Closed GeekCharmiing closed 6 months ago
aws-guardduty.rules Added logic to parse src IP in rule 5010391
azure-eventhub-ad.rules & msapi-azure-ad.rules Created rules to detect privileged accounts being created
gcp-cloud-audit.rules Added logic to parse src IP in rule 991046
msapi-azuread-geoip.rules Replaced json_meta_content with regular content keyword for rule 5004788
duo.rules Corrected IP parsing for SRCIP using json map for rule 5014652
fortinet.rules Updated IP parsing for sids 5006067 & 5014364
aws-guardduty.rules Added logic to parse src IP in rule 5010391
azure-eventhub-ad.rules & msapi-azure-ad.rules Created rules to detect privileged accounts being created
gcp-cloud-audit.rules Added logic to parse src IP in rule 991046
msapi-azuread-geoip.rules Replaced json_meta_content with regular content keyword for rule 5004788
duo.rules Corrected IP parsing for SRCIP using json map for rule 5014652
fortinet.rules Updated IP parsing for sids 5006067 & 5014364