Austin Songer
|
aa8978e9da
|
Update okta_api_token_created.yml
|
2021-09-12 20:14:27 -05:00 |
|
Austin Songer
|
715b6ecdda
|
Create azure_new_cloudshell_created.yml
|
2021-09-12 20:00:08 -05:00 |
|
Austin Songer
|
f227437920
|
Create okta_api_token_revoked.yml
|
2021-09-12 19:47:59 -05:00 |
|
Austin Songer
|
329c5e96fc
|
Create okta_api_token_created.yml
|
2021-09-12 19:47:21 -05:00 |
|
Austin Songer
|
5f7e657319
|
Create okta_admin_role_assigned_to_user_or_group.yml
|
2021-09-12 19:45:57 -05:00 |
|
Austin Songer
|
7b37162107
|
Update okta_user_account_mfa_reset.yml
|
2021-09-12 19:41:50 -05:00 |
|
Austin Songer
|
4d58194dab
|
Update okta_user_account_mfa_bypass_attempt.yml
|
2021-09-12 19:41:38 -05:00 |
|
Austin Songer
|
30823b72b2
|
Update okta_policy_rule_modified_or_deleted.yml
|
2021-09-12 19:41:14 -05:00 |
|
Austin Songer
|
31ccf89dcc
|
Update okta_network_zone_deactivated_or_deleted.yml
|
2021-09-12 19:41:00 -05:00 |
|
Austin Songer
|
08e79bb22e
|
Update okta_application_modified_or_deleted.yml
|
2021-09-12 19:40:49 -05:00 |
|
Austin Songer
|
8b0756bd32
|
Create okta_unauthorized_access_to_app.yml
|
2021-09-12 19:39:24 -05:00 |
|
Austin Songer
|
8607af29e0
|
Create okta_user_account_lockout.yml
|
2021-09-12 19:35:19 -05:00 |
|
Austin Songer
|
12e5eeac9e
|
Update okta_policy_modified_or_deleted.yml
|
2021-09-12 19:30:03 -05:00 |
|
Austin Songer
|
1af9120f37
|
Rename okta_account_mfa_reset.yml to okta_user_account_mfa_reset.yml
|
2021-09-12 19:25:11 -05:00 |
|
Austin Songer
|
d5653cbfd0
|
Create okta_user_account_mfa_bypass_attempt.yml
|
2021-09-12 19:24:57 -05:00 |
|
Austin Songer
|
c51e1db228
|
Create okta_network_zone_deactivated_or_deleted.yml
|
2021-09-12 19:22:15 -05:00 |
|
Austin Songer
|
fefb856471
|
Create okta_account_mfa_reset.yml
|
2021-09-12 19:20:54 -05:00 |
|
Austin Songer
|
76d78c274a
|
Create okta_policy_rule_modified_or_deleted.yml
|
2021-09-12 19:17:25 -05:00 |
|
Austin Songer
|
ebd120a165
|
Create okta_application_modified_or_deleted.yml
|
2021-09-12 19:17:00 -05:00 |
|
Austin Songer
|
0d51178174
|
Create okta_policy_modified_or_deleted.yml
|
2021-09-12 19:13:15 -05:00 |
|
frack113
|
29490f350d
|
fix NoneType object has no attribute get
|
2021-09-12 20:13:58 +02:00 |
|
frack113
|
e6d4cb15bd
|
fix NoneType error
|
2021-09-12 20:04:58 +02:00 |
|
frack113
|
437ea3408b
|
split sysmon_stickykey_like_backdoor.yml
|
2021-09-12 09:58:43 +02:00 |
|
frack113
|
81c2b2731c
|
split sysmon_dns_serverlevelplugindll.yml
|
2021-09-12 09:53:20 +02:00 |
|
frack113
|
f3ad5953d5
|
split sysmon_apt_pandemic
|
2021-09-12 09:42:11 +02:00 |
|
frack113
|
3db427873a
|
split sysinternals eula and uac bypass
|
2021-09-12 09:38:05 +02:00 |
|
frack113
|
830c0c9f22
|
Update process_creation_advanced_ip_scanner.yml
|
2021-09-12 08:53:10 +02:00 |
|
frack113
|
dc5c26ad2d
|
Merge pull request #2018 from zakibro/master
New Linux Auditd Rules - Steghide Steganography
|
2021-09-12 08:29:56 +02:00 |
|
frack113
|
