security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
63d6a54804bfa4843a63f2d8a969d9ace108e1e9
sigma-rules/rules/integrations
T
History
Austin Songer 93b8038d7d [New Rule] AWS STS GetSessionToken Abuse (#1213) 
* Update impact_iam_deactivate_mfa_device.toml

https://github.com/elastic/detection-rules/issues/1111

* Update impact_iam_deactivate_mfa_device.toml

* Update discovery_post_exploitation_external_ip_lookup.toml

        "*ipapi.co",
        "*ip-lookup.net",
        "*ipstack.com"

* Update rules/aws/impact_iam_deactivate_mfa_device.toml

Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>

* Revert "Update discovery_post_exploitation_external_ip_lookup.toml"

This reverts commit b57fd60c9511e20a336d32a9c9b8d5cf9954c50e.

* Update

* New Rule: Okta User Attempted Unauthorized Access

* Update privilege_escalation_okta_user_attempted_unauthorized_access.toml

* Update privilege_escalation_okta_user_attempted_unauthorized_access.toml

* Delete privilege_escalation_okta_user_attempted_unauthorized_access.toml

* Create persistence_new-or-modified-federation-domain.toml

* Delete persistence_new-or-modified-federation-domain.toml

* Create lateral_movement_sts_getsessiontoken_abuse.toml

* Rename lateral_movement_sts_getsessiontoken_abuse.toml to privilege_escalation_sts_getsessiontoken_abuse.toml

* Update privilege_escalation_sts_getsessiontoken_abuse.toml

* Update rules/aws/privilege_escalation_sts_getsessiontoken_abuse.toml

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

* Update .gitignore

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

* Update privilege_escalation_sts_getsessiontoken_abuse.toml

* Update privilege_escalation_sts_getsessiontoken_abuse.toml

* Update

* Update rules/integrations/aws/privilege_escalation_sts_getsessiontoken_abuse.toml

Co-authored-by: Jonhnathan <jonhnathancesar@gmail.com>

Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>
Co-authored-by: Jonhnathan <jonhnathancesar@gmail.com>
2021-09-22 16:28:02 -03:00
..
aws
[New Rule] AWS STS GetSessionToken Abuse (#1213)
2021-09-22 16:28:02 -03:00
azure
[Rule tuning] Azure Active Directory High Risk Sign-in (#1463)
2021-08-30 14:33:44 -08:00
cyberarkpas
[Fleet] Track integrations in folder and metadata (#1372)
2021-07-21 15:24:56 -06:00
endpoint
Revert #1440 new endpoint promotion rule (#1470)
2021-09-03 08:07:20 -06:00
gcp
[Fleet] Track integrations in folder and metadata (#1372)
2021-07-21 15:24:56 -06:00
google_workspace
[Rule tuning] Revise rule description and other text (#1398)
2021-08-03 13:07:47 -08:00
o365
[Rule Tuning] Rule description tweaks (#1388)
2021-07-29 10:56:13 -08:00
okta
[Fleet] Track integrations in folder and metadata (#1372)
2021-07-21 15:24:56 -06:00