splunk/security_content issues and pull requests

#3134 - [BUG] Azure MFA failure detections logic flaw

Issue - State: open - Opened by 0xC0FFEEEE 2 days ago
Labels: bug

#3133 - Enrichments CI update

Pull Request - State: closed - Opened by patel-bhavin 4 days ago

#3132 - Automated Splunk TA Update 27

Pull Request - State: closed - Opened by patel-bhavin 4 days ago - 1 comment
Labels: Datasource

#3131 - [community request] Update Ransomware Extensions Lookup

Issue - State: open - Opened by ljstella 5 days ago
Labels: enhancement

#3130 - Application drilldowns

Pull Request - State: open - Opened by patel-bhavin 5 days ago - 1 comment
Labels: Detections

#3129 - valleyrat

Pull Request - State: open - Opened by tccontre 5 days ago
Labels: WIP, Detections, Stories

#3128 - Automated Splunk TA Update 25

Pull Request - State: closed - Opened by patel-bhavin 6 days ago
Labels: Datasource

#3127 - Automated Splunk TA Update 24

Pull Request - State: closed - Opened by patel-bhavin 7 days ago
Labels: Datasource

#3126 - Automated Splunk TA Update 23

Pull Request - State: closed - Opened by patel-bhavin 8 days ago
Labels: Datasource

#3125 - Automated Splunk TA Update 22

Pull Request - State: closed - Opened by patel-bhavin 9 days ago
Labels: Datasource

#3124 - K8 - add deprecate detection note

Pull Request - State: open - Opened by patel-bhavin 10 days ago
Labels: Detections

#3123 - Add drilldowns to application detections

Pull Request - State: closed - Opened by patel-bhavin 10 days ago - 1 comment
Labels: Detections

#3122 - Automated Splunk TA Update 21

Pull Request - State: closed - Opened by patel-bhavin 10 days ago
Labels: Datasource

#3121 - Bump peter-evans/create-pull-request from 6 to 7

Pull Request - State: closed - Opened by dependabot[bot] 12 days ago
Labels: dependencies

#3120 - linux auditd fixes

Pull Request - State: closed - Opened by patel-bhavin 15 days ago
Labels: Detections

#3119 - Linux Auditd Fix

Pull Request - State: closed - Opened by patel-bhavin 16 days ago
Labels: Detections

#3118 - Automated Splunk TA Update 14

Pull Request - State: closed - Opened by patel-bhavin 17 days ago
Labels: Datasource

#3117 - README - Getting started

Pull Request - State: open - Opened by patel-bhavin 18 days ago - 1 comment

#3116 - Update feedback center test

Pull Request - State: closed - Opened by patel-bhavin 18 days ago

#3115 - The Haag Element: Breaking Down AA24-241A

Pull Request - State: closed - Opened by MHaggis 18 days ago - 1 comment
Labels: Detections, Stories

#3114 - Add data sources dependabot

Pull Request - State: closed - Opened by patel-bhavin 19 days ago

#3113 - Automated Splunk TA Update 13

Pull Request - State: closed - Opened by patel-bhavin 19 days ago
Labels: Datasource

#3112 - Automated Splunk TA Update 11

Pull Request - State: closed - Opened by patel-bhavin 19 days ago
Labels: Datasource

#3111 - Automated Splunk TA Update 10

Pull Request - State: closed - Opened by patel-bhavin 19 days ago
Labels: Datasource

#3110 - updating version for patch release of dashbaords

Pull Request - State: closed - Opened by patel-bhavin 23 days ago - 1 comment

#3109 - updated aws TA version

Pull Request - State: closed - Opened by patel-bhavin 23 days ago - 1 comment
Labels: Datasource

#3108 - More Observable cleanup

Pull Request - State: closed - Opened by ljstella 24 days ago - 1 comment
Labels: Detections

#3107 - Improvements AWS ASL detection

Pull Request - State: closed - Opened by P4T12ICK 24 days ago - 2 comments
Labels: Detections, Datasource

#3106 - Improved how_to_implement for k8s detections

Pull Request - State: closed - Opened by P4T12ICK 24 days ago - 1 comment
Labels: Detections

#3105 - No More Haag-gling with BlackSuit: A Tailored Analytic Story

Pull Request - State: closed - Opened by MHaggis 26 days ago
Labels: Detections, Stories

#3104 - 4.39.0 integration fixes

Pull Request - State: closed - Opened by patel-bhavin 27 days ago
Labels: Detections

