security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ce66f52aad703ccfc09f1e876463592c156f2d39
sigma-rules/detection_rules
T
History
Terrance DeJesus bae7835f6a [New Rule] MSFT Tenant OAuth Phishing via First-Party VSCode Client (#4642) 
* new rules for MSFT Oauth phishing in Azure, Entra and Microsoft 365

* changed m365 file name

* fixed duplicate tactics

* updaing non-ecs for graph activity logs

* updating rules; investigation guides; formatting, linting errors
2025-05-01 22:38:41 -04:00
..
etc
[New Rule] MSFT Tenant OAuth Phishing via First-Party VSCode Client (#4642)
2025-05-01 22:38:41 -04:00
schemas
[New Rule] Threat Intel Email Indicator Match (#4598)
2025-04-22 12:15:36 -03:00
__init__.py
chore: Removing RTAs (#4437)
2025-03-05 12:35:57 +01:00
__main__.py
[FR] Update utility path computation to use pathlib (#3699)
2024-05-23 17:36:51 -04:00
action_connector.py
[DaC] Beta Release (#3889)
2024-08-06 18:07:12 -04:00
action.py
[DaC] Beta Release (#3889)
2024-08-06 18:07:12 -04:00
attack.py
[FR] Update utility path computation to use pathlib (#3699)
2024-05-23 17:36:51 -04:00
beats.py
Account for CCS '::' index pattern (#4258)
2024-11-13 11:17:08 +05:30
cli_utils.py
[Bug] Update Schema Prompt to include new_terms_fields (#4567)
2025-04-17 10:45:51 -04:00
config.py
Feature exclude tactic name (#4593)
2025-04-16 16:02:14 -04:00
custom_rules.py
[Bug] Update Custom Rules Markdown Location (#4565)
2025-03-26 10:00:52 -04:00
custom_schemas.py
[FR] [DAC] Add Support for Known Types to Auto-generated Schemas (#3985)
2024-08-28 10:48:00 -04:00
devtools.py
fix: Fixing leftover references to sha256 method (#4690)
2025-04-30 20:34:15 +02:00
docs.py
chore: use docs-dev instead of docs dir for docs (#4522)
2025-03-07 14:34:51 +01:00
ecs.py
Account for CCS '::' index pattern (#4258)
2024-11-13 11:17:08 +05:30
endgame.py
[FR] Update utility path computation to use pathlib (#3699)
2024-05-23 17:36:51 -04:00
eswrap.py
chore: Removing RTAs (#4437)
2025-03-05 12:35:57 +01:00
exception.py
[DaC] Beta Release (#3889)
2024-08-06 18:07:12 -04:00
generic_loader.py
[DaC] Beta Release (#3889)
2024-08-06 18:07:12 -04:00
ghwrap.py
Update package and install process (#1948)
2022-12-08 15:49:49 -05:00
integrations.py
Bumping number of versions per rule to 4 in total (#4451)
2025-02-07 16:28:36 +01:00
kbwrap.py
[Enhancement] Add flag to export rules via KQL search on name (#4594)
2025-04-16 18:40:46 -04:00
main.py
[FR] Add Support for Local Dates Flag (#4582)
2025-04-16 15:41:09 -04:00
misc.py
fix: removing outdated code in Kibana client auth (#4495)
2025-03-24 12:28:36 +01:00
mixins.py
[DaC] Beta Release (#3889)
2024-08-06 18:07:12 -04:00
ml.py
[FR] Add Env Var DR_CLI_MAX_WIDTH and DaC Docs Updates (#4518)
2025-03-10 12:59:12 -04:00
navigator.py
[DaC] Beta Release (#3889)
2024-08-06 18:07:12 -04:00
packaging.py
Bringing back "fix: Cleaning up the hashable content for the rule" (#4621) (#4668)
2025-04-28 21:59:55 +05:30
remote_validation.py
fix: removing outdated code in Kibana client auth (#4495)
2025-03-24 12:28:36 +01:00
rule_formatter.py
[FR] Generate investigation guides (#4358)
2025-01-22 11:17:38 -06:00
rule_loader.py
fix: Fixing leftover references to sha256 method (#4690)
2025-04-30 20:34:15 +02:00
rule_validators.py
Enhance Readability of KQL validation check failures (#4329)
2025-01-06 22:18:05 +05:30
rule.py
Bringing back "fix: Cleaning up the hashable content for the rule" (#4621) (#4668)
2025-04-28 21:59:55 +05:30
utils.py
[Bug] Update Schema Prompt to include new_terms_fields (#4567)
2025-04-17 10:45:51 -04:00
version_lock.py
[DaC] Beta Release (#3889)
2024-08-06 18:07:12 -04:00