├── .github
    ├── .kodiak.toml
    └── workflows
    │   ├── check-duplicate-uuid.yaml
    │   └── update-sigmarule.yaml
├── .gitignore
├── CHANGELOG-Japanese.md
├── CHANGELOG.md
├── LICENSE
├── README-Japanese.md
├── README.md
├── config
    ├── abused_aws_api_calls.csv
    └── filtered_sigma_rules.txt
├── sigma
    ├── aws
    │   └── cloudtrail
    │   │   ├── aws_cloudtrail_bucket_deleted.yml
    │   │   ├── aws_cloudtrail_console_login_failed_authentication.yml
    │   │   ├── aws_cloudtrail_console_login_success_without_mfa.yml
    │   │   ├── aws_cloudtrail_guardduty_detector_deleted_or_updated.yml
    │   │   ├── aws_cloudtrail_imds_malicious_usage.yml
    │   │   ├── aws_cloudtrail_new_acl_entries.yml
    │   │   ├── aws_cloudtrail_new_route_added.yml
    │   │   ├── aws_cloudtrail_pua_trufflehog.yml
    │   │   ├── aws_cloudtrail_region_enabled.yml
    │   │   ├── aws_cloudtrail_security_group_change_ingress_egress.yml
    │   │   ├── aws_cloudtrail_security_group_change_loadbalancer.yml
    │   │   ├── aws_cloudtrail_security_group_change_rds.yml
    │   │   ├── aws_cloudtrail_ssm_malicious_usage.yml
    │   │   ├── aws_cloudtrail_vpc_flow_logs_deleted.yml
    │   │   ├── aws_config_disable_recording.yml
    │   │   ├── aws_console_getsignintoken.yml
    │   │   ├── aws_delete_identity.yml
    │   │   ├── aws_delete_saml_provider.yml
    │   │   ├── aws_disable_bucket_versioning.yml
    │   │   ├── aws_ec2_disable_encryption.yml
    │   │   ├── aws_ec2_import_key_pair_activity.yml
    │   │   ├── aws_ec2_startup_script_change.yml
    │   │   ├── aws_ec2_vm_export_failure.yml
    │   │   ├── aws_ecs_task_definition_cred_endpoint_query.yml
    │   │   ├── aws_efs_fileshare_modified_or_deleted.yml
    │   │   ├── aws_efs_fileshare_mount_modified_or_deleted.yml
    │   │   ├── aws_eks_cluster_created_or_deleted.yml
    │   │   ├── aws_elasticache_security_group_created.yml
    │   │   ├── aws_elasticache_security_group_modified_or_deleted.yml
    │   │   ├── aws_enum_buckets.yml
    │   │   ├── aws_guardduty_disruption.yml
    │   │   ├── aws_iam_backdoor_users_keys.yml
    │   │   ├── aws_iam_s3browser_loginprofile_creation.yml
    │   │   ├── aws_iam_s3browser_templated_s3_bucket_policy_creation.yml
    │   │   ├── aws_iam_s3browser_user_or_accesskey_creation.yml
    │   │   ├── aws_kms_import_key_material.yml
    │   │   ├── aws_lambda_function_url.yml
    │   │   ├── aws_new_lambda_layer_attached.yml
    │   │   ├── aws_passed_role_to_glue_development_endpoint.yml
    │   │   ├── aws_rds_change_master_password.yml
    │   │   ├── aws_rds_dbcluster_actions.yml
    │   │   ├── aws_rds_public_db_restore.yml
    │   │   ├── aws_root_account_usage.yml
    │   │   ├── aws_route_53_domain_transferred_lock_disabled.yml
    │   │   ├── aws_route_53_domain_transferred_to_another_account.yml
    │   │   ├── aws_s3_data_management_tampering.yml
    │   │   ├── aws_securityhub_finding_evasion.yml
    │   │   ├── aws_snapshot_backup_exfiltration.yml
    │   │   ├── aws_sso_idp_change.yml
    │   │   ├── aws_sts_assumerole_misuse.yml
    │   │   ├── aws_sts_getcalleridentity_trufflehog.yml
    │   │   ├── aws_sts_getsessiontoken_misuse.yml
    │   │   ├── aws_susp_saml_activity.yml
    │   │   └── aws_update_login_profile.yml
    └── azure
    │   ├── activity_logs
    │       ├── azure_aadhybridhealth_adfs_new_server.yml
    │       ├── azure_aadhybridhealth_adfs_service_delete.yml
    │       ├── azure_ad_user_added_to_admin_role.yml
    │       ├── azure_application_deleted.yml
    │       ├── azure_application_gateway_modified_or_deleted.yml
    │       ├── azure_application_security_group_modified_or_deleted.yml
    │       ├── azure_container_registry_created_or_deleted.yml
    │       ├── azure_creating_number_of_resources_detection.yml
    │       ├── azure_device_no_longer_managed_or_compliant.yml
    │       ├── azure_device_or_configuration_modified_or_deleted.yml
    │       ├── azure_dns_zone_modified_or_deleted.yml
    │       ├── azure_firewall_modified_or_deleted.yml
    │       ├── azure_firewall_rule_collection_modified_or_deleted.yml
    │       ├── azure_granting_permission_detection.yml
    │       ├── azure_keyvault_key_modified_or_deleted.yml
    │       ├── azure_keyvault_modified_or_deleted.yml
    │       ├── azure_keyvault_secrets_modified_or_deleted.yml
    │       ├── azure_kubernetes_admission_controller.yml
    │       ├── azure_kubernetes_cluster_created_or_deleted.yml
    │       ├── azure_kubernetes_cronjob.yml
    │       ├── azure_kubernetes_events_deleted.yml
    │       ├── azure_kubernetes_network_policy_change.yml
    │       ├── azure_kubernetes_pods_deleted.yml
    │       ├── azure_kubernetes_role_access.yml
    │       ├── azure_kubernetes_rolebinding_modified_or_deleted.yml
    │       ├── azure_kubernetes_secret_or_config_object_access.yml
    │       ├── azure_kubernetes_service_account_modified_or_deleted.yml
    │       ├── azure_mfa_disabled.yml
    │       ├── azure_network_firewall_policy_modified_or_deleted.yml
    │       ├── azure_network_firewall_rule_modified_or_deleted.yml
    │       ├── azure_network_p2s_vpn_modified_or_deleted.yml
    │       ├── azure_network_security_modified_or_deleted.yml
    │       ├── azure_network_virtual_device_modified_or_deleted.yml
    │       ├── azure_new_cloudshell_created.yml
    │       ├── azure_owner_removed_from_application_or_service_principal.yml
    │       ├── azure_rare_operations.yml
    │       ├── azure_service_principal_created.yml
    │       ├── azure_service_principal_removed.yml
    │       ├── azure_subscription_permissions_elevation_via_activitylogs.yml
    │       ├── azure_suppression_rule_created.yml
    │       ├── azure_virtual_network_modified_or_deleted.yml
    │       └── azure_vpn_connection_modified_or_deleted.yml
    │   ├── audit_logs
    │       ├── azure_aad_secops_ca_policy_removedby_bad_actor.yml
    │       ├── azure_aad_secops_ca_policy_updatedby_bad_actor.yml
    │       ├── azure_aad_secops_new_ca_policy_addedby_bad_actor.yml
    │       ├── azure_ad_account_created_deleted.yml
    │       ├── azure_ad_bitlocker_key_retrieval.yml
    │       ├── azure_ad_certificate_based_authencation_enabled.yml
    │       ├── azure_ad_device_registration_policy_changes.yml
