sigma-rules

Files

T

Terrance DeJesus 727e7ada2e [New Rule] First Occurrence of User Identity Retrieving Credentials from EC2 Instance with an Assumed Role (#3586 )

* new rule 'First Occurrence of User Identity Sending  Requests to EC2 Instance'

* updated description and name

* added investigation guide; adjusted description

* Update rules/integrations/aws/credential_access_aws_getpassword_for_ec2_instance.toml

Co-authored-by: Isai <59296946+imays11@users.noreply.github.com>

* Update rules/integrations/aws/credential_access_aws_getpassword_for_ec2_instance.toml

Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>

* Update rules/integrations/aws/credential_access_aws_getpassword_for_ec2_instance.toml

Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>

* Update rules/integrations/aws/credential_access_aws_getpassword_for_ec2_instance.toml

Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>

* updated query logic

* fixed spacing issue

* Update rules/integrations/aws/credential_access_aws_getpassword_for_ec2_instance.toml

* Update rules/integrations/aws/credential_access_aws_getpassword_for_ec2_instance.toml

---------

Co-authored-by: Isai <59296946+imays11@users.noreply.github.com>
Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>

(cherry picked from commit 38e0f13e23)

2024-05-14 03:15:43 +00:00

aws

[New Rule] First Occurrence of User Identity Retrieving Credentials from EC2 Instance with an Assumed Role (#3586 )

2024-05-14 03:15:43 +00:00

azure

Fix minstack version for 0365 in azure integration rules (#3612 )

2024-04-22 13:55:15 +00:00

beaconing

Beaconing - Add whitelist to rules, with some more processes (#3497 )

2024-03-14 19:56:12 +00:00

cloud_defend

[Tuning] Update min_stack for container rules new ecs field (#3370 )