security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f2d8ab54d747a3c24ab19dae28768e365a0850cc
sigma-rules/rules/integrations
T
History
Isai f2d8ab54d7 [Rule Tuning] AWS KMS Customer Managed Key Disabled or Scheduled for Deletion (#5417) 
This rule is performing well in telemetry, low volume and expected alerts. No major changes to rule query.
- reduced execution window
- updated description and IG
- added highlighted fields

Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>
2025-12-08 10:55:03 -05:00
..
aws
[Rule Tuning] AWS KMS Customer Managed Key Disabled or Scheduled for Deletion (#5417)
2025-12-08 10:55:03 -05:00
aws_bedrock
[Tuning] Add mv_expand for gen_ai.policy.action field (#5296)
2025-11-11 07:37:40 +05:30
azure
[New] Suspicious Microsoft Entra ID Concurrent Sign-Ins via DeviceCode (#5396)
2025-12-03 14:33:05 -05:00
azure_openai
[Rule Tuning] Updated ESQL Rules Based on Validation Results (#5151)
2025-09-30 00:36:29 -04:00
beaconing
[FR] Generate investigation guides (#4358)
2025-01-22 11:17:38 -06:00
cyberarkpas
[FR] Generate investigation guides (#4358)
2025-01-22 11:17:38 -06:00
ded
[FR] Generate investigation guides (#4358)
2025-01-22 11:17:38 -06:00
dga
[Rule Tuning] Reduce Severity from Critical to High (#4637)
2025-05-06 21:37:47 +05:30
endpoint
Prep 8.19/9.1 (#4869)
2025-07-07 11:27:48 -04:00
fim
[Rule Tuning] Potential Persistence via File Modification (#5404)
2025-12-05 10:32:58 +01:00
gcp
Add rules for Azure Activity Logs/GCP Audit ML jobs (#5191)
2025-11-26 13:15:23 -05:00
github
[New/Tuning] NPM Shai-Hulud coverage (#5368)
2025-12-02 10:57:12 +00:00
google_workspace
Fix spacing in Setup information (#4470)
2025-02-20 10:04:13 +05:30
kubernetes
Investigation guides Update (#4920)
2025-07-22 07:52:48 +05:30
lmd
[FR] Generate investigation guides (#4358)
2025-01-22 11:17:38 -06:00
o365
[Rule Tuning] M365 OneDrive Excessive File Downloads with OAuth Token (#5365)
2025-12-03 14:13:35 -05:00
okta
[New Rule] Okta Multiple OS Names Detected for a Single DT Hash (#5241)
2025-11-25 00:57:08 +05:30
pad
Prep 8.19/9.1 (#4869)
2025-07-07 11:27:48 -04:00
problemchild
[Rule Tuning] Beats & Endgame Indices (#5072)
2025-09-09 13:19:13 -05:00