    │       ├── azure_ad_guest_users_invited_to_tenant_by_non_approved_inviters.yml
    │       ├── azure_ad_new_root_ca_added.yml
    │       ├── azure_ad_users_added_to_device_admin_roles.yml
    │       ├── azure_app_appid_uri_changes.yml
    │       ├── azure_app_credential_added.yml
    │       ├── azure_app_delegated_permissions_all_users.yml
    │       ├── azure_app_end_user_consent.yml
    │       ├── azure_app_end_user_consent_blocked.yml
    │       ├── azure_app_owner_added.yml
    │       ├── azure_app_permissions_msft.yml
    │       ├── azure_app_privileged_permissions.yml
    │       ├── azure_app_role_added.yml
    │       ├── azure_app_uri_modifications.yml
    │       ├── azure_auditlogs_laps_credential_dumping.yml
    │       ├── azure_change_to_authentication_method.yml
    │       ├── azure_federation_modified.yml
    │       ├── azure_group_user_addition_ca_modification.yml
    │       ├── azure_group_user_removal_ca_modification.yml
    │       ├── azure_guest_invite_failure.yml
    │       ├── azure_guest_to_member.yml
    │       ├── azure_pim_activation_approve_deny.yml
    │       ├── azure_pim_alerts_disabled.yml
    │       ├── azure_pim_change_settings.yml
    │       ├── azure_priviledged_role_assignment_add.yml
    │       ├── azure_priviledged_role_assignment_bulk_change.yml
    │       ├── azure_privileged_account_creation.yml
    │       ├── azure_subscription_permissions_elevation_via_auditlogs.yml
    │       ├── azure_tap_added.yml
    │       ├── azure_update_risk_and_mfa_registration_policy.yml
    │       ├── azure_user_account_mfa_disable.yml
    │       └── azure_user_password_change.yml
    │   ├── identity_protection
    │       ├── azure_identity_protection_anomalous_token.yml
    │       ├── azure_identity_protection_anomalous_user.yml
    │       ├── azure_identity_protection_anonymous_ip_activity.yml
    │       ├── azure_identity_protection_anonymous_ip_address.yml
    │       ├── azure_identity_protection_atypical_travel.yml
    │       ├── azure_identity_protection_impossible_travel.yml
    │       ├── azure_identity_protection_inbox_forwarding_rule.yml
    │       ├── azure_identity_protection_inbox_manipulation.yml
    │       ├── azure_identity_protection_leaked_credentials.yml
    │       ├── azure_identity_protection_malicious_ip_address.yml
    │       ├── azure_identity_protection_malicious_ip_address_suspicious.yml
    │       ├── azure_identity_protection_malware_linked_ip.yml
    │       ├── azure_identity_protection_new_coutry_region.yml
    │       ├── azure_identity_protection_password_spray.yml
    │       ├── azure_identity_protection_prt_access.yml
    │       ├── azure_identity_protection_suspicious_browser.yml
    │       ├── azure_identity_protection_threat_intel.yml
    │       ├── azure_identity_protection_token_issuer_anomaly.yml
    │       └── azure_identity_protection_unfamilar_sign_in.yml
    │   ├── privileged_identity_management
    │       ├── azure_pim_account_stale.yml
    │       ├── azure_pim_invalid_license.yml
    │       ├── azure_pim_role_assigned_outside_of_pim.yml
    │       ├── azure_pim_role_frequent_activation.yml
    │       ├── azure_pim_role_no_mfa_required.yml
    │       ├── azure_pim_role_not_used.yml
    │       └── azure_pim_too_many_global_admins.yml
    │   └── signin_logs
    │       ├── azure_account_lockout.yml
    │       ├── azure_ad_auth_failure_increase.yml
    │       ├── azure_ad_auth_sucess_increase.yml
    │       ├── azure_ad_auth_to_important_apps_using_single_factor_auth.yml
    │       ├── azure_ad_authentications_from_countries_you_do_not_operate_out_of.yml
    │       ├── azure_ad_azurehound_discovery.yml
    │       ├── azure_ad_device_registration_or_join_without_mfa.yml
    │       ├── azure_ad_only_single_factor_auth_required.yml
    │       ├── azure_ad_risky_sign_ins_with_singlefactorauth_from_unknown_devices.yml
    │       ├── azure_ad_sign_ins_from_noncompliant_devices.yml
    │       ├── azure_ad_sign_ins_from_unknown_devices.yml
    │       ├── azure_ad_suspicious_signin_bypassing_mfa.yml
    │       ├── azure_app_device_code_authentication.yml
    │       ├── azure_app_ropc_authentication.yml
    │       ├── azure_blocked_account_attempt.yml
    │       ├── azure_conditional_access_failure.yml
    │       ├── azure_legacy_authentication_protocols.yml
    │       ├── azure_login_to_disabled_account.yml
    │       ├── azure_mfa_denies.yml
    │       ├── azure_mfa_interrupted.yml
    │       ├── azure_unusual_authentication_interruption.yml
    │       ├── azure_user_login_blocked_by_conditional_access.yml
    │       └── azure_users_authenticating_to_other_azure_ad_tenants.yml
└── suzaku
    └── aws
        └── cloudtrail
            ├── aws_cloudtrail_api_call_from_hacking_distro.yml
            ├── aws_cloudtrail_api_key_created.yml
            ├── aws_cloudtrail_attempt_to_create_api_key.yml
            ├── aws_cloudtrail_attempt_to_delete_logs.yml
            ├── aws_cloudtrail_attempt_to_get_credentials_for_identity.yml
            ├── aws_cloudtrail_attempt_to_get_federation_token.yml
            ├── aws_cloudtrail_attempt_to_get_signin_token.yml
            ├── aws_cloudtrail_attempt_to_modify_log_settings.yml
            ├── aws_cloudtrail_attempt_to_stop_logging.yml
            ├── aws_cloudtrail_console_login_with_mfa.yml
            ├── aws_cloudtrail_console_login_without_mfa.yml
            ├── aws_cloudtrail_ec2_password_data_retrieved.yml
            ├── aws_cloudtrail_failed_login.yml
            ├── aws_cloudtrail_get_caller_identity.yml
            ├── aws_cloudtrail_get_credentials_for_identity.yml
            ├── aws_cloudtrail_get_federation_token.yml
            ├── aws_cloudtrail_get_signin_token.yml
            ├── aws_cloudtrail_iam_login_profile_created.yml
            ├── aws_cloudtrail_iam_login_profile_deleted.yml
            ├── aws_cloudtrail_log_settings_modified.yml
            ├── aws_cloudtrail_logging_stopped.yml
            ├── aws_cloudtrail_logs_deleted.yml
            ├── aws_cloudtrail_many_failed_logins.yml
            ├── aws_cloudtrail_many_recon_events.yml
            ├── aws_cloudtrail_open_ingress_port_22.yml
            ├── aws_cloudtrail_role_enumeration.yml
            └── aws_cloudtrail_user_enumeration.yml


