Issues
- 0
[BUG] browser_app_list lookup doesn't exist in indexers, causing query to fail in "Windows Credential Access From Browser Password Store"
#3014 opened by iso-rgomez - 1
[BUG] please, fix links in wiki: https://github.com/splunk/security_content/wiki/Detection-Analytic-Types
#3011 opened by yaroslav-nakonechnikov - 0
- 4
Add custom annotation for versioning
#2907 opened by TheLawsOfChaos - 0
[BUG] Missing Wildcards in Splunk Rule for Detecting Known Services Killed by Ransomware
#2996 opened by shimonShouei - 0
- 0
- 0
Azure AD Multi-Source Failed Authentications Spike - Missing ADFSSignInLogs category
#2980 opened by atgithub11 - 0
- 3
[BUG] ESCU - Get ADUser with PowerShell - Rule has no Adaptive Reponse Actions
#2965 opened by albertenc13 - 1
[BUG] DNS Query Length With High Standard Deviation
#2958 opened by josehelps - 0
[BUG] Datasource is set incorrectly on this detection
#2962 opened by josehelps - 3
[BUG] Windows Excessive Disabled Services Event uses ComputerName instead of src field (CIM issue)
#2825 opened by iso-rgomez - 3
- 1
Consider adding Scope for search Azure AD Tenant Wide Admin Consent Granted
#2950 opened by atgithub11 - 2
- 6
[BUG] Build is not working
#2948 opened by yaroslav-nakonechnikov - 3
- 1
pre trained Deep Learning models for ESCU - Support for DSDL Version 5.1.1
#2939 opened by atgithub11 - 2
- 1
[BUG] O365 Mailbox Inbox Folder Shared with All Users. Field "object" doesn't exist.
#2937 opened by atgithub11 - 2
CMD Carry Out String Command Parameter - false negatives due to trailing space before wildcard in search [BUG]
#2928 opened by cxosmo - 1
[BUG] "Kerberos TGT Request Using RC4 Encryption" using non-CIM field "Account_Name"
#2920 opened by iso-rgomez - 1
[BUG] Active_Directory_Disable_Account_Dispatch
#2769 opened by kelby-shelton - 0
- 2
[BUG] System Processes Run From Unexpected Locations - missing field for Risk Message
#2871 opened by ccl0utier - 3
[BUG] ESCU CS fields LogonType and TargetUserName
#2869 opened by cp-sn - 2
[BUG] VirusTotal v3 Identifier Reputation Playbook failing with math domain error
#2772 opened by gdollasigns - 1
Build constraints based on tags
#2767 opened by schimpy - 1
- 1
[BUG] Broken link and missing instructions for producing MITRE Navigator map
#2757 opened by alexhaydock - 1
[BUG] Unable to overwrite default lookup with custom lookup in macro dynamic_dns_providers
#2709 opened by vvlier - 1
kubernetes detections to be ported to opentelemetry output because of EOS of sc4k
#2679 opened by hhgsplk - 4
[BUG] - Build Failing Everytime
#2894 opened by abhinavkakku - 1
- 1
[BUG] Azure AD Authentication Failed During MFA Challenge - Rename userPrincipalName field
#2685 opened by cp-sn - 2
Improve performance of pretrained DGA model
#2744 opened by dglauche - 0
- 2
- 1
[BUG] `Unusually Long Command Line` Detection has incorrect Risk Message and Threat Object
#2806 opened by ccl0utier - 1
When trying to build attack range I get the following error 'No module named 'azure.mgmt.resource'[BUG]
#2762 opened by Cybertooth34 - 1
[BUG] Splunk Attack Analyzer Input Playbok
#2755 opened by kelby-shelton - 2
Apparent improper logic in Okta Verify Push detection
#2644 opened by SethHanford - 1
Hi All, I am facing an issue when trying to configure the attack range locally.... The error I am getting is 'configuration.py, line 150, answers = questionary.prompt(questions) NameError: name 'questionary' is not defined. Did you mean: 'questions''... I cant find any answers online from people having the same issue.[BUG]
#2761 opened by Cybertooth34 - 1
- 1
[BUG] Rule ESCU - Windows AD Rogue Domain Controller Network Activity - Rule fails to run
#2630 opened by ccl0utier - 1
[BUG] Rule ESCU - Windows AD Replication Service Traffic - Rule fails to run
#2628 opened by ccl0utier - 1
[BUG] Rule ESCU - Windows AD Privileged Account SID History Addition - Rule fails to run
#2627 opened by ccl0utier - 1
[BUG] ESCU - Windows AD Domain Replication ACL Addition - Rule fails to run
#2626 opened by ccl0utier - 2
[BUG] ESCU - Prohibited Software On Endpoint - Rule
#2624 opened by ccl0utier