Terrance DeJesus cc3fb35b06 [New Rule] Okta MFA Bombing Attempt (#3278) ...

* new rule 'Potential Okta MFA Bombing via Push Notifications'

* updated naming

* TOML lint

* adjusted duplicate rule ID

* added event category override; added until sequence statement

* added verify authentication success

* moved setup to separate field

* enhanced query optimization

(cherry picked from commit e6fef85899)

2023-11-28 14:20:45 +00:00

..

aws

[Rule Tuning] Bump Minimum Stacks for AWS and Okta for Version Control (#3221)

2023-10-24 16:58:20 +00:00

azure

[Security Content] Include "Data Source: Elastic Defend" tag (#3002)

2023-09-05 18:28:40 +00:00

cloud_defend

[New Rule] Modification of Dynamic Linker Preload Shared Object Inside A Container (#2837)

2023-07-17 15:03:24 -04:00

cyberarkpas

[Security Content] Tags Reform (#2725)

2023-06-22 18:38:56 -03:00

ded

[New Rule] Adding Data Exfiltration Rules from Advanced Analytic DED Package (#3126)

2023-10-14 17:29:24 +00:00

dga

[New Rule] Adding DGA Rules from Advanced Analytic DGA Package (#3102)

2023-10-16 19:54:30 +00:00

endpoint

[Security Content] Tags Reform (#2725)

2023-06-22 18:38:56 -03:00

gcp

[Security Content] Tags Reform (#2725)

2023-06-22 18:38:56 -03:00

github

[New Rule] New GitHub App Installed (#3055)

2023-10-13 00:16:30 +00:00

google_workspace

[Security Content] Tags Reform (#2725)

2023-06-22 18:38:56 -03:00

kubernetes

[Rule Tuning] Kubernetes Anonymous Request Authorized (#2865)

2023-07-17 13:03:05 -04:00

lmd

[New Rule] Migrate Lateral Movement Detection Rules (#3175)

2023-10-12 19:07:54 +00:00

o365

[New] Suspicious Microsoft 365 Mail Access by ClientAppId (#2933)

2023-07-19 16:05:13 +01:00

okta

[New Rule] Okta MFA Bombing Attempt (#3278)

2023-11-28 14:20:45 +00:00

problemchild

[New Rule] Add Living-off-the-Land (LotL) ProblemChild Rules (#3193)

2023-10-23 16:29:59 +00:00