sigma-rules

Files

T

Terrance DeJesus 59b7e3bde4 [New Rule] Rapid Secret Retrieval Attempts from AWS SecretsManager (#3589 )

* new rule 'Rapid Secret Retrieval Attempts from AWS SecretsManager'

* updated user identity arn to user.id for cross-service password retrieval

* added investigation guides; bumped dates; adjusted threshold value

* Update rules/integrations/aws/credential_access_rapid_secret_retrieval_attempts_from_secretsmanager.toml

Co-authored-by: Isai <59296946+imays11@users.noreply.github.com>

* Update rules/integrations/aws/credential_access_rapid_secret_retrieval_attempts_from_secretsmanager.toml

Co-authored-by: Isai <59296946+imays11@users.noreply.github.com>

* Update rules/integrations/aws/credential_access_new_terms_secretsmanager_getsecretvalue.toml

Co-authored-by: Isai <59296946+imays11@users.noreply.github.com>

---------

Co-authored-by: Isai <59296946+imays11@users.noreply.github.com>
Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com>

2024-06-04 09:20:04 -04:00

aws

[New Rule] Rapid Secret Retrieval Attempts from AWS SecretsManager (#3589 )

2024-06-04 09:20:04 -04:00

aws_bedrock

[New Rule] Unusual High Confidence Misconduct Blocks Detected (#3647 )

2024-05-06 07:32:02 -05:00

azure

Back-porting Version Trimming (#3704 )

2024-05-23 00:45:10 +05:30

beaconing

Update rule setup instructions for UEBA packages (#3652 )