#3103 - Remove outdated files

Pull Request - State: closed - Opened by patel-bhavin 30 days ago

#3102 - remove reporting

Pull Request - State: closed - Opened by patel-bhavin 30 days ago

#3101 - remove tab

Pull Request - State: closed - Opened by tjgeorgen 30 days ago
Labels: Detections

#3100 - wrong keys in the yaml

Pull Request - State: closed - Opened by patel-bhavin 30 days ago
Labels: Detections

#3099 - Weird formatting

Pull Request - State: closed - Opened by ljstella about 1 month ago
Labels: Detections

#3098 - [BUG] Whitespace `\t` in several YAML rule files causing YAML load errors

Issue - State: closed - Opened by brokensound77 about 1 month ago - 2 comments
Labels: bug

#3097 - Adding Aws Datasources

Pull Request - State: closed - Opened by patel-bhavin about 1 month ago - 1 comment
Labels: needs-more-info, Datasource

#3096 - Testing Data Source validation

Pull Request - State: closed - Opened by patel-bhavin about 1 month ago

#3095 - moon_peak_coverage

Pull Request - State: closed - Opened by tccontre about 1 month ago
Labels: Detections, Stories

#3094 - Remove Duplicate Obs

Pull Request - State: closed - Opened by patel-bhavin about 1 month ago - 1 comment
Labels: Detections

#3093 - Guardians of the Haaglaxy

Pull Request - State: closed - Opened by MHaggis about 1 month ago - 2 comments
Labels: Detections, Stories, Macros, Datasource

#3092 - Fix potential input output lookup issues

Pull Request - State: open - Opened by pyth0n1c about 1 month ago
Labels: WIP, Detections, Lookups

#3091 - Marked two detections as manual_test

Pull Request - State: closed - Opened by pyth0n1c about 1 month ago - 2 comments
Labels: Detections

#3090 - Update linux_hosts.yml

Pull Request - State: closed - Opened by MHaggis about 1 month ago
Labels: Macros

#3089 - linux_auditd_detection

Pull Request - State: closed - Opened by tccontre about 1 month ago - 1 comment
Labels: Detections, Stories, Macros

#3088 - add missing version and id fields to story

Pull Request - State: closed - Opened by pyth0n1c about 1 month ago
Labels: Stories

#3087 - auditd_data_source

Pull Request - State: closed - Opened by tccontre about 1 month ago
Labels: Datasource

#3086 - ESCU dashboard updates:

Pull Request - State: closed - Opened by patel-bhavin about 2 months ago

#3085 - Updating risk_message

Pull Request - State: closed - Opened by patel-bhavin about 2 months ago
Labels: Detections

#3084 - Data Source Bug Fix

Pull Request - State: closed - Opened by P4T12ICK about 2 months ago
Labels: Datasource

#3083 - Azure AD updates

Pull Request - State: closed - Opened by patel-bhavin about 2 months ago
Labels: Detections

#3082 - Fix and Update Data Sources

Pull Request - State: closed - Opened by pyth0n1c about 2 months ago - 1 comment
Labels: Datasource

#3081 - testing from fork

Pull Request - State: closed - Opened by patel-bhavin about 2 months ago
Labels: Detections

#3080 - trigger condition and remove contentctl version variable

Pull Request - State: closed - Opened by patel-bhavin about 2 months ago

#3079 - Bump actions/checkout from 2 to 4

Pull Request - State: closed - Opened by dependabot[bot] about 2 months ago - 2 comments
Labels: dependencies

#3078 - RMM Must Die #3 - Dashboarding the carnage

Pull Request - State: closed - Opened by nterl0k about 2 months ago - 4 comments

#3077 - Adding new label for data_source changes

Pull Request - State: closed - Opened by ljstella about 2 months ago - 1 comment

#3076 - Fixing TA for CS data

Pull Request - State: closed - Opened by ljstella about 2 months ago - 1 comment
Labels: Datasource

#3075 - Adding App Inspect CI job

Pull Request - State: closed - Opened by patel-bhavin about 2 months ago

#3074 - crowstrikes_analytics

Pull Request - State: closed - Opened by tccontre about 2 months ago - 1 comment
Labels: Detections, Stories, Macros

#3073 - handala_wiper

Pull Request - State: closed - Opened by tccontre about 2 months ago - 1 comment
Labels: Detections, Stories

#3072 - Improve TA names to match the naming in Splunk

Pull Request - State: closed - Opened by P4T12ICK about 2 months ago - 1 comment
Labels: Datasource

#3071 - testing from fork

Pull Request - State: closed - Opened by patel-bhavin about 2 months ago - 1 comment
Labels: Detections

