Skip to content

Latest commit

 

History

History
393 lines (248 loc) · 23 KB

references_g.md

File metadata and controls

393 lines (248 loc) · 23 KB

Sigma rule references as PDF

gcp_access_policy_deleted

Title : GCP Access Policy Deleted

Rule id : 32438676-1dba-4ac7-bf69-b86cba995e05

Url Pdf
https://cloud.google.com/access-context-manager/docs/audit-logging pdf/d667a82d5282b6a0b5e75971cd0df66806a235831b2afeb37087562d376fb512.pdf
https://cloud.google.com/logging/docs/audit/understanding-audit-logs pdf/537d189d127557f703ccdcba6b602c9e5908c40820e7e8bcca448d35f2f1ac62.pdf
https://cloud.google.com/logging/docs/reference/audit/auditlog/rest/Shared.Types/AuditLog pdf/e016f4b77d18ed912c382b248cc58d125381b3872c9bc716492601983540f8c9.pdf

gcp_breakglass_container_workload_deployed

Title : GCP Break-glass Container Workload Deployed

Rule id : 76737c19-66ee-4c07-b65a-a03301d1573d

Url Pdf
https://cloud.google.com/binary-authorization pdf/355f21ab4b3a2b13ca5e35b0f6e435affcb7e879c0d1c4dc8df54848e68161e8.pdf

gcp_bucket_enumeration

Title : Google Cloud Storage Buckets Enumeration

Rule id : e2feb918-4e77-4608-9697-990a1aaf74c3

Url Pdf
https://cloud.google.com/storage/docs/json_api/v1/buckets pdf/b22321a9c0b709d1f39358af83f0c6bdf945f47ea5790c6b8575e814f71c54a3.pdf

gcp_bucket_modified_or_deleted

Title : Google Cloud Storage Buckets Modified or Deleted

Rule id : 4d9f2ee2-c903-48ab-b9c1-8c0f474913d0

Url Pdf
https://cloud.google.com/storage/docs/json_api/v1/buckets pdf/b22321a9c0b709d1f39358af83f0c6bdf945f47ea5790c6b8575e814f71c54a3.pdf

gcp_dlp_re_identifies_sensitive_information

Title : Google Cloud Re-identifies Sensitive Information

Rule id : 234f9f48-904b-4736-a34c-55d23919e4b7

Url Pdf
https://cloud.google.com/dlp/docs/reference/rest/v2/projects.content/reidentify pdf/286e91ee2ef118675e47e493e293dbbebd819dab6258acb3500010757e7bd022.pdf

gcp_dns_zone_modified_or_deleted

Title : Google Cloud DNS Zone Modified or Deleted

Rule id : 28268a8f-191f-4c17-85b2-f5aa4fa829c3

Url Pdf
https://cloud.google.com/dns/docs/reference/v1/managedZones pdf/b9e8d165715597f52c3b2ed244e5d55c8a762d8e03d29bf3f98a4d094227c155.pdf

gcp_firewall_rule_modified_or_deleted

Title : Google Cloud Firewall Modified or Deleted

Rule id : fe513c69-734c-4d4a-8548-ac5f609be82b

Url Pdf
https://cloud.google.com/kubernetes-engine/docs/how-to/audit-logging pdf/25c8c2126305d22466ef8cf23ebe52b9aa1527859f655da5440c4ae5e6f3defb.pdf
https://developers.google.com/resources/api-libraries/documentation/compute/v1/java/latest/com/google/api/services/compute/Compute.Firewalls.html pdf/636bf4c5fbc1bbe2be711cfd15d07f0a1fc2cb16d211eef42f915ba149a803bf.pdf

gcp_full_network_traffic_packet_capture

Title : Google Full Network Traffic Packet Capture

Rule id : 980a7598-1e7f-4962-9372-2d754c930d0e

Url Pdf
https://cloud.google.com/kubernetes-engine/docs/how-to/audit-logging pdf/25c8c2126305d22466ef8cf23ebe52b9aa1527859f655da5440c4ae5e6f3defb.pdf
https://developers.google.com/resources/api-libraries/documentation/compute/v1/java/latest/com/google/api/services/compute/Compute.PacketMirrorings.html pdf/a0cc4540f1f4eda974b96dea9401dbc26c62da8637a22418c3c09188387fcd72.pdf

