Commit Graph

8092 Commits

Author SHA1 Message Date
Austin Songer
f673eb413e
Update okta_application_sign-on_policy_modified_or_deleted.yml 2021-09-22 19:53:56 -05:00
Austin Songer
1effd8b187
Update okta_application_modified_or_deleted.yml 2021-09-22 19:53:49 -05:00
Austin Songer
ccd9f8d6dc
Update okta_api_token_revoked.yml 2021-09-22 19:53:43 -05:00
Austin Songer
6401f9b4d9
Update okta_api_token_created.yml 2021-09-22 19:53:36 -05:00
Austin Songer
ecb18ec149
Update okta_admin_role_assigned_to_user_or_group.yml 2021-09-22 19:53:28 -05:00
Austin Songer
74452347fb
Update okta_user_account_locked_out.yml 2021-09-22 19:52:43 -05:00
Austin Songer
275ebf7884
Update okta_unauthorized_access_to_app.yml 2021-09-22 19:52:36 -05:00
Austin Songer
2ab5ba0a0c
Update okta_security_threat_detected.yml 2021-09-22 19:52:29 -05:00
Austin Songer
1aec430291
Update okta_policy_rule_modified_or_deleted.yml 2021-09-22 19:52:23 -05:00
Austin Songer
cead26637b
Update okta_policy_modified_or_deleted.yml 2021-09-22 19:52:17 -05:00
Austin Songer
e1eb8c6222
Update okta_network_zone_deactivated_or_deleted.yml 2021-09-22 19:52:10 -05:00
Austin Songer
38e09f061d
Update okta_mfa_reset_or_deactivated.yml 2021-09-22 19:52:04 -05:00
Austin Songer
12f76cdf6b
Update okta_application_sign-on_policy_modified_or_deleted.yml 2021-09-22 19:51:58 -05:00
Austin Songer
11732970fc
Update okta_application_modified_or_deleted.yml 2021-09-22 19:51:51 -05:00
Austin Songer
8dfae4c785
Update okta_api_token_revoked.yml 2021-09-22 19:51:44 -05:00
Austin Songer
1a64dc03a1
Update okta_api_token_created.yml 2021-09-22 19:51:31 -05:00
Austin Songer
f186235d8f
Update okta_admin_role_assigned_to_user_or_group.yml 2021-09-22 19:51:25 -05:00
frack113
3ac0d93f5b
Merge pull request #2062 from Pooch11/win-apt-greenbug-fix
win-apt-greenbug-fix small change to B64encoded value of '/server='
2021-09-22 20:05:37 +02:00
unknown
9924cc3946 win-apt-greenbug-fix amend b64 value of /server= as seen in IOC 2021-09-22 10:33:04 -04:00
frack113
7b995f2d99
Merge pull request #2057 from secDre4mer/master
Add two rules
2021-09-22 09:15:32 +02:00
frack113
ac639bb9ec
Merge pull request #2060 from zakibro/master
New Rule - Linux - Auditd - Screencapture with Import Tool
2021-09-22 08:41:50 +02:00
frack113
045e87058b
add definition 2021-09-22 08:40:08 +02:00
unknown
3ace73f9fd win-apt-greenbug-fix - change modified date as well 2021-09-21 16:59:32 -04:00
unknown
993bf46550 win-apt-greenbug-fix small change to B64encoded value of '/server=' in detection criteria 2021-09-21 16:56:01 -04:00
Pawel Mazur
e20e5033e7 New Rule - Linux - Auditd - Screencapture with Import Tool 2021-09-21 18:55:48 +02:00
Florian Roth
d884f774f9
Update powershell_memorydump_getstoragediagnosticinfo.yml 2021-09-21 18:01:46 +02:00
Florian Roth
4242fea353
Merge pull request #2058 from phantinuss/master
fix: remove rule, too many FPs and no better matching criteria
2021-09-21 18:01:04 +02:00
phantinuss
46febf48b0
fix: remove rule, too many FPs and no better matching criteria 2021-09-21 16:52:17 +02:00
Max Altgelt
bf9bc03258
chore: properly name and describe rules 2021-09-21 15:59:01 +02:00
Max Altgelt
8c3faa390c
feat: Add rule for live memory dumping 2021-09-21 15:09:12 +02:00
Max Altgelt
346ff26809
feat: Add rule for syslog removal 2021-09-21 14:56:12 +02:00
frack113
5951ad1d9a
Merge pull request #2056 from frack113/some_global
Split  global rules
2021-09-21 12:42:59 +02:00
frack113
d5e1e97ed3
Merge pull request #2055 from frack113/split_invoke
split global win_invoke_obfuscation_*
2021-09-21 12:42:41 +02:00
frack113
0884a70e28 fix tests.py error 2021-09-21 10:52:37 +02:00
frack113
4718f914e9 split global sysmon_hack_dumpert.yml 2021-09-21 10:43:42 +02:00
frack113
5fc82e5dc6 split global sysmon_tttracer_mod_load.yml 2021-09-21 10:39:02 +02:00
frack113
4c85858e12 split global sysmon_regsvr32_network_activity.yml 2021-09-21 10:33:47 +02:00
frack113
c0e24e9236 split global win_defender_disabled.yml 2021-09-21 10:24:52 +02:00
frack113
2b23118b0d split global win_defender_exclusions.yml 2021-09-21 10:16:25 +02:00
frack113
318f8b714e split global win_tool_psexec.yml 2021-09-21 10:10:48 +02:00
Florian Roth
115353fc8d
Merge pull request #2054 from neu5ron/zeek_omigod
Zeek detection for OMIGOD HTTP RCE
2021-09-21 10:07:09 +02:00
frack113
a96dd66b46 split global win_wmi_persistence.yml 2021-09-21 09:56:03 +02:00
frack113
0a6ac0b171 split global powershell_alternate_powershell_hosts.yml 2021-09-21 09:52:35 +02:00
frack113
f5d58a0cb1 split powershell_remote_powershell_session.yml 2021-09-21 09:48:50 +02:00
frack113
95af26f963 split powershell_suspicious_download.yml 2021-09-21 09:46:02 +02:00
frack113
79d22dde58 split global win_invoke_obfuscation_* 2021-09-20 22:56:13 +02:00
frack113
10d11b7890 fix 4697 fieldname 2021-09-20 22:53:59 +02:00
frack113
b6dc4de5e1 split global win_invoke_obfuscation_* 2021-09-20 22:42:59 +02:00
frack113
feee70644f split global win_invoke_obfuscation_* 2021-09-20 22:40:33 +02:00
neu5ron
61c9c9fb20 Zeek detection for OMIGOD HTTP RCE
Signed-off-by: neu5ron <neu5ron@users.noreply.github.com>
2021-09-20 12:26:01 -04:00