├── LICENSE
├── README.md
├── detection_rules
    ├── 1password
    │   ├── onepassword_excessive_item_reveals.yaral
    │   ├── onepassword_excessive_password_copy.yaral
    │   └── onepassword_item_export.yaral
    ├── aws
    │   ├── aws_console_logins_not_sso.yaral
    │   ├── aws_general_root_user_login.yaral
    │   └── aws_guardduty_alert.yaral
    ├── github
    │   ├── github_admin_added_to_enterprise.yaral
    │   ├── github_deploy_key_added_to_repository.yaral
    │   ├── github_external_collaborator_added_to_repository.yaral
    │   ├── github_protected_branch_override.yaral
    │   ├── github_repository_cloned.yaral
    │   ├── github_repository_downloaded_as_zip.yaral
    │   ├── github_repository_transferred_out.yaral
    │   ├── github_repository_visibility_changed.yaral
    │   ├── github_user_invited_outside_scim_provisioning.yaral
    │   └── github_user_role_changed_to_owner.yaral
    ├── google_workspace
    │   ├── README.md
    │   ├── google_workspace_file_downloads_internal_user.yaral
    │   ├── google_workspace_file_emailed_from_drive.yaral
    │   ├── google_workspace_file_made_publicly_accessible.yaral
    │   ├── google_workspace_file_shared_with_external_user.yaral
    │   ├── google_workspace_new_user_added_outside_scim_provisioning.yaral
    │   ├── google_workspace_reported_phish.yaral
    │   └── google_workspace_reseller_access.yaral
    ├── okta
    │   ├── google_workspace_downloads_folder_internal_user.yaral
    │   ├── okta_account_sharing.yaral
    │   ├── okta_attempt_to_access_unauthorised_apps_in_quick_succession.yaral
    │   ├── okta_creation_of_api_key.yaral
    │   ├── okta_creation_of_user_outside_of_automation.yaral
    │   ├── okta_failed_logins_across_valid_accounts.yaral
    │   ├── okta_failed_logins_single_account.yaral
    │   ├── okta_privileges_granted_to_user.yaral
    │   ├── okta_support_agent_impersonation.yaral
    │   ├── okta_suspicious_activity_reported.yaral
    │   ├── okta_user_added_to_group.yaral
    │   ├── okta_user_login_multiple_geolocations.yaral
    │   └── okta_username_guessing.yaral
    └── slack
    │   ├── slack_anomaly_detected.yaral
    │   ├── slack_excessive_downloads.yaral
    │   ├── slack_export_activity.yaral
    │   ├── slack_malware_detected.yaral
    │   └── slack_primary_owner_login.yaral
├── helper_functions
    ├── 1password
    │   ├── main.py
    │   └── requirements.txt
    └── slack
    │   ├── main.py
    │   └── requirements.txt
└── pull_request_template.md


/LICENSE:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Algbra-Labs-OSS/Chronicle/HEAD/LICENSE


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Algbra-Labs-OSS/Chronicle/HEAD/README.md


--------------------------------------------------------------------------------
/detection_rules/1password/onepassword_excessive_item_reveals.yaral:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Algbra-Labs-OSS/Chronicle/HEAD/detection_rules/1password/onepassword_excessive_item_reveals.yaral


--------------------------------------------------------------------------------
/detection_rules/1password/onepassword_excessive_password_copy.yaral:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Algbra-Labs-OSS/Chronicle/HEAD/detection_rules/1password/onepassword_excessive_password_copy.yaral


--------------------------------------------------------------------------------
/detection_rules/1password/onepassword_item_export.yaral:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Algbra-Labs-OSS/Chronicle/HEAD/detection_rules/1password/onepassword_item_export.yaral


--------------------------------------------------------------------------------
/detection_rules/aws/aws_console_logins_not_sso.yaral:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Algbra-Labs-OSS/Chronicle/HEAD/detection_rules/aws/aws_console_logins_not_sso.yaral


--------------------------------------------------------------------------------
/detection_rules/aws/aws_general_root_user_login.yaral:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Algbra-Labs-OSS/Chronicle/HEAD/detection_rules/aws/aws_general_root_user_login.yaral


--------------------------------------------------------------------------------
/detection_rules/aws/aws_guardduty_alert.yaral:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Algbra-Labs-OSS/Chronicle/HEAD/detection_rules/aws/aws_guardduty_alert.yaral


--------------------------------------------------------------------------------
/detection_rules/github/github_admin_added_to_enterprise.yaral:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Algbra-Labs-OSS/Chronicle/HEAD/detection_rules/github/github_admin_added_to_enterprise.yaral