gcp_gworkspace_application_access_levels_modified

Title : Google Workspace Application Access Level Modified

Rule id : 22f2fb54-5312-435d-852f-7c74f81684ca

Url Pdf
https://developers.google.com/admin-sdk/reports/v1/appendix/activity/admin-application-settings pdf/ab4fc98a943883a50b47cf59ca90bd9b583a68a44a10a752cc1e3b6421ce4bf5.pdf
https://support.google.com/a/answer/9261439 pdf/19491ebea92e36b1be68b8418f4b57b24c4385c2d9c2e3390e6e46695f5dee62.pdf

gcp_gworkspace_application_removed

Title : Google Workspace Application Removed

Rule id : ee2803f0-71c8-4831-b48b-a1fc57601ee4

Url Pdf
https://cloud.google.com/logging/docs/audit/gsuite-audit-logging#3 pdf/c98845a90d6fa360924aed20ae02a6bff39433236a627c8375fd18ae77719bfb.pdf
https://developers.google.com/admin-sdk/reports/v1/appendix/activity/admin-domain-settings?hl=en#REMOVE_APPLICATION pdf/9b4200e6c05f80687f4ef3e21f2eba6332972f961e4efdf3a410c2157ef77f7e.pdf
https://developers.google.com/admin-sdk/reports/v1/appendix/activity/admin-domain-settings?hl=en#REMOVE_APPLICATION_FROM_WHITELIST pdf/4db28bc43a49e0fffe2e621c4d2131f73d471cef020deaf4a6d461c02acb1b94.pdf

gcp_gworkspace_granted_domain_api_access

Title : Google Workspace Granted Domain API Access

Rule id : 04e2a23a-9b29-4a5c-be3a-3542e3f982ba

Url Pdf
https://cloud.google.com/logging/docs/audit/gsuite-audit-logging#3 pdf/c98845a90d6fa360924aed20ae02a6bff39433236a627c8375fd18ae77719bfb.pdf
https://developers.google.com/admin-sdk/reports/v1/appendix/activity/admin-domain-settings#AUTHORIZE_API_CLIENT_ACCESS pdf/a2c8fa7f09c7ef896409d014740ef908da46526e85bd41bb21746f5204f57bb7.pdf

gcp_gworkspace_mfa_disabled

Title : Google Workspace MFA Disabled

Rule id : 780601d1-6376-4f2a-884e-b8d45599f78c

Url Pdf
https://cloud.google.com/logging/docs/audit/gsuite-audit-logging#3 pdf/c98845a90d6fa360924aed20ae02a6bff39433236a627c8375fd18ae77719bfb.pdf
https://developers.google.com/admin-sdk/reports/v1/appendix/activity/admin-security-settings#ENFORCE_STRONG_AUTHENTICATION pdf/341390ff2ccb8d6538f5fe9d441463b3d18c4e05d3bbeb61ffd9c738e582b83e.pdf
https://developers.google.com/admin-sdk/reports/v1/appendix/activity/admin-security-settings?hl=en#ALLOW_STRONG_AUTHENTICATION pdf/9de2d848105e76cacc518829d36eed19b5a4f3c98b62d15ed6fdb135305b22c3.pdf

gcp_gworkspace_role_modified_or_deleted

Title : Google Workspace Role Modified or Deleted

Rule id : 6aef64e3-60c6-4782-8db3-8448759c714e

Url Pdf
https://cloud.google.com/logging/docs/audit/gsuite-audit-logging#3 pdf/c98845a90d6fa360924aed20ae02a6bff39433236a627c8375fd18ae77719bfb.pdf
https://developers.google.com/admin-sdk/reports/v1/appendix/activity/admin-delegated-admin-settings pdf/87107fc95f5987ad3b00d5875ea886ee14020fbccf14101420ef73973c2e7c6b.pdf

gcp_gworkspace_role_privilege_deleted

Title : Google Workspace Role Privilege Deleted

Rule id : bf638ef7-4d2d-44bb-a1dc-a238252e6267

Url Pdf
https://cloud.google.com/logging/docs/audit/gsuite-audit-logging#3 pdf/c98845a90d6fa360924aed20ae02a6bff39433236a627c8375fd18ae77719bfb.pdf
https://developers.google.com/admin-sdk/reports/v1/appendix/activity/admin-delegated-admin-settings pdf/87107fc95f5987ad3b00d5875ea886ee14020fbccf14101420ef73973c2e7c6b.pdf

