security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ba458dea13e5308c351c18f41d381fcd64920301
sigma-rules/rules/integrations
T
History
Austin Songer ba458dea13 [New Rule] New or Modified Federation Domain (#1212) 
* Update impact_iam_deactivate_mfa_device.toml

https://github.com/elastic/detection-rules/issues/1111

* Update impact_iam_deactivate_mfa_device.toml

* Update discovery_post_exploitation_external_ip_lookup.toml

        "*ipapi.co",
        "*ip-lookup.net",
        "*ipstack.com"

* Update rules/aws/impact_iam_deactivate_mfa_device.toml

Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>

* Revert "Update discovery_post_exploitation_external_ip_lookup.toml"

This reverts commit b57fd60c9511e20a336d32a9c9b8d5cf9954c50e.

* Update

* New Rule: Okta User Attempted Unauthorized Access

* Update privilege_escalation_okta_user_attempted_unauthorized_access.toml

* Update privilege_escalation_okta_user_attempted_unauthorized_access.toml

* Delete privilege_escalation_okta_user_attempted_unauthorized_access.toml

* Create persistence_new-or-modified-federation-domain.toml

* Delete persistence_new-or-modified-federation-domain.toml

* Create persistence_new-or-modified-federation-domain.toml

* Rename persistence_new-or-modified-federation-domain.toml to persistence_new_or_modified_federation_domain.toml

* Update persistence_new_or_modified_federation_domain.toml

* Update .gitignore

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

* Update rules/microsoft-365/persistence_new_or_modified_federation_domain.toml

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

* Update rules/microsoft-365/persistence_new_or_modified_federation_domain.toml

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

* Update persistence_new_or_modified_federation_domain.toml

* Update persistence_new_or_modified_federation_domain.toml

* Update persistence_new_or_modified_federation_domain.toml

* Update

* Update persistence_new_or_modified_federation_domain.toml

Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

(cherry picked from commit a51ed86851)
2021-09-29 12:17:22 +00:00
..
aws
[New Rule] AWS STS GetSessionToken Abuse (#1213)
2021-09-22 19:29:04 +00:00
azure
[Rule tuning] Azure Active Directory High Risk Sign-in (#1463)
2021-08-30 22:34:47 +00:00
cyberarkpas
[Fleet] Track integrations in folder and metadata (#1372)
2021-07-21 21:25:48 +00:00
endpoint
Revert #1440 new endpoint promotion rule (#1470)
2021-09-03 14:08:22 +00:00
gcp
[Fleet] Track integrations in folder and metadata (#1372)
2021-07-21 21:25:48 +00:00
google_workspace
[Rule tuning] Revise rule description and other text (#1398)
2021-08-03 21:08:48 +00:00
o365
[New Rule] New or Modified Federation Domain (#1212)
2021-09-29 12:17:22 +00:00
okta
[Fleet] Track integrations in folder and metadata (#1372)
2021-07-21 21:25:48 +00:00