security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
aaef4b99f477930cf755e8ddd5cfe6b647be3eaf
sigma-rules/rules/aws
T
History
David French 4784342723 [New Rule] AWS IAM Brute Force of Assume Role Policy (#67) 
* Create credential_access_aws_iam_assume_role_brute_force.toml

* Update maturity to production

* Update formatting for query

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

* Update rule name

* Update rules/aws/credential_access_aws_iam_assume_role_brute_force.toml

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

* Update rule description

Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>

* Update note field in rule

... to inform users that AWS Filebeat module must be enabled to use this rule.

Co-authored-by: Andrew Pease <7442091+peasead@users.noreply.github.com>

* lint rule

* Update rules/aws/credential_access_aws_iam_assume_role_brute_force.toml

Co-authored-by: Ross Wolf <31489089+rw-access@users.noreply.github.com>
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>
Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>
Co-authored-by: Andrew Pease <7442091+peasead@users.noreply.github.com>
2020-07-20 12:43:26 -06:00
..
collection_cloudtrail_logging_created.toml
Update Lookback Interval for AWS Rules
2020-07-08 08:50:01 -06:00
credential_access_aws_iam_assume_role_brute_force.toml
[New Rule] AWS IAM Brute Force of Assume Role Policy (#67)
2020-07-20 12:43:26 -06:00
credential_access_iam_user_addition_to_group.toml
Update Lookback Interval for AWS Rules
2020-07-08 08:50:01 -06:00
credential_access_secretsmanager_getsecretvalue.toml
[New rule] AWS Secrets Manager and System Manager
2020-07-08 12:48:04 -06:00
defense_evasion_cloudtrail_logging_deleted.toml
Update Lookback Interval for AWS Rules
2020-07-08 08:50:01 -06:00
defense_evasion_cloudtrail_logging_suspended.toml
Update Lookback Interval for AWS Rules
2020-07-08 08:50:01 -06:00
defense_evasion_cloudwatch_alarm_deletion.toml
Update Lookback Interval for AWS Rules
2020-07-08 08:50:01 -06:00
defense_evasion_config_service_rule_deletion.toml
[New Rule] AWS Config Service Tampering
2020-07-07 15:43:22 -06:00
defense_evasion_configuration_recorder_stopped.toml
Update Lookback Interval for AWS Rules
2020-07-08 08:50:01 -06:00
defense_evasion_ec2_flow_log_deletion.toml
Update Lookback Interval for AWS Rules
2020-07-08 08:50:01 -06:00
defense_evasion_ec2_network_acl_deletion.toml
Update Lookback Interval for AWS Rules
2020-07-08 08:50:01 -06:00
defense_evasion_guardduty_detector_deletion.toml
Update Lookback Interval for AWS Rules
2020-07-08 08:50:01 -06:00
defense_evasion_s3_bucket_configuration_deletion.toml
Update Lookback Interval for AWS Rules
2020-07-08 08:50:01 -06:00
defense_evasion_waf_acl_deletion.toml
Update Lookback Interval for AWS Rules
2020-07-08 08:50:01 -06:00
defense_evasion_waf_rule_or_rule_group_deletion.toml
Detect DeleteRule events with AWS WAF Deletion
2020-07-07 15:44:11 -06:00
execution_via_system_manager.toml
[New rule] AWS Secrets Manager and System Manager
2020-07-08 12:48:04 -06:00
exfiltration_ec2_snapshot_change_activity.toml
Update Lookback Interval for AWS Rules
2020-07-08 08:50:01 -06:00
impact_cloudtrail_logging_updated.toml
Update Lookback Interval for AWS Rules
2020-07-08 08:50:01 -06:00
impact_cloudwatch_log_group_deletion.toml
Update Lookback Interval for AWS Rules
2020-07-08 08:50:01 -06:00
impact_cloudwatch_log_stream_deletion.toml
Update Lookback Interval for AWS Rules
2020-07-08 08:50:01 -06:00
impact_ec2_disable_ebs_encryption.toml
Update Lookback Interval for AWS Rules
2020-07-08 08:50:01 -06:00
impact_iam_deactivate_mfa_device.toml
Update Lookback Interval for AWS Rules
2020-07-08 08:50:01 -06:00
impact_iam_group_deletion.toml
Update Lookback Interval for AWS Rules
2020-07-08 08:50:01 -06:00
impact_rds_cluster_deletion.toml
Update Lookback Interval for AWS Rules
2020-07-08 08:50:01 -06:00
impact_rds_instance_cluster_stoppage.toml
Update Lookback Interval for AWS Rules
2020-07-08 08:50:01 -06:00
initial_access_console_login_root.toml
Update Lookback Interval for AWS Rules
2020-07-08 08:50:01 -06:00
initial_access_password_recovery.toml
Update Lookback Interval for AWS Rules
2020-07-08 08:50:01 -06:00
persistence_ec2_network_acl_creation.toml
Update Lookback Interval for AWS Rules
2020-07-08 08:50:01 -06:00
persistence_iam_group_creation.toml
Update Lookback Interval for AWS Rules
2020-07-08 08:50:01 -06:00
persistence_rds_cluster_creation.toml
Update Lookback Interval for AWS Rules
2020-07-08 08:50:01 -06:00
privilege_escalation_root_login_without_mfa.toml
Update Lookback Interval for AWS Rules
2020-07-08 08:50:01 -06:00
privilege_escalation_updateassumerolepolicy.toml
Update Lookback Interval for AWS Rules
2020-07-08 08:50:01 -06:00