gcp_gworkspace_user_granted_admin_privileges

Title : Google Workspace User Granted Admin Privileges

Rule id : 2d1b83e4-17c6-4896-a37b-29140b40a788

Url Pdf
https://cloud.google.com/logging/docs/audit/gsuite-audit-logging#3 pdf/c98845a90d6fa360924aed20ae02a6bff39433236a627c8375fd18ae77719bfb.pdf
https://developers.google.com/admin-sdk/reports/v1/appendix/activity/admin-user-settings#GRANT_ADMIN_PRIVILEGE pdf/cbc14e762656b2454ff939d2694238fc4f092d16aa1a7a0390ce088eccb7a131.pdf

gcp_kubernetes_admission_controller

Title : Google Cloud Kubernetes Admission Controller

Rule id : 6ad91e31-53df-4826-bd27-0166171c8040

Url Pdf
https://cloud.google.com/kubernetes-engine/docs pdf/f364d04aeec47b138b4a17a875363cac97c5ccfe6f31361fdcd64d2b3966150e.pdf

gcp_kubernetes_cronjob

Title : Google Cloud Kubernetes CronJob

Rule id : cd3a808c-c7b7-4c50-a2f3-f4cfcd436435

Url Pdf
https://cloud.google.com/kubernetes-engine/docs pdf/f364d04aeec47b138b4a17a875363cac97c5ccfe6f31361fdcd64d2b3966150e.pdf
https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/ pdf/790a0b0111db088f8ea3d4ad53770743fa44e5aa94a3ac5739e11c0a0be6432a.pdf
https://kubernetes.io/docs/concepts/workloads/controllers/job/ pdf/bc994bade3e5e8be49fee4bde47700f10ed07d7f059cda258d1aad0bda25d951.pdf

gcp_kubernetes_rolebinding

Title : Google Cloud Kubernetes RoleBinding

Rule id : 0322d9f2-289a-47c2-b5e1-b63c90901a3e

Url Pdf
elastic/detection-rules#1267 pdf/391f12501341fa28d7b40f4d587d9344c00ef5e790d17f97b2fba6f8f8e08ed0.pdf
https://kubernetes.io/docs/reference/kubernetes-api/authorization-resources/cluster-role-v1/#ClusterRole pdf/39a6c691423af59ede8b18ee65a4ce770a597af3fd5880552416cf2fe84ef8b8.pdf
https://cloud.google.com/kubernetes-engine/docs/how-to/role-based-access-control pdf/2dadf2ac09b9ce58982a4157e10a255593b6e3f8b0a75b5183cdf82de17ec2b3.pdf
https://kubernetes.io/docs/reference/access-authn-authz/rbac/ pdf/6be4067ddcf73f2f2de66f71861d25618d3e9c169182d4b52e2f9c4e1d656ba2.pdf
https://cloud.google.com/kubernetes-engine/docs/how-to/audit-logging pdf/25c8c2126305d22466ef8cf23ebe52b9aa1527859f655da5440c4ae5e6f3defb.pdf

gcp_kubernetes_secrets_modified_or_deleted

Title : Google Cloud Kubernetes Secrets Modified or Deleted

Rule id : 2f0bae2d-bf20-4465-be86-1311addebaa3

Url Pdf
https://cloud.google.com/kubernetes-engine/docs/how-to/audit-logging pdf/25c8c2126305d22466ef8cf23ebe52b9aa1527859f655da5440c4ae5e6f3defb.pdf

gcp_service_account_disabled_or_deleted

Title : Google Cloud Service Account Disabled or Deleted

Rule id : 13f81a90-a69c-4fab-8f07-b5bb55416a9f

Url Pdf
https://cloud.google.com/iam/docs/reference/rest/v1/projects.serviceAccounts pdf/fec7af2f4a7affbf3245429fc6f0a2eb6b7b3d4ff5dec608a2bcabafa54a8c26.pdf

