Rule Library

Sigma Rules

3 rules found for "Splunk Threat Research Team (original rule)"

3,707Total

3,116Detection

451Emerging

137Hunting

Filters

Type

Severity

Status

Product

Category

Detectionhightest

Disabling Multi Factor Authentication

Detects disabling of Multi Factor Authentication.

Microsoft 365audit

TA0003 · PersistenceTA0005 · Defense EvasionTA0006 · Credential AccessT1556.006 · Multi-Factor Authentication

Splunk Threat Research Team (original rule)+1Mon Sep 18cloud

Detectionmediumtest

New Federated Domain Added

Detects the addition of a new Federated Domain.

Microsoft 365audit

TA0005 · Defense EvasionTA0004 · Privilege EscalationT1484.002 · Trust Modification

Splunk Threat Research Team (original rule)+1Mon Sep 18cloud

Detectionmediumtest

New Federated Domain Added - Exchange

Detects the addition of a new Federated Domain.

Microsoft 365exchange

TA0003 · PersistenceT1136.003 · Cloud Account

Splunk Threat Research Team (original rule)+1Tue Feb 08cloud