--------------------------------------------------------------------------------
/detection_rules/github/github_deploy_key_added_to_repository.yaral:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Algbra-Labs-OSS/Chronicle/HEAD/detection_rules/github/github_deploy_key_added_to_repository.yaral


--------------------------------------------------------------------------------
/detection_rules/github/github_external_collaborator_added_to_repository.yaral:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Algbra-Labs-OSS/Chronicle/HEAD/detection_rules/github/github_external_collaborator_added_to_repository.yaral


--------------------------------------------------------------------------------
/detection_rules/github/github_protected_branch_override.yaral:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Algbra-Labs-OSS/Chronicle/HEAD/detection_rules/github/github_protected_branch_override.yaral


--------------------------------------------------------------------------------
/detection_rules/github/github_repository_cloned.yaral:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Algbra-Labs-OSS/Chronicle/HEAD/detection_rules/github/github_repository_cloned.yaral


--------------------------------------------------------------------------------
/detection_rules/github/github_repository_downloaded_as_zip.yaral:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Algbra-Labs-OSS/Chronicle/HEAD/detection_rules/github/github_repository_downloaded_as_zip.yaral


--------------------------------------------------------------------------------
/detection_rules/github/github_repository_transferred_out.yaral:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Algbra-Labs-OSS/Chronicle/HEAD/detection_rules/github/github_repository_transferred_out.yaral


--------------------------------------------------------------------------------
/detection_rules/github/github_repository_visibility_changed.yaral:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Algbra-Labs-OSS/Chronicle/HEAD/detection_rules/github/github_repository_visibility_changed.yaral


--------------------------------------------------------------------------------
/detection_rules/github/github_user_invited_outside_scim_provisioning.yaral:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Algbra-Labs-OSS/Chronicle/HEAD/detection_rules/github/github_user_invited_outside_scim_provisioning.yaral


--------------------------------------------------------------------------------
/detection_rules/github/github_user_role_changed_to_owner.yaral:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Algbra-Labs-OSS/Chronicle/HEAD/detection_rules/github/github_user_role_changed_to_owner.yaral


--------------------------------------------------------------------------------
/detection_rules/google_workspace/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Algbra-Labs-OSS/Chronicle/HEAD/detection_rules/google_workspace/README.md


--------------------------------------------------------------------------------
/detection_rules/google_workspace/google_workspace_file_downloads_internal_user.yaral:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Algbra-Labs-OSS/Chronicle/HEAD/detection_rules/google_workspace/google_workspace_file_downloads_internal_user.yaral


--------------------------------------------------------------------------------
/detection_rules/google_workspace/google_workspace_file_emailed_from_drive.yaral:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Algbra-Labs-OSS/Chronicle/HEAD/detection_rules/google_workspace/google_workspace_file_emailed_from_drive.yaral


--------------------------------------------------------------------------------
/detection_rules/google_workspace/google_workspace_file_made_publicly_accessible.yaral:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Algbra-Labs-OSS/Chronicle/HEAD/detection_rules/google_workspace/google_workspace_file_made_publicly_accessible.yaral


--------------------------------------------------------------------------------
/detection_rules/google_workspace/google_workspace_file_shared_with_external_user.yaral:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Algbra-Labs-OSS/Chronicle/HEAD/detection_rules/google_workspace/google_workspace_file_shared_with_external_user.yaral


--------------------------------------------------------------------------------
/detection_rules/google_workspace/google_workspace_new_user_added_outside_scim_provisioning.yaral:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Algbra-Labs-OSS/Chronicle/HEAD/detection_rules/google_workspace/google_workspace_new_user_added_outside_scim_provisioning.yaral


--------------------------------------------------------------------------------
/detection_rules/google_workspace/google_workspace_reported_phish.yaral:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Algbra-Labs-OSS/Chronicle/HEAD/detection_rules/google_workspace/google_workspace_reported_phish.yaral


--------------------------------------------------------------------------------
/detection_rules/google_workspace/google_workspace_reseller_access.yaral:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Algbra-Labs-OSS/Chronicle/HEAD/detection_rules/google_workspace/google_workspace_reseller_access.yaral


--------------------------------------------------------------------------------
/detection_rules/okta/google_workspace_downloads_folder_internal_user.yaral:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Algbra-Labs-OSS/Chronicle/HEAD/detection_rules/okta/google_workspace_downloads_folder_internal_user.yaral


--------------------------------------------------------------------------------
/detection_rules/okta/okta_account_sharing.yaral:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Algbra-Labs-OSS/Chronicle/HEAD/detection_rules/okta/okta_account_sharing.yaral