/.github/.kodiak.toml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/.github/.kodiak.toml


--------------------------------------------------------------------------------
/.github/workflows/check-duplicate-uuid.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/.github/workflows/check-duplicate-uuid.yaml


--------------------------------------------------------------------------------
/.github/workflows/update-sigmarule.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/.github/workflows/update-sigmarule.yaml


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | /.idea/
2 | /.vscode/
3 | .DS_Store
4 | .env
5 | 


--------------------------------------------------------------------------------
/CHANGELOG-Japanese.md:
--------------------------------------------------------------------------------
1 | # 変更点


--------------------------------------------------------------------------------
/CHANGELOG.md:
--------------------------------------------------------------------------------
1 | # Changes


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/LICENSE


--------------------------------------------------------------------------------
/README-Japanese.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/README-Japanese.md


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/README.md


--------------------------------------------------------------------------------
/config/abused_aws_api_calls.csv:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/config/abused_aws_api_calls.csv


--------------------------------------------------------------------------------
/config/filtered_sigma_rules.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/config/filtered_sigma_rules.txt


--------------------------------------------------------------------------------
/sigma/aws/cloudtrail/aws_cloudtrail_bucket_deleted.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/aws/cloudtrail/aws_cloudtrail_bucket_deleted.yml


--------------------------------------------------------------------------------
/sigma/aws/cloudtrail/aws_cloudtrail_console_login_failed_authentication.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/aws/cloudtrail/aws_cloudtrail_console_login_failed_authentication.yml


--------------------------------------------------------------------------------
/sigma/aws/cloudtrail/aws_cloudtrail_console_login_success_without_mfa.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/aws/cloudtrail/aws_cloudtrail_console_login_success_without_mfa.yml


--------------------------------------------------------------------------------
/sigma/aws/cloudtrail/aws_cloudtrail_guardduty_detector_deleted_or_updated.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/aws/cloudtrail/aws_cloudtrail_guardduty_detector_deleted_or_updated.yml


--------------------------------------------------------------------------------
/sigma/aws/cloudtrail/aws_cloudtrail_imds_malicious_usage.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/aws/cloudtrail/aws_cloudtrail_imds_malicious_usage.yml


--------------------------------------------------------------------------------
/sigma/aws/cloudtrail/aws_cloudtrail_new_acl_entries.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/aws/cloudtrail/aws_cloudtrail_new_acl_entries.yml