gcp_service_account_modified

Title : Google Cloud Service Account Modified

Rule id : 6b67c12e-5e40-47c6-b3b0-1e6b571184cc

Url Pdf
https://cloud.google.com/iam/docs/reference/rest/v1/projects.serviceAccounts pdf/fec7af2f4a7affbf3245429fc6f0a2eb6b7b3d4ff5dec608a2bcabafa54a8c26.pdf

gcp_sql_database_modified_or_deleted

Title : Google Cloud SQL Database Modified or Deleted

Rule id : f346bbd5-2c4e-4789-a221-72de7685090d

Url Pdf
https://cloud.google.com/sql/docs/mysql/admin-api/rest/v1beta4/users/update pdf/da982ae791f5a20275da3befbb2a8c5d45621c056e7ad6b06fd43efb53f1662f.pdf

gcp_vpn_tunnel_modified_or_deleted

Title : Google Cloud VPN Tunnel Modified or Deleted

Rule id : 99980a85-3a61-43d3-ac0f-b68d6b4797b1

Url Pdf
https://any-api.com/googleapis_com/compute/docs/vpnTunnels pdf/c5ff98faf62abe87a28468e9abf1ccb9ef0ef1c110c7f10ab253262ff1d02af7.pdf

github_delete_action_invoked

Title : Github Delete Action Invoked

Rule id : 16a71777-0b2e-4db7-9888-9d59cb75200b

Url Pdf
https://docs.github.com/en/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#audit-log-actions pdf/d349aa3907e5d9aacd2bd099a74e7831c8cb8825d64407a0dfadee1750be998d.pdf

github_disable_high_risk_configuration

Title : Github High Risk Configuration Disabled

Rule id : 8622c92d-c00e-463c-b09d-fd06166f6794

Url Pdf
https://docs.github.com/en/organizations/managing-oauth-access-to-your-organizations-data/disabling-oauth-app-access-restrictions-for-your-organization pdf/d6236e1846ffa51c03ae82130ab3507850e03a7574ff3138f4b013a277f0df58.pdf
https://docs.github.com/en/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#dependabot_alerts-category-actions pdf/182db5dc89579a5a50c07de9adfaa9493bccef1aaf4ef6cdb4f50b63fe31fede.pdf
https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository pdf/1595bc04e514ace896556e072d0bb7b4dc5a30fe1dbda0af4d069f8f735f9609.pdf
https://docs.github.com/en/enterprise-cloud@latest/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise pdf/761951331dad0b4a649b42dbac0fe40997a0980b188c04ad1100f6bab968665b.pdf

github_disabled_outdated_dependency_or_vulnerability

Title : Outdated Dependency Or Vulnerability Alert Disabled

Rule id : 34e1c7d4-0cd5-419d-9f1b-1dad3f61018d

Url Pdf
https://docs.github.com/en/code-security/dependabot/dependabot-alerts/about-dependabot-alerts pdf/53cb6cb6bd137bc22b064958a106fd37a526ddea6e4173eda7c6106a4b6e7f65.pdf
https://docs.github.com/en/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization pdf/b11df0df4d866429b108d4470dded238f97ba329394a6302b7c5c89a93fc8776.pdf

github_fork_private_repos_enabled_or_cleared

Title : Github Fork Private Repositories Setting Enabled/Cleared

Rule id : 69b3bd1e-b38a-462f-9a23-fbdbf63d2294

Url Pdf
https://docs.github.com/en/enterprise-cloud@latest/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise#private_repository_forking pdf/0d724ab34163065f45fec330c26de5a06b343164562d26fd8b0b9074352278fc.pdf

github_new_org_member

Title : New Github Organization Member Added

Rule id : 3908d64a-3c06-4091-b503-b3a94424533b

Url Pdf
https://docs.github.com/en/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#dependabot_alerts-category-actions pdf/182db5dc89579a5a50c07de9adfaa9493bccef1aaf4ef6cdb4f50b63fe31fede.pdf

github_new_secret_created

Title : Github New Secret Created

Rule id : f9405037-bc97-4eb7-baba-167dad399b83

Url Pdf
https://docs.github.com/en/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#audit-log-actions pdf/d349aa3907e5d9aacd2bd099a74e7831c8cb8825d64407a0dfadee1750be998d.pdf

