Rule Library

Sigma Rules

3 rules found for "Tom Kluter"

3,731Total

3,132Detection

457Emerging

139Hunting

Filters

Type

Severity

Status

Product

Category

Detectionmediumexperimental

Google Workspace Government Attack Warning

Detects a login attempt in Google Workspace flagged as a potential attack by a government-backed threat actor

Google Cloudgoogle_workspace.login

TA0004 · Privilege EscalationTA0005 · Defense EvasionTA0003 · PersistenceTA0001 · Initial Access+2

Tom KluterTue Apr 28cloud

Detectionmediumexperimental

Google Workspace Out Of Domain Email Forwarding

Detects automatic email forwarding to external domains in Google Workspace, which may indicate data leakage or misuse.

Google Cloudgoogle_workspace.login

T1114.003 · Email Forwarding RuleTA0009 · Collection

Tom kluterTue Apr 28cloud

Detectionmediumexperimental

Suspicious Login Activity Classified By Google

Detects Google Workspace login activity that's classified as suspicious by Google.

Google Cloudgoogle_workspace.login

TA0001 · Initial AccessTA0004 · Privilege EscalationTA0005 · Defense EvasionTA0003 · Persistence+1

Tom KluterTue Apr 28cloud