--------------------------------------------------------------------------------
/sigma/aws/cloudtrail/aws_cloudtrail_new_route_added.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/aws/cloudtrail/aws_cloudtrail_new_route_added.yml


--------------------------------------------------------------------------------
/sigma/aws/cloudtrail/aws_cloudtrail_pua_trufflehog.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/aws/cloudtrail/aws_cloudtrail_pua_trufflehog.yml


--------------------------------------------------------------------------------
/sigma/aws/cloudtrail/aws_cloudtrail_region_enabled.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/aws/cloudtrail/aws_cloudtrail_region_enabled.yml


--------------------------------------------------------------------------------
/sigma/aws/cloudtrail/aws_cloudtrail_security_group_change_ingress_egress.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/aws/cloudtrail/aws_cloudtrail_security_group_change_ingress_egress.yml


--------------------------------------------------------------------------------
/sigma/aws/cloudtrail/aws_cloudtrail_security_group_change_loadbalancer.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/aws/cloudtrail/aws_cloudtrail_security_group_change_loadbalancer.yml


--------------------------------------------------------------------------------
/sigma/aws/cloudtrail/aws_cloudtrail_security_group_change_rds.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/aws/cloudtrail/aws_cloudtrail_security_group_change_rds.yml


--------------------------------------------------------------------------------
/sigma/aws/cloudtrail/aws_cloudtrail_ssm_malicious_usage.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/aws/cloudtrail/aws_cloudtrail_ssm_malicious_usage.yml


--------------------------------------------------------------------------------
/sigma/aws/cloudtrail/aws_cloudtrail_vpc_flow_logs_deleted.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/aws/cloudtrail/aws_cloudtrail_vpc_flow_logs_deleted.yml


--------------------------------------------------------------------------------
/sigma/aws/cloudtrail/aws_config_disable_recording.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/aws/cloudtrail/aws_config_disable_recording.yml


--------------------------------------------------------------------------------
/sigma/aws/cloudtrail/aws_console_getsignintoken.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/aws/cloudtrail/aws_console_getsignintoken.yml


--------------------------------------------------------------------------------
/sigma/aws/cloudtrail/aws_delete_identity.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/aws/cloudtrail/aws_delete_identity.yml


--------------------------------------------------------------------------------
/sigma/aws/cloudtrail/aws_delete_saml_provider.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/aws/cloudtrail/aws_delete_saml_provider.yml


--------------------------------------------------------------------------------
/sigma/aws/cloudtrail/aws_disable_bucket_versioning.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/aws/cloudtrail/aws_disable_bucket_versioning.yml


--------------------------------------------------------------------------------
/sigma/aws/cloudtrail/aws_ec2_disable_encryption.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/aws/cloudtrail/aws_ec2_disable_encryption.yml


--------------------------------------------------------------------------------
/sigma/aws/cloudtrail/aws_ec2_import_key_pair_activity.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/aws/cloudtrail/aws_ec2_import_key_pair_activity.yml


--------------------------------------------------------------------------------
/sigma/aws/cloudtrail/aws_ec2_startup_script_change.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/aws/cloudtrail/aws_ec2_startup_script_change.yml


--------------------------------------------------------------------------------
/sigma/aws/cloudtrail/aws_ec2_vm_export_failure.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/aws/cloudtrail/aws_ec2_vm_export_failure.yml


--------------------------------------------------------------------------------
/sigma/aws/cloudtrail/aws_ecs_task_definition_cred_endpoint_query.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/aws/cloudtrail/aws_ecs_task_definition_cred_endpoint_query.yml


--------------------------------------------------------------------------------
/sigma/aws/cloudtrail/aws_efs_fileshare_modified_or_deleted.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/aws/cloudtrail/aws_efs_fileshare_modified_or_deleted.yml


--------------------------------------------------------------------------------
/sigma/aws/cloudtrail/aws_efs_fileshare_mount_modified_or_deleted.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/aws/cloudtrail/aws_efs_fileshare_mount_modified_or_deleted.yml


--------------------------------------------------------------------------------
/sigma/aws/cloudtrail/aws_eks_cluster_created_or_deleted.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/aws/cloudtrail/aws_eks_cluster_created_or_deleted.yml


--------------------------------------------------------------------------------
/sigma/aws/cloudtrail/aws_elasticache_security_group_created.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/aws/cloudtrail/aws_elasticache_security_group_created.yml


--------------------------------------------------------------------------------
/sigma/aws/cloudtrail/aws_elasticache_security_group_modified_or_deleted.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/aws/cloudtrail/aws_elasticache_security_group_modified_or_deleted.yml


--------------------------------------------------------------------------------
/sigma/aws/cloudtrail/aws_enum_buckets.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/aws/cloudtrail/aws_enum_buckets.yml


--------------------------------------------------------------------------------
/sigma/aws/cloudtrail/aws_guardduty_disruption.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/aws/cloudtrail/aws_guardduty_disruption.yml


--------------------------------------------------------------------------------
/sigma/aws/cloudtrail/aws_iam_backdoor_users_keys.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/aws/cloudtrail/aws_iam_backdoor_users_keys.yml


--------------------------------------------------------------------------------
/sigma/aws/cloudtrail/aws_iam_s3browser_loginprofile_creation.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/aws/cloudtrail/aws_iam_s3browser_loginprofile_creation.yml


--------------------------------------------------------------------------------
/sigma/aws/cloudtrail/aws_iam_s3browser_templated_s3_bucket_policy_creation.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/aws/cloudtrail/aws_iam_s3browser_templated_s3_bucket_policy_creation.yml


