issues
search
chronicle
/
detection-rules
Collection of YARA-L 2.0 sample rules for the Chronicle Detection API
https://chronicle.security
Apache License 2.0
274
stars
64
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
update permission info in rule manager readme
#68
copybara-service[bot]
closed
5 days ago
0
.env Rule Manager
#67
sat-tp
closed
1 week ago
4
fix url for example github actions workflow files
#66
copybara-service[bot]
closed
1 month ago
0
add example github actions workflow files
#65
copybara-service[bot]
closed
1 month ago
0
chronicle_auth.py doesn't read in dotenv environment variable
#64
Bacon-404
closed
1 month ago
12
No public description
#63
copybara-service[bot]
closed
2 months ago
0
group events by user id, github enterprise name, and github org name
#62
copybara-service[bot]
closed
2 months ago
0
Added YARAL for malware SOGU
#61
Rommel-J
opened
2 months ago
1
Detection for SOGU malware
#60
Rommel-J
closed
2 months ago
1
Update google_workspace_malicious_file_downloaded.yaral
#59
Khipu-Bishal
opened
2 months ago
1
Test pull request 1
#58
threatpunter
opened
2 months ago
1
Add YARA-L rules for GitHub Enterprise audit logs
#57
copybara-service[bot]
closed
2 months ago
0
add documentation for test-rule command
#56
copybara-service[bot]
closed
3 months ago
0
add support to test a YARA-L rule via Chronicle's REST API without persisting results in Chronicle.
#55
copybara-service[bot]
closed
3 months ago
0
Rule_manager - Unable to rename remote rules
#54
curiousghost
closed
3 months ago
3
add support to manage reference lists in Chronicle and use Pydantic for data validation and manipulation.
#53
copybara-service[bot]
closed
4 months ago
0
Add option to skip archived rules
#52
threat-punter
closed
2 months ago
0
fix typos
#51
copybara-service[bot]
closed
4 months ago
0
Rule_Manager - Skip archived Rules flag
#50
the2dl
opened
4 months ago
7
Fix typos
#49
dandye
closed
5 months ago
0
add link to blog post. add note on best practices for handling service account key
#48
copybara-service[bot]
closed
5 months ago
0
No public description
#47
copybara-service[bot]
closed
3 months ago
0
update readme and make minor improvements
#46
copybara-service[bot]
closed
5 months ago
0
Adding new GCP YARA-L Detection Rules
#45
copybara-service[bot]
closed
5 months ago
0
Fixing typo for Chrome Management Safe Browsing events
#44
copybara-service[bot]
closed
6 months ago
0
fix typo in meta section
#43
copybara-service[bot]
closed
6 months ago
0
No public description
#42
copybara-service[bot]
closed
6 months ago
0
fix error in rule description
#41
copybara-service[bot]
closed
6 months ago
0
Move 3 rules from GuardDuty folder to CloudTrail folder
#40
copybara-service[bot]
closed
6 months ago
0
Remove the gcp_cloudaudit/ rules as they are superseded by Curated Detection rules and/or they can be re-created under community/
#39
copybara-service[bot]
closed
6 months ago
0
Remove the google_workspace/ rules, as they are superseded by the community/workspace rules
#38
copybara-service[bot]
closed
6 months ago
0
add example code for managing rules via chronicle api
#37
copybara-service[bot]
closed
5 months ago
0
Add rules for O365/EntraID/ADFS
#36
copybara-service[bot]
closed
6 months ago
0
Add rules for Amazon Web Services (AWS) CloudTrail and GuardDuty
#35
copybara-service[bot]
closed
6 months ago
0
Add rules for Google Workspace
#34
copybara-service[bot]
closed
6 months ago
0
Adding Google Workspace rules
#33
copybara-service[bot]
closed
6 months ago
0
add contribution guidelines and rule style guide
#32
copybara-service[bot]
closed
6 months ago
0
Add rule for Chrome Management Safe Browsing events
#31
copybara-service[bot]
closed
6 months ago
0
Incorrect "allowed" should be "ALLOW"
#30
fryguy04
opened
7 months ago
1
Add rule for DNS query to typosquatting domain
#29
copybara-service[bot]
closed
8 months ago
0
Adding Chronicle Dashboards folder under Community and Our Dashboard
#28
copybara-service[bot]
closed
8 months ago
0
Updating deprecated fields in GCP rules
#27
shamo0
opened
9 months ago
0
Updating deprecated fields in GCP rules
#26
shamo0
closed
9 months ago
1
Add Okta Rules
#25
copybara-service[bot]
closed
11 months ago
0
Add CISA Living off the Land Recon rules and GCTI Remote Access Tools rule
#24
copybara-service[bot]
closed
11 months ago
0
Add community folder with new rules for entity graph and more
#23
copybara-service[bot]
closed
1 year ago
0
Updates to rules on gcp_cloudaudit and soc_prime_rules
#22
bluPhy
opened
1 year ago
0
Internal change
#21
copybara-service[bot]
closed
1 year ago
0
Replace .src. with .principal.
#20
shapor
closed
1 year ago
0
Adding a rule to detect network connections to Tor Exit Nodes.
#19
copybara-service[bot]
closed
1 year ago
0
Next