Rule Library
Sigma Rules
5 rules found for "sawwinnnaung"
3,707Total
3,116Detection
451Emerging
137Hunting
Detectionmediumtest
Number Of Resource Creation Or Deployment Activities
Number of VM creations or deployment activities occur in Azure via the azureactivity log.
Azureactivitylogs
TA0004 · Privilege EscalationTA0003 · PersistenceT1098 · Account Manipulation
sawwinnnaungThu May 07cloud
Detectionmediumtest
Granting Of Permissions To An Account
Identifies IPs from which users grant access to other users on azure resources and alerts when a previously unseen source IP address is used.
Azureactivitylogs
TA0004 · Privilege EscalationTA0003 · PersistenceT1098.003 · Additional Cloud Roles
sawwinnnaungThu May 07cloud
Detectionmediumtest
Rare Subscription-level Operations In Azure
Identifies IPs from which users grant access to other users on azure resources and alerts when a previously unseen source IP address is used.
Azureactivitylogs
T1003 · OS Credential DumpingTA0006 · Credential Access
sawwinnnaungThu May 07cloud
Detectionlowtest
DNS Events Related To Mining Pools
Identifies clients that may be performing DNS lookups associated with common currency mining pools.
Zeek (Bro)dns
TA0002 · ExecutionT1569.002 · Service ExecutionTA0040 · ImpactT1496 · Resource Hijacking
Saw Winn Naung+1Thu Aug 19network
Detectionmediumtest
DNS TOR Proxies
Identifies IPs performing DNS lookups associated with common Tor proxies.
Zeek (Bro)dns
TA0010 · ExfiltrationT1048 · Exfiltration Over Alternative Protocol
Saw Winn Naung+1Sun Aug 15network