Ecosyste.ms: Issues
An open API service for providing issue and pull request metadata for open source projects.
GitHub / splunk/security_content issues and pull requests
#3134 - [BUG] Azure MFA failure detections logic flaw
Issue -
State: open - Opened by 0xC0FFEEEE 2 days ago
Labels: bug
#3133 - Enrichments CI update
Pull Request -
State: closed - Opened by patel-bhavin 4 days ago
#3132 - Automated Splunk TA Update 27
Pull Request -
State: closed - Opened by patel-bhavin 4 days ago
- 1 comment
Labels: Datasource
#3131 - [community request] Update Ransomware Extensions Lookup
Issue -
State: open - Opened by ljstella 5 days ago
Labels: enhancement
#3130 - Application drilldowns
Pull Request -
State: open - Opened by patel-bhavin 5 days ago
- 1 comment
Labels: Detections
#3129 - valleyrat
Pull Request -
State: open - Opened by tccontre 5 days ago
Labels: WIP, Detections, Stories
#3128 - Automated Splunk TA Update 25
Pull Request -
State: closed - Opened by patel-bhavin 6 days ago
Labels: Datasource
#3127 - Automated Splunk TA Update 24
Pull Request -
State: closed - Opened by patel-bhavin 7 days ago
Labels: Datasource
#3126 - Automated Splunk TA Update 23
Pull Request -
State: closed - Opened by patel-bhavin 8 days ago
Labels: Datasource
#3125 - Automated Splunk TA Update 22
Pull Request -
State: closed - Opened by patel-bhavin 9 days ago
Labels: Datasource
#3124 - K8 - add deprecate detection note
Pull Request -
State: open - Opened by patel-bhavin 10 days ago
Labels: Detections
#3123 - Add drilldowns to application detections
Pull Request -
State: closed - Opened by patel-bhavin 10 days ago
- 1 comment
Labels: Detections
#3122 - Automated Splunk TA Update 21
Pull Request -
State: closed - Opened by patel-bhavin 10 days ago
Labels: Datasource
#3121 - Bump peter-evans/create-pull-request from 6 to 7
Pull Request -
State: closed - Opened by dependabot[bot] 12 days ago
Labels: dependencies
#3120 - linux auditd fixes
Pull Request -
State: closed - Opened by patel-bhavin 15 days ago
Labels: Detections
#3119 - Linux Auditd Fix
Pull Request -
State: closed - Opened by patel-bhavin 16 days ago
Labels: Detections
#3118 - Automated Splunk TA Update 14
Pull Request -
State: closed - Opened by patel-bhavin 17 days ago
Labels: Datasource
#3117 - README - Getting started
Pull Request -
State: open - Opened by patel-bhavin 18 days ago
- 1 comment
#3116 - Update feedback center test
Pull Request -
State: closed - Opened by patel-bhavin 18 days ago
#3115 - The Haag Element: Breaking Down AA24-241A
Pull Request -
State: closed - Opened by MHaggis 18 days ago
- 1 comment
Labels: Detections, Stories
#3114 - Add data sources dependabot
Pull Request -
State: closed - Opened by patel-bhavin 19 days ago
#3113 - Automated Splunk TA Update 13
Pull Request -
State: closed - Opened by patel-bhavin 19 days ago
Labels: Datasource
#3112 - Automated Splunk TA Update 11
Pull Request -
State: closed - Opened by patel-bhavin 19 days ago
Labels: Datasource
#3111 - Automated Splunk TA Update 10
Pull Request -
State: closed - Opened by patel-bhavin 19 days ago
Labels: Datasource
#3110 - updating version for patch release of dashbaords
Pull Request -
State: closed - Opened by patel-bhavin 23 days ago
- 1 comment
#3109 - updated aws TA version
Pull Request -
State: closed - Opened by patel-bhavin 23 days ago
- 1 comment
Labels: Datasource
#3108 - More Observable cleanup
Pull Request -
State: closed - Opened by ljstella 24 days ago
- 1 comment
Labels: Detections
#3107 - Improvements AWS ASL detection
Pull Request -
State: closed - Opened by P4T12ICK 24 days ago
- 2 comments
Labels: Detections, Datasource
#3106 - Improved how_to_implement for k8s detections
Pull Request -
State: closed - Opened by P4T12ICK 24 days ago
- 1 comment
Labels: Detections
#3105 - No More Haag-gling with BlackSuit: A Tailored Analytic Story
Pull Request -
State: closed - Opened by MHaggis 26 days ago
Labels: Detections, Stories
#3104 - 4.39.0 integration fixes
Pull Request -
State: closed - Opened by patel-bhavin 27 days ago
Labels: Detections
#3103 - Remove outdated files
Pull Request -
State: closed - Opened by patel-bhavin 29 days ago
#3102 - remove reporting
Pull Request -
State: closed - Opened by patel-bhavin 29 days ago
#3101 - remove tab
Pull Request -
State: closed - Opened by tjgeorgen 29 days ago
Labels: Detections
#3100 - wrong keys in the yaml
Pull Request -
State: closed - Opened by patel-bhavin 30 days ago
Labels: Detections
