-
# やること
SIGMAルールのcountの意味を調べるために、sigmacを使用してSIGMAルールをsplunkクエリとsqliteクエリに変換し、[ここ](https://github.com/Yamato-Security/hayabusa/blob/main/doc/AboutRuleCreation-Japanese.md#aggregation-condition)の理解が正しいこ…
-
**Describe the feature you'd like**
Would we be able to get the IP address used associated with user activity in the activity dashboard, potentially as an extra column next to date?
**Describe the…
-
There are at least three types of risks we may want to protect against:
* Denial of Service: where the attacker exhaust server resources by exercising a slow-path
* Password "guessing": where the at…
-
The default password routine appears to set a randomly generated password that has some complexity and is 12 chars long. This seems a bit borked from it's intended purpose.
Additionally the "defaul…
-
Currently trying to test password spraying and having the following error when I run a spray using both the autodiscover and MSOL modules. Activesync module works fine.
Command-line
```bash
pyt…
-
## Link to rule
https://github.com/elastic/detection-rules/blob/main/rules/microsoft-365/credential_access_microsoft_365_potential_password_spraying_attack.toml
## Description
#### Current
…
-
## Link to rule
https://github.com/elastic/detection-rules/tree/main/rules/integrations/okta (except credential_access_okta_brute_force_or_password_spraying.toml)
## Description
While using Elast…
-
We should at least blacklist common dumb passwords like `123456` or `password1`
Protects against Password spraying: Testing a single weak password against a large number of different accounts.
ht…
-
**Describe the bug**
Customer attempted to test the analytic rule but received no results via incidents or query results. Customer triggered 51 failed logins from an account that does not exist, but …
-
## Steps to reproduce
msfconsole
use auxiliary/scanner/http/owa_ews_login
set ad_domain acme.org
set pass_file /tmp/passwords.txt
set username lee
set rhost 10.0.0.10
run
## Were you followi…