Ecosyste.ms: Issues
An open API service for providing issue and pull request metadata for open source projects.
GitHub / splunk/security_content issues and pull requests
#3333 - Nterl0k - T1546 The curious case of CompatTelRunner and some sneaky persistence.
Pull Request -
State: open - Opened by nterl0k 4 days ago
Labels: Detections
#3332 - 🎪 Haag's SQL Server Story Time: Tales of SQLCMD and Suspicious Queries 📚
Pull Request -
State: open - Opened by MHaggis 4 days ago
Labels: Detections, Stories, Macros
#3331 - Add baselines to labeler
Pull Request -
State: closed - Opened by ljstella 4 days ago
#3330 - Automated Splunk TA Update 175
Pull Request -
State: closed - Opened by patel-bhavin 5 days ago
- 1 comment
Labels: Datasource
#3329 - upating appinspect command
Pull Request -
State: closed - Opened by patel-bhavin 5 days ago
#3328 - the day after 8 million requests
Pull Request -
State: open - Opened by josehelps 5 days ago
- 1 comment
Labels: Detections, Lookups, Stories, Baselines
#3327 - Slack link change
Pull Request -
State: closed - Opened by ljstella 5 days ago
#3326 - Automated Splunk TA Update 174
Pull Request -
State: closed - Opened by patel-bhavin 6 days ago
- 1 comment
Labels: Datasource
#3325 - o365 detections output normalization
Pull Request -
State: open - Opened by P4T12ICK 6 days ago
Labels: WIP, Detections, Datasource
#3324 - Automated Splunk TA Update 173
Pull Request -
State: closed - Opened by patel-bhavin 7 days ago
- 1 comment
Labels: Datasource
#3323 - Clean up MITRE Tagging
Pull Request -
State: closed - Opened by pyth0n1c 7 days ago
- 1 comment
Labels: Detections
#3322 - Nterl0k - RMM Lookup Update 20250210
Pull Request -
State: closed - Opened by nterl0k 7 days ago
Labels: Lookups
#3321 - Nterl0k - T1486 BitLocker Suspicious Commands
Pull Request -
State: open - Opened by nterl0k 7 days ago
Labels: Detections
#3320 - Automated Splunk TA Update 172
Pull Request -
State: closed - Opened by patel-bhavin 8 days ago
- 1 comment
Labels: Datasource
#3319 - Automated Splunk TA Update 171
Pull Request -
State: closed - Opened by patel-bhavin 9 days ago
- 1 comment
Labels: Datasource
#3318 - Automated Splunk TA Update 170
Pull Request -
State: closed - Opened by patel-bhavin 10 days ago
- 1 comment
Labels: Datasource
#3317 - Nterl0k - T1569 Windows Suspicious Services Lookup
Pull Request -
State: open - Opened by nterl0k 10 days ago
Labels: Detections, Lookups
#3316 - Nterl0k - T1053 Windows Suspicious Sheduled Task + Lookup
Pull Request -
State: open - Opened by nterl0k 10 days ago
Labels: Detections, Lookups
#3316 - Nterl0k - T1053 Windows Suspicious Sheduled Task + Lookup
Pull Request -
State: open - Opened by nterl0k 10 days ago
Labels: Detections, Lookups
#3315 - Output normalization azure ad detections
Pull Request -
State: open - Opened by P4T12ICK 11 days ago
Labels: WIP, Detections, Datasource
#3315 - Output normalization azure ad detections
Pull Request -
State: open - Opened by P4T12ICK 11 days ago
Labels: WIP, Detections, Datasource
#3314 - headless_bee
Pull Request -
State: open - Opened by tccontre 11 days ago
Labels: WIP, Detections, Stories
#3313 - Automated Splunk TA Update 169
Pull Request -
State: closed - Opened by patel-bhavin 11 days ago
Labels: Datasource
#3311 - Automated Splunk TA Update 168
Pull Request -
State: open - Opened by patel-bhavin 12 days ago
- 4 comments
Labels: Datasource
#3306 - Cisco Secure Application Alerts
Pull Request -
State: open - Opened by patel-bhavin 13 days ago
- 1 comment
Labels: Detections, Macros, Datasource
#3303 - Update Lookups & Windows EventLog Macros
Pull Request -
State: open - Opened by nasbench 18 days ago
Labels: Lookups, Macros