--------------------------------------------------------------------------------
/sigma/aws/cloudtrail/aws_iam_s3browser_user_or_accesskey_creation.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/aws/cloudtrail/aws_iam_s3browser_user_or_accesskey_creation.yml


--------------------------------------------------------------------------------
/sigma/aws/cloudtrail/aws_kms_import_key_material.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/aws/cloudtrail/aws_kms_import_key_material.yml


--------------------------------------------------------------------------------
/sigma/aws/cloudtrail/aws_lambda_function_url.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/aws/cloudtrail/aws_lambda_function_url.yml


--------------------------------------------------------------------------------
/sigma/aws/cloudtrail/aws_new_lambda_layer_attached.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/aws/cloudtrail/aws_new_lambda_layer_attached.yml


--------------------------------------------------------------------------------
/sigma/aws/cloudtrail/aws_passed_role_to_glue_development_endpoint.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/aws/cloudtrail/aws_passed_role_to_glue_development_endpoint.yml


--------------------------------------------------------------------------------
/sigma/aws/cloudtrail/aws_rds_change_master_password.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/aws/cloudtrail/aws_rds_change_master_password.yml


--------------------------------------------------------------------------------
/sigma/aws/cloudtrail/aws_rds_dbcluster_actions.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/aws/cloudtrail/aws_rds_dbcluster_actions.yml


--------------------------------------------------------------------------------
/sigma/aws/cloudtrail/aws_rds_public_db_restore.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/aws/cloudtrail/aws_rds_public_db_restore.yml


--------------------------------------------------------------------------------
/sigma/aws/cloudtrail/aws_root_account_usage.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/aws/cloudtrail/aws_root_account_usage.yml


--------------------------------------------------------------------------------
/sigma/aws/cloudtrail/aws_route_53_domain_transferred_lock_disabled.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/aws/cloudtrail/aws_route_53_domain_transferred_lock_disabled.yml


--------------------------------------------------------------------------------
/sigma/aws/cloudtrail/aws_route_53_domain_transferred_to_another_account.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/aws/cloudtrail/aws_route_53_domain_transferred_to_another_account.yml


--------------------------------------------------------------------------------
/sigma/aws/cloudtrail/aws_s3_data_management_tampering.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/aws/cloudtrail/aws_s3_data_management_tampering.yml


--------------------------------------------------------------------------------
/sigma/aws/cloudtrail/aws_securityhub_finding_evasion.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/aws/cloudtrail/aws_securityhub_finding_evasion.yml


--------------------------------------------------------------------------------
/sigma/aws/cloudtrail/aws_snapshot_backup_exfiltration.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/aws/cloudtrail/aws_snapshot_backup_exfiltration.yml


--------------------------------------------------------------------------------
/sigma/aws/cloudtrail/aws_sso_idp_change.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/aws/cloudtrail/aws_sso_idp_change.yml


--------------------------------------------------------------------------------
/sigma/aws/cloudtrail/aws_sts_assumerole_misuse.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/aws/cloudtrail/aws_sts_assumerole_misuse.yml


--------------------------------------------------------------------------------
/sigma/aws/cloudtrail/aws_sts_getcalleridentity_trufflehog.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/aws/cloudtrail/aws_sts_getcalleridentity_trufflehog.yml


--------------------------------------------------------------------------------
/sigma/aws/cloudtrail/aws_sts_getsessiontoken_misuse.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/aws/cloudtrail/aws_sts_getsessiontoken_misuse.yml


--------------------------------------------------------------------------------
/sigma/aws/cloudtrail/aws_susp_saml_activity.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/aws/cloudtrail/aws_susp_saml_activity.yml


--------------------------------------------------------------------------------
/sigma/aws/cloudtrail/aws_update_login_profile.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/aws/cloudtrail/aws_update_login_profile.yml


--------------------------------------------------------------------------------
/sigma/azure/activity_logs/azure_aadhybridhealth_adfs_new_server.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/activity_logs/azure_aadhybridhealth_adfs_new_server.yml


--------------------------------------------------------------------------------
/sigma/azure/activity_logs/azure_aadhybridhealth_adfs_service_delete.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/activity_logs/azure_aadhybridhealth_adfs_service_delete.yml


--------------------------------------------------------------------------------
/sigma/azure/activity_logs/azure_ad_user_added_to_admin_role.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/activity_logs/azure_ad_user_added_to_admin_role.yml


--------------------------------------------------------------------------------
/sigma/azure/activity_logs/azure_application_deleted.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/activity_logs/azure_application_deleted.yml


--------------------------------------------------------------------------------
/sigma/azure/activity_logs/azure_application_gateway_modified_or_deleted.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/activity_logs/azure_application_gateway_modified_or_deleted.yml


--------------------------------------------------------------------------------
/sigma/azure/activity_logs/azure_application_security_group_modified_or_deleted.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/activity_logs/azure_application_security_group_modified_or_deleted.yml


--------------------------------------------------------------------------------
/sigma/azure/activity_logs/azure_container_registry_created_or_deleted.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/activity_logs/azure_container_registry_created_or_deleted.yml


--------------------------------------------------------------------------------
/sigma/azure/activity_logs/azure_creating_number_of_resources_detection.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/activity_logs/azure_creating_number_of_resources_detection.yml


--------------------------------------------------------------------------------
/sigma/azure/activity_logs/azure_device_no_longer_managed_or_compliant.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/activity_logs/azure_device_no_longer_managed_or_compliant.yml


--------------------------------------------------------------------------------
/sigma/azure/activity_logs/azure_device_or_configuration_modified_or_deleted.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/activity_logs/azure_device_or_configuration_modified_or_deleted.yml


