security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
55f91946ecbd6e923bed286aaafbd20a9c3890b5
sigma-rules/rules/integrations
T
History
Samirbous 55f91946ec [New] Kubernetes Secrets List Across Cluster or Sensitive Namespaces (#5966) 
* [New] Kubernetes Secrets List Across Cluster or Sensitive Namespaces

Detects `list` operations on Kubernetes Secrets from a non-loopback client when the request URI targets cluster-wide secrets or list operations under `kube-system` or `default`. Useful for spotting broad secret enumeration from remote clients.

* Update credential_access_kubernetes_secrets_list_cluster_and_sensitive_namespaces.toml

* Update credential_access_kubernetes_secrets_list_cluster_and_sensitive_namespaces.toml

* Update rules/integrations/kubernetes/credential_access_kubernetes_secrets_list_cluster_and_sensitive_namespaces.toml

Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com>

---------

Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com>
2026-05-02 10:55:30 +01:00
..
aws
[New] Diverse AWS rules (#5913)
2026-05-01 21:57:28 +01:00
aws_bedrock
[Tuning] Add mv_expand for gen_ai.policy.action field (#5296)
2025-11-11 07:37:40 +05:30
azure
Prep for Release 9.4 (#5965)
2026-04-23 00:13:05 +05:30
azure_openai
[Rule Tuning] Updated ESQL Rules Based on Validation Results (#5151)
2025-09-30 00:36:29 -04:00
beaconing
[Rule Tuning] Add Supplemental Mitre Mappings (#5876)
2026-04-01 09:12:42 -05:00
cloud_defend
[Tuning/New] Namespace Manipulation Using Unshare (#6024)
2026-05-01 15:29:44 +01:00
cyberarkpas
[Rule Tuning] Change event.dataset to data_stream.dataset (#5943)
2026-04-10 12:27:52 -04:00
ded
Add Entity related integrations ML rules with _ea job IDs and min_stack_version 9.4.0 (#5909)
2026-04-22 17:36:35 +05:30
dga
Add Entity related integrations ML rules with _ea job IDs and min_stack_version 9.4.0 (#5909)
2026-04-22 17:36:35 +05:30
endpoint
Prep 8.19/9.1 (#4869)
2025-07-07 11:27:48 -04:00
fim
[Rule Tuning] Change event.dataset to data_stream.dataset (#5943)
2026-04-10 12:27:52 -04:00
gcp
[Rule Tuning] Change event.dataset to data_stream.dataset (#5943)
2026-04-10 12:27:52 -04:00
github
[Rule Tuning] Change event.dataset to data_stream.dataset (#5943)
2026-04-10 12:27:52 -04:00
google_workspace
[Rule Tuning] Change event.dataset to data_stream.dataset (#5943)
2026-04-10 12:27:52 -04:00
kubernetes
[New] Kubernetes Secrets List Across Cluster or Sensitive Namespaces (#5966)
2026-05-02 10:55:30 +01:00
lmd
Add Entity related integrations ML rules with _ea job IDs and min_stack_version 9.4.0 (#5909)
2026-04-22 17:36:35 +05:30
microsoft_exchange_online_message_trace
[Rule Tuning] Change event.dataset to data_stream.dataset (#5943)
2026-04-10 12:27:52 -04:00
o365
[Rule Tuning] Change event.dataset to data_stream.dataset (#5943)
2026-04-10 12:27:52 -04:00
okta
[Rule Tuning] Revert Event Dataset for Security Alert Index (#5994)
2026-04-28 13:17:03 -04:00
pad
Add Entity related integrations ML rules with _ea job IDs and min_stack_version 9.4.0 (#5909)
2026-04-22 17:36:35 +05:30
problemchild
Add Entity related integrations ML rules with _ea job IDs and min_stack_version 9.4.0 (#5909)
2026-04-22 17:36:35 +05:30