Rules Catalog updates! (Cisco, Darktrace, GitHub, Microsoft,, SentinelOne, RSA)

In the past three months several verified rules have been updated (70+), and new rules (33) published to improve our detection capabilities! Integrations to raise alerts based on the related security products: * Cisco ESA, 1 rule to detect a suspicious email with an attachment * Darktrace Threat Visualizer, 2 rules to raise alert on Critical or Supicious behavior * GitHub Audit Logs, 5 rules related to compliance or suspicious actions * Microsoft Entra ID (Azure AD), 3 rules to detect configuration change on domain or device authentication, phishing page * Office365, 4 rules related to email forwarding, to detect Business Email Compromise (BEC) * activity logs, 1 rule to detect Login Brute-Force On * SentinelOne, 1 rule to detect login brute force On SentinelOne Management Console * RSA SecurID, 1 rule to detect failed authentification Threats: * Linux, 2 rules related to Fail2ban and Shell PID Injection * Windows related 11 rules: Suspicious TGS requests (Kerberoasting), Reconnaissance Commands Activities, Successful Brute Force Login From Internet, Suspicious Headless Web Browser Execution To Download File, AccCheckConsole Executing Dll, xWizard Execution, CertOC Loading Dll, Microsoft Defender Antivirus Disable Using Registry, Malicious Browser Extensions, Powershell AMSI Bypass, Remote Enumeration of Lateral Movement Groups * Cloud, 2 rules: WAF Correlation Block actions, WAF Correlation Block Multiple Destinations During this summer we also updated our tags naming convention for integration! You can now filter on editor/product names in order to find dedicated rules 😉