github_outside_collaborator_detected

Title : Github Outside Collaborator Detected

Rule id : eaa9ac35-1730-441f-9587-25767bde99d7

Url Pdf
https://docs.github.com/en/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#audit-log-actions pdf/d349aa3907e5d9aacd2bd099a74e7831c8cb8825d64407a0dfadee1750be998d.pdf
https://docs.github.com/en/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization pdf/51b2fb60464bc0b7c8dc364463f77a98b51d54438d038bac016935a31adc48fc.pdf

github_push_protection_bypass_detected

Title : Github Push Protection Bypass Detected

Rule id : 02cf536a-cf21-4876-8842-4159c8aee3cc

Url Pdf
https://docs.github.com/en/enterprise-cloud@latest/code-security/secret-scanning/push-protection-for-repositories-and-organizations pdf/76c260eed89aeb8b47e2bdb30aadd02c4b443c1cc66de8291be188d26f6c3c70.pdf
https://thehackernews.com/2024/03/github-rolls-out-default-secret.html pdf/725b589568dd3c406134cd570c02cf0fe87ae7c575f28989eb844b68fc1ddcac.pdf

github_push_protection_disabled

Title : Github Push Protection Disabled

Rule id : ccd55945-badd-4bae-936b-823a735d37dd

Url Pdf
https://docs.github.com/en/enterprise-cloud@latest/code-security/secret-scanning/push-protection-for-repositories-and-organizations pdf/76c260eed89aeb8b47e2bdb30aadd02c4b443c1cc66de8291be188d26f6c3c70.pdf
https://thehackernews.com/2024/03/github-rolls-out-default-secret.html pdf/725b589568dd3c406134cd570c02cf0fe87ae7c575f28989eb844b68fc1ddcac.pdf

github_repo_or_org_transferred

Title : Github Repository/Organization Transferred

Rule id : 04ad83ef-1a37-4c10-b57a-81092164bf33

Url Pdf
https://docs.github.com/en/repositories/creating-and-managing-repositories/transferring-a-repository pdf/863b2bddb1937ab68c40562e8dbed1058789bea43afb867e022abe1e2dc1421b.pdf
https://docs.github.com/en/organizations/managing-organization-settings/transferring-organization-ownership pdf/99d46d7849bba7280b94d7ca8709c6a4f48fa871de553d01b1cd1f1c20b10204.pdf
https://docs.github.com/en/migrations pdf/0fd7a76358ad04801b6fc528e3dd04965dd869d2ff1e719fa6ded0de29cbac51.pdf
https://docs.github.com/en/enterprise-cloud@latest/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise#migration pdf/d8eae3a81100e0ca97411cb8b6e8e5c49fc8af95e38fb2e229d3b813796c9b1e.pdf

github_secret_scanning_feature_disabled

Title : Github Secret Scanning Feature Disabled

Rule id : 3883d9a0-fd0f-440f-afbb-445a2a799bb8

Url Pdf
https://docs.github.com/en/enterprise-cloud@latest/code-security/secret-scanning/about-secret-scanning pdf/22df6f31caf63c9461db8eff32831e4ab29066326f8cb57a6dea9f21b14294a8.pdf

github_self_hosted_runner_changes_detected

Title : Github Self Hosted Runner Changes Detected

Rule id : f8ed0e8f-7438-4b79-85eb-f358ef2fbebd

Url Pdf
https://docs.github.com/en/actions/hosting-your-own-runners/about-self-hosted-runners#about-self-hosted-runners pdf/d2ee373458a79084de66c5c01157d5ba182047082de6522b17887b4a455b689c.pdf
https://docs.github.com/en/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#search-based-on-operation pdf/a5204214088cc824bd874af16ef10398680540384b665f58dc90e46a20698faa.pdf

github_ssh_certificate_config_changed

Title : Github SSH Certificate Configuration Changed

Rule id : 2f575940-d85e-4ddc-af13-17dad6f1a0ef

Url Pdf
https://docs.github.com/en/enterprise-cloud@latest/organizations/managing-git-access-to-your-organizations-repositories/about-ssh-certificate-authorities pdf/9bf43dee0847fbc183368b66ab46c378b8e1cb33cbc27a14954729921e0afae2.pdf
https://docs.github.com/en/enterprise-cloud@latest/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise#ssh_certificate_authority pdf/3e07bdcad5c97308c03d6e31dacbe2914f4c071437b2511b2c49a08deb658a98.pdf