security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
527f785a601b0fe2b3bee1659bbc11ffc6f4760e
sigma-rules/detection_rules
T
History
Terrance DeJesus 527f785a60 [New Rule] AWS EC2 VPC Security Group Rule Added for Any Address or Remote Access Ports (#3599) 
* new rule 'AWS EC2 VPC Security Group Rule Added for Any Address or Remote Access Ports'

* updated rule name

* changed file name; added false-positive note

* changed rule UUID

* adjusted file name

* updated tags

* added investigation guide; updated query logic

* Update rules/integrations/aws/defense_evasion_vpc_security_group_ingress_rule_added_for_remote_connections.toml

Co-authored-by: Justin Ibarra <16747370+brokensound77@users.noreply.github.com>

* updated query and name

* updated query optimization

---------

Co-authored-by: Justin Ibarra <16747370+brokensound77@users.noreply.github.com>
2024-05-28 10:49:20 -04:00
..
etc
[New Rule] AWS EC2 VPC Security Group Rule Added for Any Address or Remote Access Ports (#3599)
2024-05-28 10:49:20 -04:00
schemas
[FR] Update utility path computation to use pathlib (#3699)
2024-05-23 17:36:51 -04:00
__init__.py
[FR] Independently package kql / kibana and bump to py3.12 (#3514)
2024-03-14 20:18:32 -05:00
__main__.py
[FR] Update utility path computation to use pathlib (#3699)
2024-05-23 17:36:51 -04:00
attack.py
[FR] Update utility path computation to use pathlib (#3699)
2024-05-23 17:36:51 -04:00
beats.py
[Bug] Use integration schemas for required_field types (#3303)
2023-12-11 11:32:38 -06:00
cli_utils.py
[FR] Normalize yml ext to yaml (#3675)
2024-05-15 15:18:39 -05:00
devtools.py
[FR] Update utility path computation to use pathlib (#3699)
2024-05-23 17:36:51 -04:00
docs.py
[Bug] Fix URL links in autogenerated security docs (#3474)
2024-02-23 16:50:33 -05:00
ecs.py
[FR] Update utility path computation to use pathlib (#3699)
2024-05-23 17:36:51 -04:00
endgame.py
[FR] Update utility path computation to use pathlib (#3699)
2024-05-23 17:36:51 -04:00
eswrap.py
[FR] Normalize yml ext to yaml (#3675)
2024-05-15 15:18:39 -05:00
ghwrap.py
Update package and install process (#1948)
2022-12-08 15:49:49 -05:00
integrations.py
[FR] Update utility path computation to use pathlib (#3699)
2024-05-23 17:36:51 -04:00
kbwrap.py
Refresh Kibana module with API updates (#3466)
2024-04-26 11:12:50 -06:00
main.py
[FR] Update utility path computation to use pathlib (#3699)
2024-05-23 17:36:51 -04:00
mappings.py
[FR] Update utility path computation to use pathlib (#3699)
2024-05-23 17:36:51 -04:00
misc.py
[FR] Update utility path computation to use pathlib (#3699)
2024-05-23 17:36:51 -04:00
mixins.py
Refresh Kibana module with API updates (#3466)
2024-04-26 11:12:50 -06:00
ml.py
[FR] Update utility path computation to use pathlib (#3699)
2024-05-23 17:36:51 -04:00
navigator.py
[Bug] Fix missing indexes on navigator build (#3636)
2024-05-01 15:50:54 -06:00
packaging.py
[FR] Update utility path computation to use pathlib (#3699)
2024-05-23 17:36:51 -04:00
remote_validation.py
[FR] Add Support for ES|QL Rule Type and Remote Validation (#3281)
2023-12-08 12:46:28 -07:00
rule_formatter.py
[Bug] Update Rule Formatter (#3668)
2024-05-13 15:00:01 -04:00
rule_loader.py
[FR] Update utility path computation to use pathlib (#3699)
2024-05-23 17:36:51 -04:00
rule_validators.py
[Bug] Query validation failing to capture InSet edge case with ip field types (#3572)
2024-05-06 07:58:42 -04:00
rule.py
[New Rule] AWS S3 Bucket Enumeration or Brute Force (#3635)
2024-05-01 15:00:33 -06:00
utils.py
[FR] Update utility path computation to use pathlib (#3699)
2024-05-23 17:36:51 -04:00
version_lock.py
[FR] Update utility path computation to use pathlib (#3699)
2024-05-23 17:36:51 -04:00