sigma-rules

Files

T

Terrance DeJesus bae7835f6a [New Rule] MSFT Tenant OAuth Phishing via First-Party VSCode Client (#4642 )

* new rules for MSFT Oauth phishing in Azure, Entra and Microsoft 365

* changed m365 file name

* fixed duplicate tactics

* updaing non-ecs for graph activity logs

* updating rules; investigation guides; formatting, linting errors

2025-05-01 22:38:41 -04:00

aws

[New Rule] Adding Coverage for AWS S3 Static Site JavaScript File Uploaded (#4617 )

2025-04-30 16:25:03 -04:00

aws_bedrock

Prep for Release 9.0 (#4550 )

2025-03-20 20:32:07 +05:30

azure

[New Rule] MSFT Tenant OAuth Phishing via First-Party VSCode Client (#4642 )

2025-05-01 22:38:41 -04:00

azure_openai

Add investigation guides (#4600 )

2025-04-07 20:55:39 +05:30

beaconing

[FR] Generate investigation guides (#4358 )

2025-01-22 11:17:38 -06:00

cyberarkpas

[FR] Generate investigation guides (#4358 )

2025-01-22 11:17:38 -06:00

ded

[FR] Generate investigation guides (#4358 )

2025-01-22 11:17:38 -06:00

dga

[FR] Generate investigation guides (#4358 )

2025-01-22 11:17:38 -06:00

endpoint

Update Max signals value to supported limits (#4556 )

2025-03-27 09:02:25 +05:30

fim

[FR] Generate investigation guides (#4358 )

2025-01-22 11:17:38 -06:00

gcp

[FR] Generate investigation guides (#4358 )

2025-01-22 11:17:38 -06:00

github

Prep for Release 9.0 (#4550 )

2025-03-20 20:32:07 +05:30

google_workspace

Fix spacing in Setup information (#4470 )

2025-02-20 10:04:13 +05:30

kubernetes

[FR] Generate investigation guides (#4358 )

2025-01-22 11:17:38 -06:00

lmd

[FR] Generate investigation guides (#4358 )

2025-01-22 11:17:38 -06:00

o365

[New Rule] MSFT Tenant OAuth Phishing via First-Party VSCode Client (#4642 )

2025-05-01 22:38:41 -04:00

okta

Fix spacing in Setup information (#4470 )

2025-02-20 10:04:13 +05:30

pad

Min stack rules from 4516 (#4549 )

2025-03-19 20:27:30 -04:00

problemchild

Prep main for 9.1 (#4555 )

2025-03-26 11:04:14 -04:00