sigma-rules/rules/aws at a679207413bed5ca2e0809fa2eb3e735a58fd4a5 - sigma-rules - GreySec Git

security-tools/sigma-rules

Files

T

History

Brent Murphy 8a5e0dd441 [New Rule] AWS Management Console Attempted Root Login Brute Force (#88 )

* Create initial_access_root_console_failure_brute_force.toml

* bumping threshold value to 10

* Update rules/aws/initial_access_root_console_failure_brute_force.toml

Co-authored-by: David French <56409778+threat-punter@users.noreply.github.com>

* Update rules/aws/initial_access_root_console_failure_brute_force.toml

Co-authored-by: David French <56409778+threat-punter@users.noreply.github.com>

* Update initial_access_root_console_failure_brute_force.toml

* Update rules/aws/initial_access_root_console_failure_brute_force.toml

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

* Update initial_access_root_console_failure_brute_force.toml

* update with FP info

* update threshold field

Co-authored-by: David French <56409778+threat-punter@users.noreply.github.com>
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

2020-09-28 13:37:22 -04:00

..

collection_cloudtrail_logging_created.toml

[Rule Tuning] Update AWS rules to account for Agent index (#256 )

2020-09-21 09:04:50 -04:00

credential_access_aws_iam_assume_role_brute_force.toml

[Rule Tuning] Update AWS rules to account for Agent index (#256 )

2020-09-21 09:04:50 -04:00

credential_access_iam_user_addition_to_group.toml

[Rule Tuning] Update AWS rules to account for Agent index (#256 )

2020-09-21 09:04:50 -04:00

credential_access_secretsmanager_getsecretvalue.toml

[Rule Tuning] Update AWS rules to account for Agent index (#256 )

2020-09-21 09:04:50 -04:00

defense_evasion_cloudtrail_logging_deleted.toml

[Rule Tuning] Update AWS rules to account for Agent index (#256 )

2020-09-21 09:04:50 -04:00

defense_evasion_cloudtrail_logging_suspended.toml

[Rule Tuning] Update AWS rules to account for Agent index (#256 )

2020-09-21 09:04:50 -04:00

defense_evasion_cloudwatch_alarm_deletion.toml

[Rule Tuning] Update AWS rules to account for Agent index (#256 )

2020-09-21 09:04:50 -04:00

defense_evasion_config_service_rule_deletion.toml

[Rule Tuning] Update AWS rules to account for Agent index (#256 )

2020-09-21 09:04:50 -04:00

defense_evasion_configuration_recorder_stopped.toml

[Rule Tuning] Update AWS rules to account for Agent index (#256 )

2020-09-21 09:04:50 -04:00

defense_evasion_ec2_flow_log_deletion.toml

[Rule Tuning] Update AWS rules to account for Agent index (#256 )

2020-09-21 09:04:50 -04:00

defense_evasion_ec2_network_acl_deletion.toml

[Rule Tuning] Update AWS rules to account for Agent index (#256 )

2020-09-21 09:04:50 -04:00

defense_evasion_guardduty_detector_deletion.toml

[Rule Tuning] Update AWS rules to account for Agent index (#256 )

2020-09-21 09:04:50 -04:00

defense_evasion_s3_bucket_configuration_deletion.toml

[Rule Tuning] Update AWS rules to account for Agent index (#256 )

2020-09-21 09:04:50 -04:00

defense_evasion_waf_acl_deletion.toml

[Rule Tuning] Update AWS rules to account for Agent index (#256 )

2020-09-21 09:04:50 -04:00

defense_evasion_waf_rule_or_rule_group_deletion.toml

[Rule Tuning] Update AWS rules to account for Agent index (#256 )

2020-09-21 09:04:50 -04:00

execution_via_system_manager.toml

[Rule Tuning] Update AWS rules to account for Agent index (#256 )

2020-09-21 09:04:50 -04:00

exfiltration_ec2_snapshot_change_activity.toml

[Rule Tuning] Update AWS rules to account for Agent index (#256 )

2020-09-21 09:04:50 -04:00

impact_cloudtrail_logging_updated.toml

[Rule Tuning] Update AWS rules to account for Agent index (#256 )

2020-09-21 09:04:50 -04:00

impact_cloudwatch_log_group_deletion.toml

[Rule Tuning] Update AWS rules to account for Agent index (#256 )

2020-09-21 09:04:50 -04:00

impact_cloudwatch_log_stream_deletion.toml

[Rule Tuning] Update AWS rules to account for Agent index (#256 )

2020-09-21 09:04:50 -04:00

impact_ec2_disable_ebs_encryption.toml

[Rule Tuning] Update AWS rules to account for Agent index (#256 )

2020-09-21 09:04:50 -04:00

impact_iam_deactivate_mfa_device.toml

[Rule Tuning] Update AWS rules to account for Agent index (#256 )

2020-09-21 09:04:50 -04:00

impact_iam_group_deletion.toml

[Rule Tuning] Update AWS rules to account for Agent index (#256 )

2020-09-21 09:04:50 -04:00

impact_rds_cluster_deletion.toml

[Rule Tuning] Update AWS rules to account for Agent index (#256 )

2020-09-21 09:04:50 -04:00

impact_rds_instance_cluster_stoppage.toml

[Rule Tuning] Update AWS rules to account for Agent index (#256 )

2020-09-21 09:04:50 -04:00

initial_access_console_login_root.toml

[Rule Tuning] Update AWS rules to account for Agent index (#256 )

2020-09-21 09:04:50 -04:00

initial_access_password_recovery.toml

[Rule Tuning] Update AWS rules to account for Agent index (#256 )

2020-09-21 09:04:50 -04:00

initial_access_root_console_failure_brute_force.toml

[New Rule] AWS Management Console Attempted Root Login Brute Force (#88 )

2020-09-28 13:37:22 -04:00

persistence_ec2_network_acl_creation.toml

[Rule Tuning] Update AWS rules to account for Agent index (#256 )

2020-09-21 09:04:50 -04:00

persistence_iam_group_creation.toml

[Rule Tuning] Update AWS rules to account for Agent index (#256 )

2020-09-21 09:04:50 -04:00

persistence_rds_cluster_creation.toml

[Rule Tuning] Update AWS rules to account for Agent index (#256 )

2020-09-21 09:04:50 -04:00

privilege_escalation_root_login_without_mfa.toml

[Rule Tuning] Update AWS rules to account for Agent index (#256 )

2020-09-21 09:04:50 -04:00

privilege_escalation_updateassumerolepolicy.toml

[Rule Tuning] Update AWS rules to account for Agent index (#256 )

2020-09-21 09:04:50 -04:00