--------------------------------------------------------------------------------
/sigma/azure/activity_logs/azure_dns_zone_modified_or_deleted.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/activity_logs/azure_dns_zone_modified_or_deleted.yml


--------------------------------------------------------------------------------
/sigma/azure/activity_logs/azure_firewall_modified_or_deleted.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/activity_logs/azure_firewall_modified_or_deleted.yml


--------------------------------------------------------------------------------
/sigma/azure/activity_logs/azure_firewall_rule_collection_modified_or_deleted.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/activity_logs/azure_firewall_rule_collection_modified_or_deleted.yml


--------------------------------------------------------------------------------
/sigma/azure/activity_logs/azure_granting_permission_detection.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/activity_logs/azure_granting_permission_detection.yml


--------------------------------------------------------------------------------
/sigma/azure/activity_logs/azure_keyvault_key_modified_or_deleted.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/activity_logs/azure_keyvault_key_modified_or_deleted.yml


--------------------------------------------------------------------------------
/sigma/azure/activity_logs/azure_keyvault_modified_or_deleted.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/activity_logs/azure_keyvault_modified_or_deleted.yml


--------------------------------------------------------------------------------
/sigma/azure/activity_logs/azure_keyvault_secrets_modified_or_deleted.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/activity_logs/azure_keyvault_secrets_modified_or_deleted.yml


--------------------------------------------------------------------------------
/sigma/azure/activity_logs/azure_kubernetes_admission_controller.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/activity_logs/azure_kubernetes_admission_controller.yml


--------------------------------------------------------------------------------
/sigma/azure/activity_logs/azure_kubernetes_cluster_created_or_deleted.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/activity_logs/azure_kubernetes_cluster_created_or_deleted.yml


--------------------------------------------------------------------------------
/sigma/azure/activity_logs/azure_kubernetes_cronjob.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/activity_logs/azure_kubernetes_cronjob.yml


--------------------------------------------------------------------------------
/sigma/azure/activity_logs/azure_kubernetes_events_deleted.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/activity_logs/azure_kubernetes_events_deleted.yml


--------------------------------------------------------------------------------
/sigma/azure/activity_logs/azure_kubernetes_network_policy_change.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/activity_logs/azure_kubernetes_network_policy_change.yml


--------------------------------------------------------------------------------
/sigma/azure/activity_logs/azure_kubernetes_pods_deleted.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/activity_logs/azure_kubernetes_pods_deleted.yml


--------------------------------------------------------------------------------
/sigma/azure/activity_logs/azure_kubernetes_role_access.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/activity_logs/azure_kubernetes_role_access.yml


--------------------------------------------------------------------------------
/sigma/azure/activity_logs/azure_kubernetes_rolebinding_modified_or_deleted.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/activity_logs/azure_kubernetes_rolebinding_modified_or_deleted.yml


--------------------------------------------------------------------------------
/sigma/azure/activity_logs/azure_kubernetes_secret_or_config_object_access.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/activity_logs/azure_kubernetes_secret_or_config_object_access.yml


--------------------------------------------------------------------------------
/sigma/azure/activity_logs/azure_kubernetes_service_account_modified_or_deleted.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/activity_logs/azure_kubernetes_service_account_modified_or_deleted.yml


--------------------------------------------------------------------------------
/sigma/azure/activity_logs/azure_mfa_disabled.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/activity_logs/azure_mfa_disabled.yml


--------------------------------------------------------------------------------
/sigma/azure/activity_logs/azure_network_firewall_policy_modified_or_deleted.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/activity_logs/azure_network_firewall_policy_modified_or_deleted.yml


--------------------------------------------------------------------------------
/sigma/azure/activity_logs/azure_network_firewall_rule_modified_or_deleted.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/activity_logs/azure_network_firewall_rule_modified_or_deleted.yml


--------------------------------------------------------------------------------
/sigma/azure/activity_logs/azure_network_p2s_vpn_modified_or_deleted.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/activity_logs/azure_network_p2s_vpn_modified_or_deleted.yml


--------------------------------------------------------------------------------
/sigma/azure/activity_logs/azure_network_security_modified_or_deleted.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/activity_logs/azure_network_security_modified_or_deleted.yml


--------------------------------------------------------------------------------
/sigma/azure/activity_logs/azure_network_virtual_device_modified_or_deleted.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/activity_logs/azure_network_virtual_device_modified_or_deleted.yml


--------------------------------------------------------------------------------
/sigma/azure/activity_logs/azure_new_cloudshell_created.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/activity_logs/azure_new_cloudshell_created.yml


--------------------------------------------------------------------------------
/sigma/azure/activity_logs/azure_owner_removed_from_application_or_service_principal.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/activity_logs/azure_owner_removed_from_application_or_service_principal.yml


--------------------------------------------------------------------------------
/sigma/azure/activity_logs/azure_rare_operations.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/activity_logs/azure_rare_operations.yml


--------------------------------------------------------------------------------
/sigma/azure/activity_logs/azure_service_principal_created.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/activity_logs/azure_service_principal_created.yml


--------------------------------------------------------------------------------
/sigma/azure/activity_logs/azure_service_principal_removed.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/activity_logs/azure_service_principal_removed.yml


--------------------------------------------------------------------------------
/sigma/azure/activity_logs/azure_subscription_permissions_elevation_via_activitylogs.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/activity_logs/azure_subscription_permissions_elevation_via_activitylogs.yml


--------------------------------------------------------------------------------
/sigma/azure/activity_logs/azure_suppression_rule_created.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/activity_logs/azure_suppression_rule_created.yml


--------------------------------------------------------------------------------
/sigma/azure/activity_logs/azure_virtual_network_modified_or_deleted.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/activity_logs/azure_virtual_network_modified_or_deleted.yml