#3070 - Unit-test for forks

Pull Request - State: closed - Opened by patel-bhavin about 2 months ago

#3069 - Create windows_privileged_group_modification.yml

Pull Request - State: closed - Opened by MHaggis about 2 months ago - 1 comment
Labels: Detections

#3068 - fix some names and data sources

Pull Request - State: closed - Opened by pyth0n1c about 2 months ago - 1 comment
Labels: Detections

#3067 - Create new detection for CVE-2024-37085

Pull Request - State: closed - Opened by TheLawsOfChaos about 2 months ago - 1 comment
Labels: Detections

#3066 - A Haag of Your Own

Pull Request - State: closed - Opened by MHaggis about 2 months ago
Labels: Detections, Stories

#3065 - Re adding 2 detections:

Pull Request - State: closed - Opened by patel-bhavin about 2 months ago
Labels: Detections

#3064 - minor sysmon datasource update

Pull Request - State: closed - Opened by patel-bhavin about 2 months ago
Labels: Detections

#3063 - Datestamped Azure lookup

Pull Request - State: closed - Opened by ljstella about 2 months ago - 1 comment
Labels: Lookups

#3062 - Remove extra fields from YMLs

Pull Request - State: open - Opened by pyth0n1c about 2 months ago
Labels: WIP, Detections, Lookups, Stories

#3061 - Updated Observable config

Pull Request - State: closed - Opened by ljstella about 2 months ago - 4 comments
Labels: Detections

#3060 - Accidentally an extra risk object

Pull Request - State: closed - Opened by ljstella about 2 months ago
Labels: Detections

#3059 - Haag's Guided Adventures

Pull Request - State: closed - Opened by MHaggis about 2 months ago
Labels: Detections, Stories

#3058 - Add critical alerts to risk index

Pull Request - State: open - Opened by gowthamarajr about 2 months ago - 1 comment
Labels: Detections, Stories

#3057 - Shrink Locker

Pull Request - State: closed - Opened by patel-bhavin about 2 months ago
Labels: Detections, Stories

#3055 - Updated PR Template

Pull Request - State: closed - Opened by ljstella about 2 months ago - 1 comment

#3054 - Remove old files

Pull Request - State: closed - Opened by patel-bhavin about 2 months ago

#3053 - Format results unit testing - exception handling!

Pull Request - State: closed - Opened by patel-bhavin about 2 months ago
Labels: bug

#3052 - Haag's Hunt for Gozi Gremlins

Pull Request - State: closed - Opened by MHaggis about 2 months ago - 2 comments
Labels: Detections, Stories

#3050 - Edit Windows Event Log Cleared

Pull Request - State: closed - Opened by gowthamarajr about 2 months ago - 1 comment
Labels: Detections

#3048 - Search Fix : issue 2977

Pull Request - State: closed - Opened by patel-bhavin 2 months ago
Labels: Detections, Lookups

#3045 - Adding autolabels for content

Pull Request - State: closed - Opened by ljstella 2 months ago

#3043 - [BUG] current detections.json has searches with unbalanced parentheses

Issue - State: closed - Opened by tjgeorgen 2 months ago - 1 comment
Labels: bug

#3041 - [BUG] Broken token in `tags.message` (Risk Message) for 11 rules

Issue - State: closed - Opened by ccl0utier 2 months ago - 2 comments
Labels: bug

#3036 - Updated precommit config

Pull Request - State: closed - Opened by ljstella 2 months ago - 4 comments

#3031 - Fix living_off_the_land_detection.yml reference in coverage.json

Pull Request - State: closed - Opened by sko9370 2 months ago - 1 comment

#3030 - Nterl0k - RMM Must Die - Update

Pull Request - State: closed - Opened by nterl0k 2 months ago - 4 comments
Labels: Detections, Lookups, Macros

#3026 - Dlux 3 - New & Updated AD / GPO / ACL Detections

Pull Request - State: closed - Opened by dluxtron 3 months ago - 5 comments
Labels: Detections, Lookups

#3009 - [BUG] Incorrect logic statement in detection search "Detect Renamed PSExec"

Issue - State: closed - Opened by OberAlex 4 months ago - 1 comment
Labels: bug

#2999 - Nterl0k [T1098] - O365 Azure Workload things

Pull Request - State: closed - Opened by nterl0k 5 months ago - 4 comments
Labels: Detections, Lookups

#2997 - Wget/Curl Download and Bash Execution: Changing logic for search terms, to make searches comply with title and intention

Pull Request - State: open - Opened by DipsyTipsy 5 months ago - 1 comment
Labels: Detections

GitHub / splunk/security_content issues and pull requests