wagov WASOCAutomationPlaybook issues

wagov / WASOCAutomationPlaybook

For testing playbooks

1 stars 2 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Pre-Presentation Refresh

#67 DGOV-Bryce closed 1 year ago
0
Pre-prod push deployment testing

#66 DGOV-Bryce closed 1 year ago
3
Fixed folder name

#65 carel-v98 closed 1 year ago
0
AddTasks - User agent search for log4j exploitation attempt

#64 Dinindu-Wick closed 1 year ago
0
"User login from different countries within 3 hours (Uses Authentication Normalization)"

#63 carel-v98 closed 1 year ago
1
"Sign-ins from IPs that attempt sign-ins to disabled accounts (Uses Authentication Normalization)"

#62 carel-v98 closed 1 year ago
1
"SUNBURST suspicious SolarWinds child processes (Normalized Process Events)"

#61 Dinindu-Wick closed 1 year ago
2
"Potential communication with a Domain Generation Algorithm (DGA) based hostname (ASIM Web Session schema)"

#60 Dinindu-Wick closed 1 year ago
2
"Base64 encoded Windows process command-lines (Normalized Process Events)"

#59 carel-v98 closed 1 year ago
1
"New EXE deployed via Default Domain or Default Domain Controller Policies (ASIM Version)"

#58 Dinindu-Wick closed 1 year ago
2
"Azure Portal Signin from another Azure Tenant"

#57 carel-v98 closed 1 year ago
1
"User agent search for log4j exploitation attempt"

#56 DGOV-Bryce closed 1 year ago
1
"M2131_RecommendedDatatableUnhealthy"

#55 Dinindu-Wick closed 1 year ago
2
"URL Added to Application from Unknown Domain"

#54 DGOV-Bryce closed 1 year ago
1
"(Preview) TI map Domain entity to Web Session Events (ASIM Web Session schema)"

#53 Dinindu-Wick closed 1 year ago
2
"(Preview) TI map IP entity to Web Session Events (ASIM Web Session schema)"

#52 Dinindu-Wick closed 1 year ago
2
"Suspicious number of resource creation or deployment activities"

#51 DGOV-Bryce closed 1 year ago
1
"(Preview) TI map IP entity to Network Session Events (ASIM Network Session schema)"

#50 Dinindu-Wick closed 1 year ago
2
"SharePointFileOperation via previously unseen IPs"

#49 DGOV-Bryce closed 1 year ago
1
"SharePointFileOperation via devices with previously unseen user agents"

#48 DGOV-Bryce closed 1 year ago
1
"(Preview) TI map IP entity to DNS Events (ASIM DNS schema)"

#47 Dinindu-Wick closed 1 year ago
2
"Rare client observed with high reverse DNS lookup count"

#46 DGOV-Bryce closed 1 year ago
1
"Non Domain Controller Active Directory Replication"

#45 DGOV-Bryce closed 1 year ago
1
"NOBELIUM - suspicious rundll32.exe execution of vbscript (Normalized Process Events)"

#44 DGOV-Bryce closed 1 year ago
1
"Multiple RDP connections from Single System"

#43 DGOV-Bryce closed 1 year ago
1
"Account Created and Deleted in Short Timeframe"

#42 DGOV-Bryce closed 1 year ago
1
"User Assigned Privileged Role"

#41 ryan-aus closed 1 year ago
1
"Credential Dumping Tools - Service Installation"

#40 ryan-aus closed 1 year ago
1
"Credential Dumping Tools - File Artifacts"

#39 ryan-aus closed 1 year ago
1
"A host is potentially running a hacking tool (ASIM Web Session schema)"

#38 ryan-aus closed 1 year ago
1
"A host is potentially running a crypto miner (ASIM Web Session schema)"

#37 DGOV-Bryce closed 1 year ago
2
Infrastructure Testing - Overwriting Existing Deployments

#36 DGovEnterprise closed 1 year ago
1
Added Automation Rules

#35 Dinindu-Wick closed 1 year ago
0
Pb testing bryce

#34 DGOV-Bryce closed 1 year ago
0
Added Automation Rules

#33 Dinindu-Wick closed 1 year ago
0
Pb testing bryce

#32 DGOV-Bryce closed 1 year ago
0
Added Automation Tasks

#31 Dinindu-Wick closed 1 year ago
0
"Suspicious malware found in the network (Microsoft Defender for IoT)"

#30 DGOV-Bryce opened 1 year ago
1
"Unauthorized remote access to the network (Microsoft Defender for IoT)"

#29 Dinindu-Wick opened 1 year ago
1
"Multiple scans in the network (Microsoft Defender for IoT)"

#28 Dinindu-Wick opened 1 year ago
1
"Insider Risk_Microsoft Purview Insider Risk Management Alert Observed"

#27 Dinindu-Wick closed 1 year ago
3
"Firmware Updates (Microsoft Defender for IoT)"

#26 Dinindu-Wick opened 1 year ago
1
Adding in my selection of rules

#25 carel-v98 closed 1 year ago
0
"MSHTML vulnerability CVE-2021-40444 attack"

#24 carel-v98 closed 1 year ago
2
"Exchange OAB Virtual Directory Attribute Containing Potential Webshell"

#23 carel-v98 closed 1 year ago
2
API can not call the second page of the Automation page

#22 carel-v98 closed 1 year ago
1
"CoreBackUp Deletion in correlation with other related security alerts"

#21 carel-v98 closed 1 year ago
2
"Denial of Service (Microsoft Defender for IoT)"

#20 ryan-aus opened 1 year ago
2
"Excessive Login Attempts (Microsoft Defender for IoT)"

#19 ryan-aus opened 1 year ago
1
"AD FS Abnormal EKU object identifier attribute"

#18 carel-v98 closed 1 year ago
2