security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ae5ecd5346d32853af6eb39fddbc8983bf4c1473
sigma-rules/rules/integrations
T
History
Terrance DeJesus ae5ecd5346 [Rule Tuning] AWS suspicious user agents (TruffleHog, Kali CLI/Boto3) (#5902) 
* Expand AWS CloudTrail user-agent rule for TruffleHog and Kali

- Rename rule file to initial_access_suspicious_user_agent_detected_in_cloudtrail.toml
- Rule name: AWS Suspicious User Agent Fingerprint
- Match TruffleHog in user_agent.original (successful API calls)
- Retain Kali Linux distrib#kali fingerprint for aws-cli/Boto3
- Refresh narrative and references (incl. Kudelski Trivy supply-chain analysis)

Same rule_id f80ea920-f6f5-4c8a-9761-84ac97ec0cb2.

Made-with: Cursor

* Apply suggestion from @terrancedejesus
2026-04-03 11:50:28 -04:00
..
aws
[Rule Tuning] AWS suspicious user agents (TruffleHog, Kali CLI/Boto3) (#5902)
2026-04-03 11:50:28 -04:00
aws_bedrock
[Tuning] Add mv_expand for gen_ai.policy.action field (#5296)
2025-11-11 07:37:40 +05:30
azure
Update Entity related Kibana prebuilt ML rules with new _ea ML job ID and update minimum stack versions (#5794)
2026-04-02 09:25:14 -04:00
azure_openai
[Rule Tuning] Updated ESQL Rules Based on Validation Results (#5151)
2025-09-30 00:36:29 -04:00
beaconing
[Rule Tuning] Add Supplemental Mitre Mappings (#5876)
2026-04-01 09:12:42 -05:00
cloud_defend
[Rule Tuning] Add Supplemental Mitre Mappings (#5876)
2026-04-01 09:12:42 -05:00
cyberarkpas
[Rule Tuning] Add Supplemental Mitre Mappings (#5876)
2026-04-01 09:12:42 -05:00
ded
[Rule Tuning] Add Supplemental Mitre Mappings (#5876)
2026-04-01 09:12:42 -05:00
dga
[Rule Tuning] Add Supplemental Mitre Mappings (#5876)
2026-04-01 09:12:42 -05:00
endpoint
Prep 8.19/9.1 (#4869)
2025-07-07 11:27:48 -04:00
fim
[Rule Tuning] Add Supplemental Mitre Mappings (#5876)
2026-04-01 09:12:42 -05:00
gcp
Update Entity related Kibana prebuilt ML rules with new _ea ML job ID and update minimum stack versions (#5794)
2026-04-02 09:25:14 -04:00
github
[Rule Tuning] Add Supplemental Mitre Mappings (#5876)
2026-04-01 09:12:42 -05:00
google_workspace
[Rule Tuning] Add Supplemental Mitre Mappings (#5876)
2026-04-01 09:12:42 -05:00
kubernetes
[Rule Tuning] Add Supplemental Mitre Mappings (#5876)
2026-04-01 09:12:42 -05:00
lmd
[Rule Tuning] Add Supplemental Mitre Mappings (#5876)
2026-04-01 09:12:42 -05:00
microsoft_exchange_online_message_trace
[New Rule] M365 Azure Monitor Alert Email with Financial or Billing Theme (#5878)
2026-03-26 10:50:15 -05:00
o365
[Rule Tuning] Add Supplemental Mitre Mappings (#5876)
2026-04-01 09:12:42 -05:00
okta
[Rule Tuning] Add Supplemental Mitre Mappings (#5876)
2026-04-01 09:12:42 -05:00
pad
[Rule Tuning] Add Supplemental Mitre Mappings (#5876)
2026-04-01 09:12:42 -05:00
problemchild
[Rule Tuning] Add Supplemental Mitre Mappings (#5876)
2026-04-01 09:12:42 -05:00