valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 17:58:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update azure_dns_zone_modified_or_deleted.yml

Browse Source
This commit is contained in:
Austin Songer 2021-08-09 14:38:15 -05:00 committed by GitHub
parent b9026f2dfe
commit 1f1aa7c31f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
rules/cloud/azure_dns_zone_modified_or_deleted.yml
View File

@ -10,29 +10,10 @@ logsource:
service: azure.activitylogs service: azure.activitylogs
detection: detection:
selection: selection:
properties.message: properties.message|startswith: MICROSOFT.NETWORK/DNSZONES
- MICROSOFT.NETWORK/DNSZONES/WRITE properties.message|endswith:
- MICROSOFT.NETWORK/DNSZONES/DELETE - /WRITE
- MICROSOFT.NETWORK/DNSZONES/A/WRITE - /DELETE
- MICROSOFT.NETWORK/DNSZONES/A/DELETE
- MICROSOFT.NETWORK/DNSZONES/AAAA/WRITE
- MICROSOFT.NETWORK/DNSZONES/AAAA/DELETE
- MICROSOFT.NETWORK/DNSZONES/CAA/READ
- MICROSOFT.NETWORK/DNSZONES/CAA/WRITE
- MICROSOFT.NETWORK/DNSZONES/CAA/DELETE
- MICROSOFT.NETWORK/DNSZONES/CNAME/WRITE
- MICROSOFT.NETWORK/DNSZONES/CNAME/DELETE
- MICROSOFT.NETWORK/DNSZONES/MX/WRITE
- MICROSOFT.NETWORK/DNSZONES/MX/DELETE
- MICROSOFT.NETWORK/DNSZONES/NS/WRITE
- MICROSOFT.NETWORK/DNSZONES/NS/DELETE
- MICROSOFT.NETWORK/DNSZONES/PTR/WRITE
- MICROSOFT.NETWORK/DNSZONES/PTR/DELETE
- MICROSOFT.NETWORK/DNSZONES/SOA/WRITE
- MICROSOFT.NETWORK/DNSZONES/SRV/WRITE
- MICROSOFT.NETWORK/DNSZONES/SRV/DELETE
- MICROSOFT.NETWORK/DNSZONES/TXT/WRITE
- MICROSOFT.NETWORK/DNSZONES/TXT/DELETE
condition: selection condition: selection
level: medium level: medium
tags: tags: