5878 Commits

Author	SHA1	Message	Date
Austin Songer	f227437920	Create okta_api_token_revoked.yml	2021-09-12 19:47:59 -05:00
Austin Songer	329c5e96fc	Create okta_api_token_created.yml	2021-09-12 19:47:21 -05:00
Austin Songer	5f7e657319	Create okta_admin_role_assigned_to_user_or_group.yml	2021-09-12 19:45:57 -05:00
Austin Songer	7b37162107	Update okta_user_account_mfa_reset.yml	2021-09-12 19:41:50 -05:00
Austin Songer	4d58194dab	Update okta_user_account_mfa_bypass_attempt.yml	2021-09-12 19:41:38 -05:00
Austin Songer	30823b72b2	Update okta_policy_rule_modified_or_deleted.yml	2021-09-12 19:41:14 -05:00
Austin Songer	31ccf89dcc	Update okta_network_zone_deactivated_or_deleted.yml	2021-09-12 19:41:00 -05:00
Austin Songer	08e79bb22e	Update okta_application_modified_or_deleted.yml	2021-09-12 19:40:49 -05:00
Austin Songer	8b0756bd32	Create okta_unauthorized_access_to_app.yml	2021-09-12 19:39:24 -05:00
Austin Songer	8607af29e0	Create okta_user_account_lockout.yml	2021-09-12 19:35:19 -05:00
Austin Songer	12e5eeac9e	Update okta_policy_modified_or_deleted.yml	2021-09-12 19:30:03 -05:00
Austin Songer	1af9120f37	Rename okta_account_mfa_reset.yml to okta_user_account_mfa_reset.yml	2021-09-12 19:25:11 -05:00
Austin Songer	d5653cbfd0	Create okta_user_account_mfa_bypass_attempt.yml	2021-09-12 19:24:57 -05:00
Austin Songer	c51e1db228	Create okta_network_zone_deactivated_or_deleted.yml	2021-09-12 19:22:15 -05:00
Austin Songer	fefb856471	Create okta_account_mfa_reset.yml	2021-09-12 19:20:54 -05:00
Austin Songer	76d78c274a	Create okta_policy_rule_modified_or_deleted.yml	2021-09-12 19:17:25 -05:00
Austin Songer	ebd120a165	Create okta_application_modified_or_deleted.yml	2021-09-12 19:17:00 -05:00
Austin Songer	0d51178174	Create okta_policy_modified_or_deleted.yml	2021-09-12 19:13:15 -05:00
frack113	dc5c26ad2d	Merge pull request #2018 from zakibro/master ... New Linux Auditd Rules - Steghide Steganography	2021-09-12 08:29:56 +02:00
frack113	92999468ee	Merge pull request #2012 from frack113/upgrade_test ... Upgrade test_rules.py	2021-09-11 15:29:19 +02:00
zakibro	6412ddaaee	Update lnx_auditd_steghide_extract_steganography.yml	2021-09-11 11:19:21 +02:00
zakibro	d0741f9f3a	Update lnx_auditd_steghide_embed_steganography.yml ... Formatting and detection changes	2021-09-11 11:18:08 +02:00
Pawel Mazur	89f15c01f9	New Linux Auditd Rules - Steghide Steganography	2021-09-11 10:56:17 +02:00
frack113	747fedb6c6	Merge pull request #2015 from neonprimetime/patch-1 ... Propose making rule more generic than just ipify	2021-09-11 09:06:01 +02:00
frack113	8d3a77d1f5	Update net_susp_ipify.yml	2021-09-11 08:31:24 +02:00
frack113	d2e622f149	Merge pull request #2011 from d4rk-d4nph3/master ... Added rule for Atlassian Confluence CVE-2021-26084	2021-09-11 07:24:58 +02:00
neonprimetime security (Justin C Miller)	033494c8f7	Propose making rule more generic than just ipify ... Propose making this detection more generic, cover more lookup services than just ipify https://twitter.com/neonprimetime/status/1436376497980428318	2021-09-10 12:14:43 -05:00
