Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add additional AWS rules #4900

Merged
merged 7 commits into from
Jul 11, 2024
Merged

Add additional AWS rules #4900

merged 7 commits into from
Jul 11, 2024

Conversation

jamesc-grafana
Copy link
Contributor

@jamesc-grafana jamesc-grafana commented Jul 5, 2024
edited by nasbench
Loading

Summary of the Pull Request

This PR adds to the SigmaHQ repository some rules that we have developed internally within Grafana to enable detection of events from CloudTrail that could pose a threat to our environment.

Changelog

new: Ingress/Egress Security Group Modification
new: LoadBalancer Security Group Modification
new: Malicious Usage Of IMDS Credentials Outside Of AWS Infrastructure
new: New Network ACL Entry Added
new: New Network Route Added
new: Potential Malicious Usage of CloudTrail System Manager
new: RDS Database Security Group Modification

Example Log Event

N/A

Fixed Issues

N/A

SigmaHQ Rule Creation Conventions

  • If your PR adds new rules, please consider following and applying these conventions

@github-actions github-actions bot added the Rules label Jul 5, 2024
@jamesc-grafana jamesc-grafana marked this pull request as draft July 5, 2024 14:14
@jamesc-grafana jamesc-grafana marked this pull request as ready for review July 5, 2024 14:38
@nasbench nasbench self-assigned this Jul 7, 2024
@nasbench nasbench added the Work In Progress Some changes are needed label Jul 7, 2024
@nasbench nasbench self-requested a review July 7, 2024 15:32
nasbench
nasbench approved these changes Jul 11, 2024
View reviewed changes
Copy link
Member

@nasbench nasbench left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the contribution @jamesc-grafana LGTM

I just made some updates to filenames and some titles to align with everything else.

@nasbench nasbench removed the Work In Progress Some changes are needed label Jul 11, 2024
@nasbench nasbench merged commit f95d539 into SigmaHQ:master Jul 11, 2024
12 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nasbench nasbench nasbench approved these changes

Assignees

@nasbench nasbench

Labels
Rules
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@jamesc-grafana @nasbench