security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ebcd05f879a648e1edc4551aba6b2611930566eb
sigma-rules/rules/integrations
T
History
Samirbous 496d2e206a [New] AWS Credentials Used from GitHub Actions and Non-CI/CD Infra (#5956) 
* [New] AWS Credentials Used from GitHub Actions and Non-CI/CD Infrastructure

Detects AWS access keys that are used from both GitHub Actions CI/CD infrastructure and non-CI/CD infrastructure. This pattern indicates potential credential theft where an attacker who has stolen AWS credentials configured as GitHub Actions secrets and is using them from their own infrastructure.

* Update initial_access_github_actions_oidc_credentials_used_from_suspicious_network.toml

* ++

* Update initial_access_github_actions_oidc_credentials_used_from_suspicious_network.toml

---------

Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>
2026-04-22 23:15:55 +05:30
..
aws
[New] AWS Credentials Used from GitHub Actions and Non-CI/CD Infra (#5956)
2026-04-22 23:15:55 +05:30
aws_bedrock
[Tuning] Add mv_expand for gen_ai.policy.action field (#5296)
2025-11-11 07:37:40 +05:30
azure
[Rule Tuning] Change event.dataset to data_stream.dataset (#5943)
2026-04-10 12:27:52 -04:00
azure_openai
[Rule Tuning] Updated ESQL Rules Based on Validation Results (#5151)
2025-09-30 00:36:29 -04:00
beaconing
[Rule Tuning] Add Supplemental Mitre Mappings (#5876)
2026-04-01 09:12:42 -05:00
cloud_defend
Monthly Manifest and Schema Updation (#5920)
2026-04-06 17:35:33 +05:30
cyberarkpas
[Rule Tuning] Change event.dataset to data_stream.dataset (#5943)
2026-04-10 12:27:52 -04:00
ded
Add Entity related integrations ML rules with _ea job IDs and min_stack_version 9.4.0 (#5909)
2026-04-22 17:36:35 +05:30
dga
Add Entity related integrations ML rules with _ea job IDs and min_stack_version 9.4.0 (#5909)
2026-04-22 17:36:35 +05:30
endpoint
Prep 8.19/9.1 (#4869)
2025-07-07 11:27:48 -04:00
fim
[Rule Tuning] Change event.dataset to data_stream.dataset (#5943)
2026-04-10 12:27:52 -04:00
gcp
[Rule Tuning] Change event.dataset to data_stream.dataset (#5943)
2026-04-10 12:27:52 -04:00
github
[Rule Tuning] Change event.dataset to data_stream.dataset (#5943)
2026-04-10 12:27:52 -04:00
google_workspace
[Rule Tuning] Change event.dataset to data_stream.dataset (#5943)
2026-04-10 12:27:52 -04:00
kubernetes
[Rule Tuning] Change event.dataset to data_stream.dataset (#5943)
2026-04-10 12:27:52 -04:00
lmd
Add Entity related integrations ML rules with _ea job IDs and min_stack_version 9.4.0 (#5909)
2026-04-22 17:36:35 +05:30
microsoft_exchange_online_message_trace
[Rule Tuning] Change event.dataset to data_stream.dataset (#5943)
2026-04-10 12:27:52 -04:00
o365
[Rule Tuning] Change event.dataset to data_stream.dataset (#5943)
2026-04-10 12:27:52 -04:00
okta
[Rule Tuning] Multiple Device Token Hashes for Single Okta Session (#5948)
2026-04-22 08:16:42 -04:00
pad
Add Entity related integrations ML rules with _ea job IDs and min_stack_version 9.4.0 (#5909)
2026-04-22 17:36:35 +05:30
problemchild
Add Entity related integrations ML rules with _ea job IDs and min_stack_version 9.4.0 (#5909)
2026-04-22 17:36:35 +05:30