--------------------------------------------------------------------------------
/detection_rules/okta/okta_attempt_to_access_unauthorised_apps_in_quick_succession.yaral:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Algbra-Labs-OSS/Chronicle/HEAD/detection_rules/okta/okta_attempt_to_access_unauthorised_apps_in_quick_succession.yaral


--------------------------------------------------------------------------------
/detection_rules/okta/okta_creation_of_api_key.yaral:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Algbra-Labs-OSS/Chronicle/HEAD/detection_rules/okta/okta_creation_of_api_key.yaral


--------------------------------------------------------------------------------
/detection_rules/okta/okta_creation_of_user_outside_of_automation.yaral:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Algbra-Labs-OSS/Chronicle/HEAD/detection_rules/okta/okta_creation_of_user_outside_of_automation.yaral


--------------------------------------------------------------------------------
/detection_rules/okta/okta_failed_logins_across_valid_accounts.yaral:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Algbra-Labs-OSS/Chronicle/HEAD/detection_rules/okta/okta_failed_logins_across_valid_accounts.yaral


--------------------------------------------------------------------------------
/detection_rules/okta/okta_failed_logins_single_account.yaral:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Algbra-Labs-OSS/Chronicle/HEAD/detection_rules/okta/okta_failed_logins_single_account.yaral


--------------------------------------------------------------------------------
/detection_rules/okta/okta_privileges_granted_to_user.yaral:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Algbra-Labs-OSS/Chronicle/HEAD/detection_rules/okta/okta_privileges_granted_to_user.yaral


--------------------------------------------------------------------------------
/detection_rules/okta/okta_support_agent_impersonation.yaral:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Algbra-Labs-OSS/Chronicle/HEAD/detection_rules/okta/okta_support_agent_impersonation.yaral


--------------------------------------------------------------------------------
/detection_rules/okta/okta_suspicious_activity_reported.yaral:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Algbra-Labs-OSS/Chronicle/HEAD/detection_rules/okta/okta_suspicious_activity_reported.yaral


--------------------------------------------------------------------------------
/detection_rules/okta/okta_user_added_to_group.yaral:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Algbra-Labs-OSS/Chronicle/HEAD/detection_rules/okta/okta_user_added_to_group.yaral


--------------------------------------------------------------------------------
/detection_rules/okta/okta_user_login_multiple_geolocations.yaral:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Algbra-Labs-OSS/Chronicle/HEAD/detection_rules/okta/okta_user_login_multiple_geolocations.yaral


--------------------------------------------------------------------------------
/detection_rules/okta/okta_username_guessing.yaral:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Algbra-Labs-OSS/Chronicle/HEAD/detection_rules/okta/okta_username_guessing.yaral


--------------------------------------------------------------------------------
/detection_rules/slack/slack_anomaly_detected.yaral:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Algbra-Labs-OSS/Chronicle/HEAD/detection_rules/slack/slack_anomaly_detected.yaral


--------------------------------------------------------------------------------
/detection_rules/slack/slack_excessive_downloads.yaral:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Algbra-Labs-OSS/Chronicle/HEAD/detection_rules/slack/slack_excessive_downloads.yaral


--------------------------------------------------------------------------------
/detection_rules/slack/slack_export_activity.yaral:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Algbra-Labs-OSS/Chronicle/HEAD/detection_rules/slack/slack_export_activity.yaral


--------------------------------------------------------------------------------
/detection_rules/slack/slack_malware_detected.yaral:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Algbra-Labs-OSS/Chronicle/HEAD/detection_rules/slack/slack_malware_detected.yaral


--------------------------------------------------------------------------------
/detection_rules/slack/slack_primary_owner_login.yaral:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Algbra-Labs-OSS/Chronicle/HEAD/detection_rules/slack/slack_primary_owner_login.yaral


--------------------------------------------------------------------------------
/helper_functions/1password/main.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Algbra-Labs-OSS/Chronicle/HEAD/helper_functions/1password/main.py


--------------------------------------------------------------------------------
/helper_functions/1password/requirements.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Algbra-Labs-OSS/Chronicle/HEAD/helper_functions/1password/requirements.txt


--------------------------------------------------------------------------------
/helper_functions/slack/main.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Algbra-Labs-OSS/Chronicle/HEAD/helper_functions/slack/main.py


--------------------------------------------------------------------------------
/helper_functions/slack/requirements.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Algbra-Labs-OSS/Chronicle/HEAD/helper_functions/slack/requirements.txt


--------------------------------------------------------------------------------
/pull_request_template.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Algbra-Labs-OSS/Chronicle/HEAD/pull_request_template.md


--------------------------------------------------------------------------------