e355367c03
|
Clean SyncAppvPublishingServer rules
|
2021-09-12 07:46:35 +02:00 |
|
frack113
|
2223afb6fe
|
split global rules
|
2021-09-11 20:30:32 +02:00 |
|
frack113
|
92999468ee
|
Merge pull request #2012 from frack113/upgrade_test
Upgrade test_rules.py
|
2021-09-11 15:29:19 +02:00 |
|
frack113
|
a76dd5bedb
|
Merge pull request #2016 from albchen/patch-2
Mapped OriginalFileName in DeviceProcessEvents
|
2021-09-11 15:28:50 +02:00 |
|
frack113
|
a73d37cd72
|
fix related
|
2021-09-11 14:22:01 +02:00 |
|
frack113
|
338c9f5ae7
|
Split global rule
|
2021-09-11 13:45:41 +02:00 |
|
frack113
|
2a76c469e0
|
normalise name
|
2021-09-11 13:34:19 +02:00 |
|
zakibro
|
6412ddaaee
|
Update lnx_auditd_steghide_extract_steganography.yml
|
2021-09-11 11:19:21 +02:00 |
|
zakibro
|
d0741f9f3a
|
Update lnx_auditd_steghide_embed_steganography.yml
Formatting and detection changes
|
2021-09-11 11:18:08 +02:00 |
|
Pawel Mazur
|
89f15c01f9
|
New Linux Auditd Rules - Steghide Steganography
|
2021-09-11 10:56:17 +02:00 |
|
frack113
|
747fedb6c6
|
Merge pull request #2015 from neonprimetime/patch-1
Propose making rule more generic than just ipify
|
2021-09-11 09:06:01 +02:00 |
|
frack113
|
8d3a77d1f5
|
Update net_susp_ipify.yml
|
2021-09-11 08:31:24 +02:00 |
|
frack113
|
d2e622f149
|
Merge pull request #2011 from d4rk-d4nph3/master
Added rule for Atlassian Confluence CVE-2021-26084
|
2021-09-11 07:24:58 +02:00 |
|
albchen
|
1dec1a49fa
|
Mapped OriginalFileName in DeviceProcessEvents
Mapped OriginalFileName to ProcessVersionInfoOriginalFileName in DeviceProcessEvents. Tested and works for rules such as https://github.com/SigmaHQ/sigma/blob/master/rules/windows/process_creation/win_renamed_binary.yml
|
2021-09-10 15:51:32 -07:00 |
|
neonprimetime security (Justin C Miller)
|
033494c8f7
|
Propose making rule more generic than just ipify
Propose making this detection more generic, cover more lookup services than just ipify
https://twitter.com/neonprimetime/status/1436376497980428318
|
2021-09-10 12:14:43 -05:00 |
|
Florian Roth
|
7d6baaa79a
|
Merge pull request #2014 from SigmaHQ/rule-devel
CVE-2021-40444 file creation - winword.exe + .cab
|
2021-09-10 18:50:59 +02:00 |
|
Florian Roth
|
a4e2c0feba
|
Revert "refactor: exclude case in which upper ticks are used"
This reverts commit f00aaf8461.
|
2021-09-10 18:13:36 +02:00 |
|
Florian Roth
|
9e7ede66cc
|
CVE-2021-40444 file creation - winword.exe + .cab
|
2021-09-10 18:13:09 +02:00 |
|
frack113
|
dccec24cc1
|
Merge pull request #2013 from austinsonger/office-fixes
Just some fixes.
|
2021-09-10 17:43:11 +02:00 |
|
Austin Songer
|
a798469961
|
Update lacework.py
|
2021-09-10 09:46:57 -05:00 |
|
Austin Songer
|
1ea9aab455
|
Update Monitor_Office_Applications_from_proxy_executing_regsvr32_with_payload.yml
|
2021-09-10 09:44:31 -05:00 |
|
Austin Songer
|
57d349bfe5
|
Update process_creation_office_application_from_proxy_executing_regsvr32_with_payload.yml
|
2021-09-10 09:44:22 -05:00 |
|