#3302 - Cisco Talos Intelligence playbook updates
Pull Request -
State: closed - Opened by ljstella 18 days ago
- 1 comment
Labels: Playbooks
#3301 - output normalization for AWS cloudtrail logs
Pull Request -
State: open - Opened by P4T12ICK 18 days ago
Labels: WIP, Detections, Datasource
#3300 - Remove falcon data
Pull Request -
State: closed - Opened by patel-bhavin 20 days ago
Labels: Detections
#3299 - TR-3997 - New Content - auditpol and audit policy tampering analytics
Pull Request -
State: open - Opened by nasbench 20 days ago
Labels: Detections, Stories, Macros
#3298 - Nterl0k - T1567 - Suspect File Exfiltration Behaviors
Pull Request -
State: open - Opened by nterl0k 20 days ago
Labels: Detections
#3297 - Deprecated mapping yaml for detections
Pull Request -
State: open - Opened by patel-bhavin 20 days ago
#3296 - updated_nexus_activity
Pull Request -
State: closed - Opened by tccontre 22 days ago
- 1 comment
Labels: Detections, Stories, 5.0
#3295 - Final deprecation changes
Pull Request -
State: closed - Opened by pyth0n1c 24 days ago
- 1 comment
Labels: Stories
#3294 - Restore deleted analytics to deprecated
Pull Request -
State: closed - Opened by nasbench 24 days ago
Labels: Detections, 5.0
#3293 - Integration Testing failure cleanup
Pull Request -
State: closed - Opened by ljstella 24 days ago
Labels: Detections
#3292 - Nterl0k - T1114 Suspect 0365 Email Actions
Pull Request -
State: open - Opened by nterl0k 25 days ago
Labels: Detections, Macros
#3291 - analytics_enhancement
Pull Request -
State: closed - Opened by tccontre 25 days ago
Labels: Detections, Macros
#3290 - Integration fixes for 5.0 alpha2
Pull Request -
State: closed - Opened by patel-bhavin 26 days ago
Labels: Detections, 5.0
#3289 - Removed Observables section from last two stragglers
Pull Request -
State: closed - Opened by ljstella 26 days ago
Labels: Detections
#3288 - Deprecate v2
Pull Request -
State: closed - Opened by patel-bhavin 27 days ago
Labels: Detections
#3287 - Add descriptions and Mitre components to data sources
Pull Request -
State: open - Opened by delgado-jacob 27 days ago
- 3 comments
Labels: Detections, Datasource
#3286 - Version bumps
Pull Request -
State: closed - Opened by patel-bhavin 27 days ago
Labels: Detections
#3285 - Deprecate Analytics
Pull Request -
State: closed - Opened by patel-bhavin about 1 month ago
Labels: Detections, 5.0
#3284 - Talos - Community Playbook
Pull Request -
State: closed - Opened by tapishj-splunk about 1 month ago
Labels: Playbooks
#3283 - Nterl0k - T1200 - Are you down with USB ?
Pull Request -
State: closed - Opened by nterl0k about 1 month ago
- 1 comment
Labels: Detections
#3282 - nexus
Pull Request -
State: closed - Opened by tccontre about 1 month ago
- 1 comment
Labels: Detections, Stories
#3281 - removed auto update
Pull Request -
State: closed - Opened by pyth0n1c about 1 month ago
#3280 - Nterl0k - T1114.003 O365 Transport Rule Changed
Pull Request -
State: closed - Opened by nterl0k about 1 month ago
- 1 comment
Labels: Detections
#3279 - Nterl0k - RMM Story + Detection Updates
Pull Request -
State: open - Opened by nterl0k about 1 month ago
Labels: Detections, Stories
#3278 - GitHub detections improvement
Pull Request -
State: open - Opened by P4T12ICK about 1 month ago
Labels: Detections, Stories, Macros, Datasource
#3277 - TR-3994 - Add Secure Endpoint Analytics
Pull Request -
State: open - Opened by nasbench about 1 month ago
Labels: WIP, Detections, Stories
#3276 - Nterl0k - T1059 - Generic Malicious Powershell Strings + Lookup
Pull Request -
State: open - Opened by nterl0k about 1 month ago
- 1 comment
Labels: Detections, Lookups
#3275 - RDP bruteforce - production!