Florian Roth	7d6baaa79a	Merge pull request #2014 from SigmaHQ/rule-devel ... CVE-2021-40444 file creation - winword.exe + .cab	2021-09-10 18:50:59 +02:00
Florian Roth	a4e2c0feba	Revert "refactor: exclude case in which upper ticks are used" ... This reverts commit f00aaf8461.	2021-09-10 18:13:36 +02:00
Florian Roth	9e7ede66cc	CVE-2021-40444 file creation - winword.exe + .cab	2021-09-10 18:13:09 +02:00
Austin Songer	1ea9aab455	Update Monitor_Office_Applications_from_proxy_executing_regsvr32_with_payload.yml	2021-09-10 09:44:31 -05:00
Austin Songer	57d349bfe5	Update process_creation_office_application_from_proxy_executing_regsvr32_with_payload.yml	2021-09-10 09:44:22 -05:00
Austin Songer	9d9a5088bb	Update Monitor_executable_and_script_files_creation_by_Office_applications_using_file_extentions.yml	2021-09-10 09:43:24 -05:00
Austin Songer	5aa5586c54	Update Monitor_executable_and_script_files_creation_by_Office_applications_using_file_extentions.yml	2021-09-10 09:43:11 -05:00
frack113	0288f5b626	fix condition operator case	2021-09-10 13:51:52 +02:00
frack113	d30bb693c5	Merge pull request #2010 from BlackB0lt/patch-16 ... Create web_cve_2021_40539_manageengine_adselfservice_exploit.yml	2021-09-10 10:47:57 +02:00
frack113	ac9ea531ae	Merge pull request #1956 from Cyb3rEng/master ... Adding Various Rules To Monitor Process Creations in Sysmon, Event Logs & EDR	2021-09-10 10:47:23 +02:00
frack113	fe035388f0	Rename Monitor_Office_Application_from_proxy executing_regsvr32_with_payload.yml to process_creation_office_application_from_proxy_executing_regsvr32_with_payload.yml	2021-09-10 10:02:19 +02:00
Florian Roth	3824a12323	style: fixed indentation level, order of fields	2021-09-10 09:33:52 +02:00
Florian Roth	59b9902502	style: fixed indentation level	2021-09-10 09:33:09 +02:00
frack113	3d147f528f	Rename Monitor_WMI_Win32_Process Create_command_execution_by_Office_Applications.yml to process_creation_command_execution_by_office_applications.yml	2021-09-10 09:23:00 +02:00
frack113	ced1aa3dc0	Merge pull request #2008 from frack113/master ... Split global sysmon rules	2021-09-10 09:18:54 +02:00
frack113	4a03ef6e0b	Merge pull request #2007 from zakibro/master ... New Rule - Linux Auditd Hidden Files - Steganography	2021-09-10 09:18:28 +02:00
zakibro	a4dffc14d4	Update lnx_auditd_unzip_hidden_zip_files_steganography.yml ... Fixing formatting	2021-09-10 07:54:56 +02:00
zakibro	0b5e8cb980	Update lnx_auditd_hidden_zip_files_steganography.yml ... Formatting changes	2021-09-10 07:52:35 +02:00
Cyb3rEng	f4155010ff	Duplicate Rule ... Removed rule as it was duplicated	2021-09-09 23:09:20 -06:00
Cyb3rEng	4af244b135	Duplicate Rule ... Removed rule as it was duplicated	2021-09-09 23:08:52 -06:00
Sittikorn S	0806e4ccd2	Update web_cve_2021_40539_manageengine_adselfservice_exploit.yml	2021-09-10 11:30:51 +07:00
Bhabesh Rai	91081a7fbc	Added rule for Atlassian Confluence CVE-2021-26084	2021-09-10 10:04:16 +05:45
Cyb3rEng	361121c402	changed title ... title: Lolbins Process Created With WmiPrvSE	2021-09-09 21:51:49 -06:00