occurrence of User Identity Sending  Requests to EC2 Instance'

* updated description and name

* added investigation guide; adjusted description

* Update rules/integrations/aws/credential_access_aws_getpassword_for_ec2_instance.toml

Co-authored-by: Isai <59296946+imays11@users.noreply.github.com>

* Update rules/integrations/aws/credential_access_aws_getpassword_for_ec2_instance.toml

Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>

* Update rules/integrations/aws/credential_access_aws_getpassword_for_ec2_instance.toml

Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>

* Update rules/integrations/aws/credential_access_aws_getpassword_for_ec2_instance.toml

Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>

* updated query logic

* fixed spacing issue

* Update rules/integrations/aws/credential_access_aws_getpassword_for_ec2_instance.toml

* Update rules/integrations/aws/credential_access_aws_getpassword_for_ec2_instance.toml

---------

Co-authored-by: Isai <59296946+imays11@users.noreply.github.com>
Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>

2024-05-13 23:07:39 -04:00

aws

[New Rule] First Occurrence of User Identity Retrieving Credentials from EC2 Instance with an Assumed Role (#3586 )

2024-05-13 23:07:39 -04:00

aws_bedrock

[New Rule] Unusual High Confidence Misconduct Blocks Detected (#3647 )

2024-05-06 07:32:02 -05:00

azure

Fix minstack version for 0365 in azure integration rules (#3612 )

2024-04-22 19:17:49 +05:30

beaconing

Beaconing - Add whitelist to rules, with some more processes (#3497 )