Terrance DeJesus e6fef85899 [New Rule] Okta MFA Bombing Attempt (#3278) ...

* new rule 'Potential Okta MFA Bombing via Push Notifications'

* updated naming

* TOML lint

* adjusted duplicate rule ID

* added event category override; added until sequence statement

* added verify authentication success

* moved setup to separate field

* enhanced query optimization

2023-11-28 09:16:20 -05:00

..

aws

[Rule Tuning] Bump Minimum Stacks for AWS and Okta for Version Control (#3221)

2023-10-24 12:51:59 -04:00

azure

[Security Content] Include "Data Source: Elastic Defend" tag (#3002)

2023-09-05 14:22:01 -04:00

beaconing

[New Rule] Adding Beaconing Rules from Advanced Analytic Beaconing Package (#3128)

2023-10-30 10:05:24 -04:00

cloud_defend

[New Rule] Modification of Dynamic Linker Preload Shared Object Inside A Container (#2837)

2023-07-17 15:03:24 -04:00

cyberarkpas

[Security Content] Tags Reform (#2725)

2023-06-22 18:38:56 -03:00

ded

[New Rule] Adding Data Exfiltration Rules from Advanced Analytic DED Package (#3126)

2023-10-14 13:23:48 -04:00

dga

[New Rule] Adding DGA Rules from Advanced Analytic DGA Package (#3102)

2023-10-16 15:48:54 -04:00

endpoint

[Security Content] Tags Reform (#2725)

2023-06-22 18:38:56 -03:00

gcp

[Security Content] Tags Reform (#2725)

2023-06-22 18:38:56 -03:00

github

[New Rule] New GitHub App Installed (#3055)

2023-10-12 20:10:20 -04:00

google_workspace

[Security Content] Tags Reform (#2725)

2023-06-22 18:38:56 -03:00

kubernetes

[Rule Tuning] Kubernetes Anonymous Request Authorized (#2865)

2023-07-17 13:03:05 -04:00

lmd

[New Rule] Migrate Lateral Movement Detection Rules (#3175)

2023-10-12 15:02:19 -04:00

o365

[New] Suspicious Microsoft 365 Mail Access by ClientAppId (#2933)

2023-07-19 16:05:13 +01:00

okta

[New Rule] Okta MFA Bombing Attempt (#3278)

2023-11-28 09:16:20 -05:00

problemchild

[New Rule] Add Living-off-the-Land (LotL) ProblemChild Rules (#3193)

2023-10-23 12:23:56 -04:00