In the past weeks you might had some notifications on new rules in our catalog! But you also might have missed some :)
Therefore here is a quick summup of the main rules that have been added:
- 13 rules on OKTA, covering security best pratices to detect abnormal user activities.
- 23 rules on AWS, also covering security best pratices to detect abnormal user activities.
- 2 rules on Cybereason, covering MalOp alerts and malware detection.
- A generic rule named "WAF Block Rule" on Web Application Firewall (WAF) allowing to detect external attack to your web application. This raises alerts for AWS and Cloudflare WAF for now.
- A correlation rule that detects a common infection chain using some archive format files (ISO, VHD, IMG) to hide the malicious payload (usually a LNK file). This is a well-known technique used by many botnets (like Qakbot) and some APT groups as well.
We will keep adding more rules, mainly focusing on Microsoft Intune, Google WorkSpace and more OKTA rules in the next weeks so stay tuned!