Pull Request -
State: closed - Opened by patel-bhavin about 1 month ago
Labels: Detections, Datasource
#3274 - Automated Splunk TA Update 141
Pull Request -
State: closed - Opened by patel-bhavin about 1 month ago
Labels: Datasource
#3273 - Automated Splunk TA Update 140
Pull Request -
State: closed - Opened by patel-bhavin about 1 month ago
- 1 comment
Labels: Datasource
#3272 - Nterl0k - T1213.002 Sus SharePoint Search
Pull Request -
State: closed - Opened by nterl0k about 1 month ago
- 1 comment
Labels: Detections
#3271 - Multiple Rule Updates
Pull Request -
State: closed - Opened by nasbench about 1 month ago
- 2 comments
Labels: Detections, Lookups, Macros, 5.0
#3270 - Automated Splunk TA Update 139
Pull Request -
State: closed - Opened by patel-bhavin about 1 month ago
- 5 comments
Labels: Datasource
#3269 - Strict yml from rba
Pull Request -
State: closed - Opened by pyth0n1c about 1 month ago
Labels: Detections, Lookups, Stories, 5.0
#3268 - Nterl0k - T1110 MFA Sweep / Excessive OS indicators from a user.
Pull Request -
State: open - Opened by nterl0k about 1 month ago
Labels: Detections
#3267 - Nterl0k - T1033 Query.exe usage on remote devices.
Pull Request -
State: open - Opened by nterl0k about 1 month ago
- 1 comment
Labels: Detections
#3266 - Dlux 5 - AAD detection
Pull Request -
State: closed - Opened by dluxtron about 1 month ago
- 1 comment
Labels: Detections, Macros, Datasource
#3265 - DCSync Detection Exclusion Logic Issue
Issue -
State: closed - Opened by bardicworks about 1 month ago
- 1 comment
#3264 - Automated Splunk TA Update 134
Pull Request -
State: closed - Opened by patel-bhavin about 2 months ago
Labels: Datasource
#3263 - Add detection suspicious api / url from telegram
Pull Request -
State: open - Opened by zake1god about 2 months ago
- 2 comments
Labels: Detections
#3262 - Automated Splunk TA Update 133
Pull Request -
State: closed - Opened by patel-bhavin about 2 months ago
- 1 comment
Labels: Datasource
#3261 - Automated Splunk TA Update 132
Pull Request -
State: closed - Opened by patel-bhavin about 2 months ago
Labels: Datasource
#3260 - Automated Splunk TA Update 131
Pull Request -
State: closed - Opened by patel-bhavin about 2 months ago
Labels: Datasource
#3259 - Automated Splunk TA Update 130
Pull Request -
State: closed - Opened by patel-bhavin about 2 months ago
Labels: Datasource
#3258 - Automated Splunk TA Update 129
Pull Request -
State: closed - Opened by patel-bhavin about 2 months ago
Labels: Datasource
#3257 - Nterl0k - T1219 - RMM Detection for Registry locations.
