security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
63f76cf004dec3f3d7f716d50a98d8981871f33e
sigma-rules/detection_rules
T
History
Terrance DeJesus 63f76cf004 [Rule Tuning] Entra ID SharePoint Accessed by Unusual User and Microsoft Authentication Broker Client (#5681) 
* [Rule Tuning] Transform Dormant SharePoint Rule to Detect OAuth Phishing
Fixes #5680

* adjusted query format for unit test; added additional domain tag for storage

* Apply suggestion from @terrancedejesus

* Fix formatting in non-ecs-schema.json

* adjusted description

* re-order mappings
2026-02-19 10:09:15 -05:00
..
etc
[Rule Tuning] Entra ID SharePoint Accessed by Unusual User and Microsoft Authentication Broker Client (#5681)
2026-02-19 10:09:15 -05:00
schemas
[Bug] CLI adds frequency field to system actions (.cases), causing import failure (#5690)
2026-02-11 15:18:20 -05:00
__init__.py
fix: type hinting fixes and additional code checks (#4790)
2025-07-01 08:20:55 -05:00
__main__.py
fix: type hinting fixes and additional code checks (#4790)
2025-07-01 08:20:55 -05:00
action_connector.py
[Bug] Fix UTF-8 Encoding for Rule File Operations (#5684)
2026-02-05 14:21:30 +01:00
action.py
fix: type hinting fixes and additional code checks (#4790)
2025-07-01 08:20:55 -05:00
atlas.py
[New Rules] Add MITRE ATLAS framework support and GenAI threat detection rules (#5352)
2025-12-05 12:26:56 -06:00
attack.py
fix: type hinting fixes and additional code checks (#4790)
2025-07-01 08:20:55 -05:00
beats.py
[FR] Refactor Schema Validation & Support Multi-Dataset Sequence Validation (#5059)
2025-09-10 13:11:04 -05:00
cli_utils.py
Renovate Updates (#5258)
2025-11-17 20:22:11 +05:30
config.py
[FR] Expand CUSTOM_RULES_DIR to support user relative paths (#5390)
2025-12-03 12:19:29 -05:00
custom_rules.py
[doc fix] Adjust wording in the docs for Kibana import/export commands (#5600)
2026-02-04 11:17:58 +01:00
custom_schemas.py
fix: type hinting fixes and additional code checks (#4790)
2025-07-01 08:20:55 -05:00
devtools.py
feat: ESQL query validation against Elastic cluster (#4955)
2025-10-15 15:17:07 -04:00
docs.py
fix: type hinting fixes and additional code checks (#4790)
2025-07-01 08:20:55 -05:00
ecs.py
fix: type hinting fixes and additional code checks (#4790)
2025-07-01 08:20:55 -05:00
endgame.py
fix: type hinting fixes and additional code checks (#4790)
2025-07-01 08:20:55 -05:00
esql_errors.py
feat: ESQL query validation against Elastic cluster (#4955)
2025-10-15 15:17:07 -04:00
esql.py
feat: ESQL query validation against Elastic cluster (#4955)
2025-10-15 15:17:07 -04:00
eswrap.py
fix: type hinting fixes and additional code checks (#4790)
2025-07-01 08:20:55 -05:00
exception.py
[Bug] Fix UTF-8 Encoding for Rule File Operations (#5684)
2026-02-05 14:21:30 +01:00
generic_loader.py
fix: type hinting fixes and additional code checks (#4790)
2025-07-01 08:20:55 -05:00
ghwrap.py
Renovate Updates (#5258)
2025-11-17 20:22:11 +05:30
index_mappings.py
[Bug] Add synthetic properties check to remote ESQL validation (#5308)
2025-11-13 15:25:42 -05:00
integrations.py
[doc fix] Adjust wording in the docs for Kibana import/export commands (#5600)
2026-02-04 11:17:58 +01:00
kbwrap.py
[doc fix] Adjust wording in the docs for Kibana import/export commands (#5600)
2026-02-04 11:17:58 +01:00
main.py
Added logic to main.py to use the created_at and updated_at values if they exist (#5444)
2026-01-26 11:00:45 +01:00
misc.py
feat: ESQL query validation against Elastic cluster (#4955)
2025-10-15 15:17:07 -04:00
mixins.py
[Bug] Add Required to the Annotation (#5159)
2025-09-29 18:30:50 -04:00
ml.py
fix: type hinting fixes and additional code checks (#4790)
2025-07-01 08:20:55 -05:00
navigator.py
fix: type hinting fixes and additional code checks (#4790)
2025-07-01 08:20:55 -05:00
packaging.py
fix: type hinting fixes and additional code checks (#4790)
2025-07-01 08:20:55 -05:00
remote_validation.py
feat: ESQL query validation against Elastic cluster (#4955)
2025-10-15 15:17:07 -04:00
rule_formatter.py
[Bug] Fix UTF-8 Encoding for Rule File Operations (#5684)
2026-02-05 14:21:30 +01:00
rule_loader.py
[Bug] Fix UTF-8 Encoding for Rule File Operations (#5684)
2026-02-05 14:21:30 +01:00
rule_validators.py
[Bug] [DAC] Auto Gen Schema Fails on Certain Subqueries (#5256)
2025-11-12 11:21:53 -05:00
rule.py
[Bug] CLI adds frequency field to system actions (.cases), causing import failure (#5690)
2026-02-11 15:18:20 -05:00
utils.py
[Bug] Fix UTF-8 Encoding for Rule File Operations (#5684)
2026-02-05 14:21:30 +01:00
version_lock.py
fix: type hinting fixes and additional code checks (#4790)
2025-07-01 08:20:55 -05:00