--------------------------------------------------------------------------------
/sigma/azure/activity_logs/azure_vpn_connection_modified_or_deleted.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/activity_logs/azure_vpn_connection_modified_or_deleted.yml


--------------------------------------------------------------------------------
/sigma/azure/audit_logs/azure_aad_secops_ca_policy_removedby_bad_actor.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/audit_logs/azure_aad_secops_ca_policy_removedby_bad_actor.yml


--------------------------------------------------------------------------------
/sigma/azure/audit_logs/azure_aad_secops_ca_policy_updatedby_bad_actor.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/audit_logs/azure_aad_secops_ca_policy_updatedby_bad_actor.yml


--------------------------------------------------------------------------------
/sigma/azure/audit_logs/azure_aad_secops_new_ca_policy_addedby_bad_actor.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/audit_logs/azure_aad_secops_new_ca_policy_addedby_bad_actor.yml


--------------------------------------------------------------------------------
/sigma/azure/audit_logs/azure_ad_account_created_deleted.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/audit_logs/azure_ad_account_created_deleted.yml


--------------------------------------------------------------------------------
/sigma/azure/audit_logs/azure_ad_bitlocker_key_retrieval.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/audit_logs/azure_ad_bitlocker_key_retrieval.yml


--------------------------------------------------------------------------------
/sigma/azure/audit_logs/azure_ad_certificate_based_authencation_enabled.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/audit_logs/azure_ad_certificate_based_authencation_enabled.yml


--------------------------------------------------------------------------------
/sigma/azure/audit_logs/azure_ad_device_registration_policy_changes.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/audit_logs/azure_ad_device_registration_policy_changes.yml


--------------------------------------------------------------------------------
/sigma/azure/audit_logs/azure_ad_guest_users_invited_to_tenant_by_non_approved_inviters.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/audit_logs/azure_ad_guest_users_invited_to_tenant_by_non_approved_inviters.yml


--------------------------------------------------------------------------------
/sigma/azure/audit_logs/azure_ad_new_root_ca_added.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/audit_logs/azure_ad_new_root_ca_added.yml


--------------------------------------------------------------------------------
/sigma/azure/audit_logs/azure_ad_users_added_to_device_admin_roles.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/audit_logs/azure_ad_users_added_to_device_admin_roles.yml


--------------------------------------------------------------------------------
/sigma/azure/audit_logs/azure_app_appid_uri_changes.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/audit_logs/azure_app_appid_uri_changes.yml


--------------------------------------------------------------------------------
/sigma/azure/audit_logs/azure_app_credential_added.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/audit_logs/azure_app_credential_added.yml


--------------------------------------------------------------------------------
/sigma/azure/audit_logs/azure_app_delegated_permissions_all_users.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/audit_logs/azure_app_delegated_permissions_all_users.yml


--------------------------------------------------------------------------------
/sigma/azure/audit_logs/azure_app_end_user_consent.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/audit_logs/azure_app_end_user_consent.yml


--------------------------------------------------------------------------------
/sigma/azure/audit_logs/azure_app_end_user_consent_blocked.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/audit_logs/azure_app_end_user_consent_blocked.yml


--------------------------------------------------------------------------------
/sigma/azure/audit_logs/azure_app_owner_added.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/audit_logs/azure_app_owner_added.yml


--------------------------------------------------------------------------------
/sigma/azure/audit_logs/azure_app_permissions_msft.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/audit_logs/azure_app_permissions_msft.yml


--------------------------------------------------------------------------------
/sigma/azure/audit_logs/azure_app_privileged_permissions.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/audit_logs/azure_app_privileged_permissions.yml


--------------------------------------------------------------------------------
/sigma/azure/audit_logs/azure_app_role_added.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/audit_logs/azure_app_role_added.yml


--------------------------------------------------------------------------------
/sigma/azure/audit_logs/azure_app_uri_modifications.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/audit_logs/azure_app_uri_modifications.yml


--------------------------------------------------------------------------------
/sigma/azure/audit_logs/azure_auditlogs_laps_credential_dumping.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/audit_logs/azure_auditlogs_laps_credential_dumping.yml


--------------------------------------------------------------------------------
/sigma/azure/audit_logs/azure_change_to_authentication_method.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/audit_logs/azure_change_to_authentication_method.yml


--------------------------------------------------------------------------------
/sigma/azure/audit_logs/azure_federation_modified.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/audit_logs/azure_federation_modified.yml


--------------------------------------------------------------------------------
/sigma/azure/audit_logs/azure_group_user_addition_ca_modification.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/audit_logs/azure_group_user_addition_ca_modification.yml


--------------------------------------------------------------------------------
/sigma/azure/audit_logs/azure_group_user_removal_ca_modification.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/audit_logs/azure_group_user_removal_ca_modification.yml


--------------------------------------------------------------------------------
/sigma/azure/audit_logs/azure_guest_invite_failure.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/audit_logs/azure_guest_invite_failure.yml


--------------------------------------------------------------------------------
/sigma/azure/audit_logs/azure_guest_to_member.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/audit_logs/azure_guest_to_member.yml


--------------------------------------------------------------------------------
/sigma/azure/audit_logs/azure_pim_activation_approve_deny.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/audit_logs/azure_pim_activation_approve_deny.yml


--------------------------------------------------------------------------------
/sigma/azure/audit_logs/azure_pim_alerts_disabled.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/audit_logs/azure_pim_alerts_disabled.yml


--------------------------------------------------------------------------------
/sigma/azure/audit_logs/azure_pim_change_settings.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/audit_logs/azure_pim_change_settings.yml


