security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5f60e21ecef25f52343d460e4762d56c2f797e25
sigma-rules/rules/integrations
T
History
Isai 5f60e21ece [Rule Tunings] AWS IAM Administrator Access Policy Attached to Group/Role/User (#5215) 
* [Rule Tunings] AWS IAM Administrator Access Policy Attached to Group/Role/User

All 3 rules triggering as expected, low telemetry volume. However, the same rule logic can be applied via EQL so I've changed the rule types for all 3 from ESQL to EQL. To provide better telemetry and alert context for users.

- changed rule type to EQL
- updated all IGs
- added highlighted fields
- added index

* removed double note key

removed double note key

* adding iam event.category

* removed file beat compatibility missing category for AttachRolePolicy

filebeat does not have category mapping for AttachRolePolicy event

* toml-lint
2025-10-16 12:22:56 -04:00
..
aws
[Rule Tunings] AWS IAM Administrator Access Policy Attached to Group/Role/User (#5215)
2025-10-16 12:22:56 -04:00
aws_bedrock
[Rule Tuning] Updated ESQL Rules Based on Validation Results (#5151)
2025-09-30 00:36:29 -04:00
azure
[New Rule] Azure Storage Blob Retrieval via AzCopy (#5179)
2025-10-16 12:00:55 -04:00
azure_openai
[Rule Tuning] Updated ESQL Rules Based on Validation Results (#5151)
2025-09-30 00:36:29 -04:00
beaconing
[FR] Generate investigation guides (#4358)
2025-01-22 11:17:38 -06:00
cyberarkpas
[FR] Generate investigation guides (#4358)
2025-01-22 11:17:38 -06:00
ded
[FR] Generate investigation guides (#4358)
2025-01-22 11:17:38 -06:00
dga
[Rule Tuning] Reduce Severity from Critical to High (#4637)
2025-05-06 21:37:47 +05:30
endpoint
Prep 8.19/9.1 (#4869)
2025-07-07 11:27:48 -04:00
fim
[FR] Generate investigation guides (#4358)
2025-01-22 11:17:38 -06:00
gcp
[FR] Generate investigation guides (#4358)
2025-01-22 11:17:38 -06:00
github
Prep for Release 9.0 (#4550)
2025-03-20 20:32:07 +05:30
google_workspace
Fix spacing in Setup information (#4470)
2025-02-20 10:04:13 +05:30
kubernetes
Investigation guides Update (#4920)
2025-07-22 07:52:48 +05:30
lmd
[FR] Generate investigation guides (#4358)
2025-01-22 11:17:38 -06:00
o365
[Rule Tuning] Update Azure / M365 Index Patterns and Lookback Windows (#5155)
2025-09-30 15:51:50 -04:00
okta
[Rule Tuning] Updated ESQL Rules Based on Validation Results (#5151)
2025-09-30 00:36:29 -04:00
pad
Prep 8.19/9.1 (#4869)
2025-07-07 11:27:48 -04:00
problemchild
[Rule Tuning] Beats & Endgame Indices (#5072)
2025-09-09 13:19:13 -05:00