issues
search
wagov
/
WASOCAutomationPlaybook
For testing playbooks
1
stars
2
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Pre-Presentation Refresh
#67
DGOV-Bryce
closed
1 year ago
0
Pre-prod push deployment testing
#66
DGOV-Bryce
closed
1 year ago
3
Fixed folder name
#65
carel-v98
closed
1 year ago
0
AddTasks - User agent search for log4j exploitation attempt
#64
DininduSWick
closed
1 year ago
0
"User login from different countries within 3 hours (Uses Authentication Normalization)"
#63
carel-v98
closed
1 year ago
1
"Sign-ins from IPs that attempt sign-ins to disabled accounts (Uses Authentication Normalization)"
#62
carel-v98
closed
1 year ago
1
"SUNBURST suspicious SolarWinds child processes (Normalized Process Events)"
#61
DininduSWick
closed
1 year ago
2
"Potential communication with a Domain Generation Algorithm (DGA) based hostname (ASIM Web Session schema)"
#60
DininduSWick
closed
1 year ago
2
"Base64 encoded Windows process command-lines (Normalized Process Events)"
#59
carel-v98
closed
1 year ago
1
"New EXE deployed via Default Domain or Default Domain Controller Policies (ASIM Version)"
#58
DininduSWick
closed
1 year ago
2
"Azure Portal Signin from another Azure Tenant"
#57
carel-v98
closed
1 year ago
1
"User agent search for log4j exploitation attempt"
#56
DGOV-Bryce
closed
1 year ago
1
"M2131_RecommendedDatatableUnhealthy"
#55
DininduSWick
closed
1 year ago
2
"URL Added to Application from Unknown Domain"
#54
DGOV-Bryce
closed
1 year ago
1
"(Preview) TI map Domain entity to Web Session Events (ASIM Web Session schema)"
#53
DininduSWick
closed
1 year ago
2
"(Preview) TI map IP entity to Web Session Events (ASIM Web Session schema)"
#52
DininduSWick
closed
1 year ago
2
"Suspicious number of resource creation or deployment activities"
#51
DGOV-Bryce
closed
1 year ago
1
"(Preview) TI map IP entity to Network Session Events (ASIM Network Session schema)"
#50
DininduSWick
closed
1 year ago
2
"SharePointFileOperation via previously unseen IPs"
#49
DGOV-Bryce
closed
1 year ago
1
"SharePointFileOperation via devices with previously unseen user agents"
#48
DGOV-Bryce
closed
1 year ago
1
"(Preview) TI map IP entity to DNS Events (ASIM DNS schema)"
#47
DininduSWick
closed
1 year ago
2
"Rare client observed with high reverse DNS lookup count"
#46
DGOV-Bryce
closed
1 year ago
1
"Non Domain Controller Active Directory Replication"
#45
DGOV-Bryce
closed
1 year ago
1
"NOBELIUM - suspicious rundll32.exe execution of vbscript (Normalized Process Events)"
#44
DGOV-Bryce
closed
1 year ago
1
"Multiple RDP connections from Single System"
#43
DGOV-Bryce
closed
1 year ago
1
"Account Created and Deleted in Short Timeframe"
#42
DGOV-Bryce
closed
1 year ago
1
"User Assigned Privileged Role"
#41
ryan-aus
closed
1 year ago
1
"Credential Dumping Tools - Service Installation"
#40
ryan-aus
closed
1 year ago
1
"Credential Dumping Tools - File Artifacts"
#39
ryan-aus
closed
1 year ago
1
"A host is potentially running a hacking tool (ASIM Web Session schema)"
#38
ryan-aus
closed
1 year ago
1
"A host is potentially running a crypto miner (ASIM Web Session schema)"
#37
DGOV-Bryce
closed
1 year ago
2
Infrastructure Testing - Overwriting Existing Deployments
#36
DGovEnterprise
closed
1 year ago
1
Added Automation Rules
#35
DininduSWick
closed
1 year ago
0
Pb testing bryce
#34
DGOV-Bryce
closed
1 year ago
0
Added Automation Rules
#33
DininduSWick
closed
1 year ago
0
Pb testing bryce
#32
DGOV-Bryce
closed
1 year ago
0
Added Automation Tasks
#31
DininduSWick
closed
1 year ago
0
"Suspicious malware found in the network (Microsoft Defender for IoT)"
#30
DGOV-Bryce
opened
1 year ago
1
"Unauthorized remote access to the network (Microsoft Defender for IoT)"
#29
DininduSWick
opened
1 year ago
1
"Multiple scans in the network (Microsoft Defender for IoT)"
#28
DininduSWick
opened
1 year ago
1
"Insider Risk_Microsoft Purview Insider Risk Management Alert Observed"
#27
DininduSWick
closed
1 year ago
3
"Firmware Updates (Microsoft Defender for IoT)"
#26
DininduSWick
opened
1 year ago
1
Adding in my selection of rules
#25
carel-v98
closed
1 year ago
0
"MSHTML vulnerability CVE-2021-40444 attack"
#24
carel-v98
closed
1 year ago
2
"Exchange OAB Virtual Directory Attribute Containing Potential Webshell"
#23
carel-v98
closed
1 year ago
2
API can not call the second page of the Automation page
#22
carel-v98
closed
1 year ago
1
"CoreBackUp Deletion in correlation with other related security alerts"
#21
carel-v98
closed
1 year ago
2
"Denial of Service (Microsoft Defender for IoT)"
#20
ryan-aus
opened
1 year ago
2
"Excessive Login Attempts (Microsoft Defender for IoT)"
#19
ryan-aus
opened
1 year ago
1
"AD FS Abnormal EKU object identifier attribute"
#18
carel-v98
closed
1 year ago
2
Next