Pull Request -
State: open - Opened by nterl0k about 2 months ago
- 8 comments
Labels: Detections
#3256 - Automated Splunk TA Update 128
Pull Request -
State: closed - Opened by patel-bhavin about 2 months ago
Labels: Datasource
#3255 - Nterl0k - T1550 - NetExec Usage Detection
Pull Request -
State: closed - Opened by nterl0k about 2 months ago
- 5 comments
Labels: Detections
#3254 - Automated Splunk TA Update 127
Pull Request -
State: closed - Opened by patel-bhavin about 2 months ago
Labels: Datasource
#3253 - Nterl0k - T1595 - Generic Scanning Behavior
Pull Request -
State: closed - Opened by nterl0k about 2 months ago
- 4 comments
Labels: Detections
#3252 - Automated Splunk TA Update 126
Pull Request -
State: closed - Opened by patel-bhavin about 2 months ago
Labels: Datasource
#3251 - Automated Splunk TA Update 125
Pull Request -
State: closed - Opened by patel-bhavin about 2 months ago
Labels: Datasource
#3250 - Automated Splunk TA Update 124
Pull Request -
State: closed - Opened by patel-bhavin about 2 months ago
Labels: Datasource
#3249 - Update - Detect Exchange Web Shell
Pull Request -
State: closed - Opened by patel-bhavin about 2 months ago
Labels: Detections
#3248 - Automated Splunk TA Update 121
Pull Request -
State: closed - Opened by patel-bhavin about 2 months ago
Labels: Datasource
#3247 - Remove index from macro
Pull Request -
State: closed - Opened by patel-bhavin 2 months ago
Labels: Macros
#3246 - xorddos
Pull Request -
State: closed - Opened by tccontre 2 months ago
Labels: Detections, Stories
#3245 - [BUG] Harcoded indexes present in 3 macros
Issue -
State: closed - Opened by dluxtron 2 months ago
- 1 comment
Labels: bug
#3244 - Automated Splunk TA Update 116
Pull Request -
State: closed - Opened by patel-bhavin 2 months ago
Labels: Datasource
#3243 - Automated Splunk TA Update 115
Pull Request -
State: closed - Opened by patel-bhavin 2 months ago
- 1 comment
Labels: Datasource
#3242 - Add baseline search information to "ESCU - Unusually Long Command Line - MLTK" how_to_implement
Pull Request -
State: closed - Opened by TheLawsOfChaos 2 months ago
Labels: Detections
#3241 - Automated Splunk TA Update 114
Pull Request -
State: closed - Opened by patel-bhavin 2 months ago
- 1 comment
Labels: Datasource
#3240 - crypto_campaign
Pull Request -
State: closed - Opened by tccontre 2 months ago
Labels: Detections, Stories, 5.0
#3239 - Automated Splunk TA Update 113
Pull Request -
State: closed - Opened by patel-bhavin 2 months ago
- 1 comment
Labels: Datasource
#3238 - Update Ransomware Extensions Lookup
Pull Request -
State: closed - Opened by patel-bhavin 2 months ago
Labels: Detections, Lookups, Macros
#3237 - Improved ASL AWS detections
Pull Request -
State: closed - Opened by P4T12ICK 2 months ago
- 2 comments
Labels: Detections, Macros, Datasource
#3236 - The Haag Papyrus: Secrets of Cleo ð“€½
Pull Request -
State: closed - Opened by MHaggis 2 months ago
Labels: Detections, Stories
#3235 - Issue- 3234, 2073 n SlackPost Q :fixed:
Pull Request -
State: closed - Opened by patel-bhavin 2 months ago
Labels: Detections
#3234 - [BUG] windows_lateral_tool_transfer_remcom.yml might be mapped to the wrong mitre technique
Issue -
State: closed - Opened by hRun 2 months ago
- 2 comments
Labels: bug
#3233 - fix #2996
Pull Request -
State: closed - Opened by nasbench 2 months ago
- 1 comment
Labels: Detections
#3232 - Automated Splunk TA Update 109
Pull Request -
State: closed - Opened by patel-bhavin 2 months ago
- 1 comment
Labels: Datasource
#3231 - Content Enhancements - Second Batch
Pull Request -
State: closed - Opened by nasbench 2 months ago
- 1 comment
Labels: Detections, Stories
#3230 - Automated Splunk TA Update 108
Pull Request -
State: closed - Opened by patel-bhavin 2 months ago
Labels: Datasource
#3229 - Automated Splunk TA Update 107
Pull Request -
State: closed - Opened by patel-bhavin 2 months ago
Labels: Datasource