#3099 - Weird formatting
Pull Request -
State: closed - Opened by ljstella 30 days ago
Labels: Detections
#3098 - [BUG] Whitespace `\t` in several YAML rule files causing YAML load errors
Issue -
State: closed - Opened by brokensound77 30 days ago
- 2 comments
Labels: bug
#3097 - Adding Aws Datasources
Pull Request -
State: closed - Opened by patel-bhavin about 1 month ago
- 1 comment
Labels: needs-more-info, Datasource
#3096 - Testing Data Source validation
Pull Request -
State: closed - Opened by patel-bhavin about 1 month ago
#3095 - moon_peak_coverage
Pull Request -
State: closed - Opened by tccontre about 1 month ago
Labels: Detections, Stories
#3094 - Remove Duplicate Obs
Pull Request -
State: closed - Opened by patel-bhavin about 1 month ago
- 1 comment
Labels: Detections
#3093 - Guardians of the Haaglaxy
Pull Request -
State: closed - Opened by MHaggis about 1 month ago
- 2 comments
Labels: Detections, Stories, Macros, Datasource
#3092 - Fix potential input output lookup issues
Pull Request -
State: open - Opened by pyth0n1c about 1 month ago
Labels: WIP, Detections, Lookups
#3091 - Marked two detections as manual_test
Pull Request -
State: closed - Opened by pyth0n1c about 1 month ago
- 2 comments
Labels: Detections
#3090 - Update linux_hosts.yml
Pull Request -
State: closed - Opened by MHaggis about 1 month ago
Labels: Macros
#3089 - linux_auditd_detection
Pull Request -
State: closed - Opened by tccontre about 1 month ago
- 1 comment
Labels: Detections, Stories, Macros
#3088 - add missing version and id fields to story
Pull Request -
State: closed - Opened by pyth0n1c about 1 month ago
Labels: Stories
#3087 - auditd_data_source
Pull Request -
State: closed - Opened by tccontre about 1 month ago
Labels: Datasource
#3086 - ESCU dashboard updates:
Pull Request -
State: closed - Opened by patel-bhavin about 2 months ago
#3085 - Updating risk_message
Pull Request -
State: closed - Opened by patel-bhavin about 2 months ago
Labels: Detections
#3084 - Data Source Bug Fix
Pull Request -
State: closed - Opened by P4T12ICK about 2 months ago
Labels: Datasource
#3083 - Azure AD updates
Pull Request -
State: closed - Opened by patel-bhavin about 2 months ago
Labels: Detections
#3082 - Fix and Update Data Sources
Pull Request -
State: closed - Opened by pyth0n1c about 2 months ago
- 1 comment
Labels: Datasource
#3081 - testing from fork
Pull Request -
State: closed - Opened by patel-bhavin about 2 months ago
Labels: Detections
#3080 - trigger condition and remove contentctl version variable
Pull Request -
State: closed - Opened by patel-bhavin about 2 months ago
#3079 - Bump actions/checkout from 2 to 4
Pull Request -
State: closed - Opened by dependabot[bot] about 2 months ago
- 2 comments
Labels: dependencies
#3078 - RMM Must Die #3 - Dashboarding the carnage
Pull Request -
State: closed - Opened by nterl0k about 2 months ago
- 4 comments
#3077 - Adding new label for data_source changes
Pull Request -
State: closed - Opened by ljstella about 2 months ago
- 1 comment
#3076 - Fixing TA for CS data
Pull Request -
State: closed - Opened by ljstella about 2 months ago
- 1 comment
Labels: Datasource
#3075 - Adding App Inspect CI job
Pull Request -
State: closed - Opened by patel-bhavin about 2 months ago
#3074 - crowstrikes_analytics
Pull Request -
State: closed - Opened by tccontre about 2 months ago
- 1 comment
Labels: Detections, Stories, Macros
#3073 - handala_wiper
Pull Request -
State: closed - Opened by tccontre about 2 months ago
- 1 comment
Labels: Detections, Stories
#3072 - Improve TA names to match the naming in Splunk
Pull Request -
State: closed - Opened by P4T12ICK about 2 months ago
- 1 comment
Labels: Datasource
#3071 - testing from fork
Pull Request -
State: closed - Opened by patel-bhavin about 2 months ago
- 1 comment
Labels: Detections
#3070 - Unit-test for forks
Pull Request -
State: closed - Opened by patel-bhavin about 2 months ago
#3069 - Create windows_privileged_group_modification.yml
Pull Request -
State: closed - Opened by MHaggis about 2 months ago
- 1 comment
Labels: Detections
#3068 - fix some names and data sources
Pull Request -
State: closed - Opened by pyth0n1c about 2 months ago
- 1 comment
Labels: Detections
#3067 - Create new detection for CVE-2024-37085
Pull Request -
State: closed - Opened by TheLawsOfChaos about 2 months ago
- 1 comment
Labels: Detections
#3066 - A Haag of Your Own
Pull Request -
State: closed - Opened by MHaggis about 2 months ago
