sigma-rules

Files

T

Terrance DeJesus d7db6be0aa [New Rule] Rapid Secret Retrieval Attempts from AWS SecretsManager (#3589 )

* new rule 'Rapid Secret Retrieval Attempts from AWS SecretsManager'

* updated user identity arn to user.id for cross-service password retrieval

* added investigation guides; bumped dates; adjusted threshold value

* Update rules/integrations/aws/credential_access_rapid_secret_retrieval_attempts_from_secretsmanager.toml

Co-authored-by: Isai <59296946+imays11@users.noreply.github.com>

* Update rules/integrations/aws/credential_access_rapid_secret_retrieval_attempts_from_secretsmanager.toml

Co-authored-by: Isai <59296946+imays11@users.noreply.github.com>

* Update rules/integrations/aws/credential_access_new_terms_secretsmanager_getsecretvalue.toml

Co-authored-by: Isai <59296946+imays11@users.noreply.github.com>

---------

Co-authored-by: Isai <59296946+imays11@users.noreply.github.com>
Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com>

(cherry picked from commit 59b7e3bde4)

2024-06-04 13:23:16 +00:00

aws

[New Rule] Rapid Secret Retrieval Attempts from AWS SecretsManager (#3589 )

2024-06-04 13:23:16 +00:00

azure

Back-porting Version Trimming (#3704 )

2024-05-22 19:18:10 +00:00

beaconing

Update rule setup instructions for UEBA packages (#3652 )

2024-05-28 19:24:45 +00:00

cloud_defend

Back-porting Version Trimming (#3704 )