Labels: Detections, Stories
#3065 - Re adding 2 detections:
Pull Request -
State: closed - Opened by patel-bhavin about 2 months ago
Labels: Detections
#3064 - minor sysmon datasource update
Pull Request -
State: closed - Opened by patel-bhavin about 2 months ago
Labels: Detections
#3063 - Datestamped Azure lookup
Pull Request -
State: closed - Opened by ljstella about 2 months ago
- 1 comment
Labels: Lookups
#3062 - Remove extra fields from YMLs
Pull Request -
State: open - Opened by pyth0n1c about 2 months ago
Labels: WIP, Detections, Lookups, Stories
#3061 - Updated Observable config
Pull Request -
State: closed - Opened by ljstella about 2 months ago
- 4 comments
Labels: Detections
#3060 - Accidentally an extra risk object
Pull Request -
State: closed - Opened by ljstella about 2 months ago
Labels: Detections
#3059 - Haag's Guided Adventures
Pull Request -
State: closed - Opened by MHaggis about 2 months ago
Labels: Detections, Stories
#3058 - Add critical alerts to risk index
Pull Request -
State: open - Opened by gowthamarajr about 2 months ago
- 1 comment
Labels: Detections, Stories
#3057 - Shrink Locker
Pull Request -
State: closed - Opened by patel-bhavin about 2 months ago
Labels: Detections, Stories
#3055 - Updated PR Template
Pull Request -
State: closed - Opened by ljstella about 2 months ago
- 1 comment
#3054 - Remove old files
Pull Request -
State: closed - Opened by patel-bhavin about 2 months ago
#3053 - Format results unit testing - exception handling!
Pull Request -
State: closed - Opened by patel-bhavin about 2 months ago
Labels: bug
#3052 - Haag's Hunt for Gozi Gremlins
Pull Request -
State: closed - Opened by MHaggis about 2 months ago
- 2 comments
Labels: Detections, Stories
#3050 - Edit Windows Event Log Cleared
Pull Request -
State: closed - Opened by gowthamarajr about 2 months ago
- 1 comment
Labels: Detections
#3048 - Search Fix : issue 2977
Pull Request -
State: closed - Opened by patel-bhavin 2 months ago
Labels: Detections, Lookups
#3045 - Adding autolabels for content
Pull Request -
State: closed - Opened by ljstella 2 months ago
#3043 - [BUG] current detections.json has searches with unbalanced parentheses
Issue -
State: closed - Opened by tjgeorgen 2 months ago
- 1 comment
Labels: bug
#3041 - [BUG] Broken token in `tags.message` (Risk Message) for 11 rules
Issue -
State: closed - Opened by ccl0utier 2 months ago
- 2 comments
Labels: bug
#3036 - Updated precommit config
Pull Request -
State: closed - Opened by ljstella 2 months ago
- 4 comments
#3031 - Fix living_off_the_land_detection.yml reference in coverage.json
Pull Request -
State: closed - Opened by sko9370 2 months ago
- 1 comment
#3030 - Nterl0k - RMM Must Die - Update
Pull Request -
State: closed - Opened by nterl0k 2 months ago
- 4 comments
Labels: Detections, Lookups, Macros
#3026 - Dlux 3 - New & Updated AD / GPO / ACL Detections
Pull Request -
State: closed - Opened by dluxtron 3 months ago
- 5 comments
Labels: Detections, Lookups
#3009 - [BUG] Incorrect logic statement in detection search "Detect Renamed PSExec"
Issue -
State: closed - Opened by OberAlex 4 months ago
- 1 comment
Labels: bug
#2999 - Nterl0k [T1098] - O365 Azure Workload things
Pull Request -
State: closed - Opened by nterl0k 5 months ago
- 4 comments
Labels: Detections, Lookups
#2997 - Wget/Curl Download and Bash Execution: Changing logic for search terms, to make searches comply with title and intention
Pull Request -
State: open - Opened by DipsyTipsy 5 months ago
- 1 comment
Labels: Detections
#2995 - Nterl0k - [T1566++] - A bunch of O365 built-in / premium security content
Pull Request -
State: closed - Opened by nterl0k 6 months ago
- 4 comments
Labels: Detections
#2982 - Minor malicious_powershell_process___encoded_command search update
Issue -
State: closed - Opened by SirDuckly 6 months ago
- 1 comment
Labels: enhancement
#2979 - Nterl0k - T1110.003 NTLM Bruteforce
Pull Request -
State: closed - Opened by nterl0k 6 months ago
Labels: Detections, Macros
#2977 - Scheduled Task Initiation on Remote Endpoint - Update Analytics
Issue -
State: closed - Opened by Badoodish 7 months ago
- 2 comments
Labels: enhancement
#2962 - [BUG] Datasource is set incorrectly on this detection
Issue -
State: closed - Opened by josehelps 7 months ago
- 1 comment
Labels: bug
#2915 - Nterl0k - T1110.003 [Spray and Pray] or [Boring but Works]
Pull Request -
State: closed - Opened by nterl0k 11 months ago
- 14 comments
Labels: Detections