--------------------------------------------------------------------------------
/sigma/azure/audit_logs/azure_priviledged_role_assignment_add.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/audit_logs/azure_priviledged_role_assignment_add.yml


--------------------------------------------------------------------------------
/sigma/azure/audit_logs/azure_priviledged_role_assignment_bulk_change.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/audit_logs/azure_priviledged_role_assignment_bulk_change.yml


--------------------------------------------------------------------------------
/sigma/azure/audit_logs/azure_privileged_account_creation.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/audit_logs/azure_privileged_account_creation.yml


--------------------------------------------------------------------------------
/sigma/azure/audit_logs/azure_subscription_permissions_elevation_via_auditlogs.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/audit_logs/azure_subscription_permissions_elevation_via_auditlogs.yml


--------------------------------------------------------------------------------
/sigma/azure/audit_logs/azure_tap_added.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/audit_logs/azure_tap_added.yml


--------------------------------------------------------------------------------
/sigma/azure/audit_logs/azure_update_risk_and_mfa_registration_policy.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/audit_logs/azure_update_risk_and_mfa_registration_policy.yml


--------------------------------------------------------------------------------
/sigma/azure/audit_logs/azure_user_account_mfa_disable.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/audit_logs/azure_user_account_mfa_disable.yml


--------------------------------------------------------------------------------
/sigma/azure/audit_logs/azure_user_password_change.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/audit_logs/azure_user_password_change.yml


--------------------------------------------------------------------------------
/sigma/azure/identity_protection/azure_identity_protection_anomalous_token.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/identity_protection/azure_identity_protection_anomalous_token.yml


--------------------------------------------------------------------------------
/sigma/azure/identity_protection/azure_identity_protection_anomalous_user.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/identity_protection/azure_identity_protection_anomalous_user.yml


--------------------------------------------------------------------------------
/sigma/azure/identity_protection/azure_identity_protection_anonymous_ip_activity.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/identity_protection/azure_identity_protection_anonymous_ip_activity.yml


--------------------------------------------------------------------------------
/sigma/azure/identity_protection/azure_identity_protection_anonymous_ip_address.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/identity_protection/azure_identity_protection_anonymous_ip_address.yml


--------------------------------------------------------------------------------
/sigma/azure/identity_protection/azure_identity_protection_atypical_travel.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/identity_protection/azure_identity_protection_atypical_travel.yml


--------------------------------------------------------------------------------
/sigma/azure/identity_protection/azure_identity_protection_impossible_travel.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/identity_protection/azure_identity_protection_impossible_travel.yml


--------------------------------------------------------------------------------
/sigma/azure/identity_protection/azure_identity_protection_inbox_forwarding_rule.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/identity_protection/azure_identity_protection_inbox_forwarding_rule.yml


--------------------------------------------------------------------------------
/sigma/azure/identity_protection/azure_identity_protection_inbox_manipulation.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/identity_protection/azure_identity_protection_inbox_manipulation.yml


--------------------------------------------------------------------------------
/sigma/azure/identity_protection/azure_identity_protection_leaked_credentials.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/identity_protection/azure_identity_protection_leaked_credentials.yml


--------------------------------------------------------------------------------
/sigma/azure/identity_protection/azure_identity_protection_malicious_ip_address.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/identity_protection/azure_identity_protection_malicious_ip_address.yml


--------------------------------------------------------------------------------
/sigma/azure/identity_protection/azure_identity_protection_malicious_ip_address_suspicious.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/identity_protection/azure_identity_protection_malicious_ip_address_suspicious.yml


--------------------------------------------------------------------------------
/sigma/azure/identity_protection/azure_identity_protection_malware_linked_ip.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/identity_protection/azure_identity_protection_malware_linked_ip.yml


--------------------------------------------------------------------------------
/sigma/azure/identity_protection/azure_identity_protection_new_coutry_region.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/identity_protection/azure_identity_protection_new_coutry_region.yml


--------------------------------------------------------------------------------
/sigma/azure/identity_protection/azure_identity_protection_password_spray.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/identity_protection/azure_identity_protection_password_spray.yml


--------------------------------------------------------------------------------
/sigma/azure/identity_protection/azure_identity_protection_prt_access.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/identity_protection/azure_identity_protection_prt_access.yml


--------------------------------------------------------------------------------
/sigma/azure/identity_protection/azure_identity_protection_suspicious_browser.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/identity_protection/azure_identity_protection_suspicious_browser.yml


--------------------------------------------------------------------------------
/sigma/azure/identity_protection/azure_identity_protection_threat_intel.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/identity_protection/azure_identity_protection_threat_intel.yml


--------------------------------------------------------------------------------
/sigma/azure/identity_protection/azure_identity_protection_token_issuer_anomaly.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/identity_protection/azure_identity_protection_token_issuer_anomaly.yml


--------------------------------------------------------------------------------
/sigma/azure/identity_protection/azure_identity_protection_unfamilar_sign_in.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/identity_protection/azure_identity_protection_unfamilar_sign_in.yml


--------------------------------------------------------------------------------
/sigma/azure/privileged_identity_management/azure_pim_account_stale.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/privileged_identity_management/azure_pim_account_stale.yml


--------------------------------------------------------------------------------
/sigma/azure/privileged_identity_management/azure_pim_invalid_license.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/privileged_identity_management/azure_pim_invalid_license.yml


--------------------------------------------------------------------------------
/sigma/azure/privileged_identity_management/azure_pim_role_assigned_outside_of_pim.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/privileged_identity_management/azure_pim_role_assigned_outside_of_pim.yml


--------------------------------------------------------------------------------
/sigma/azure/privileged_identity_management/azure_pim_role_frequent_activation.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/privileged_identity_management/azure_pim_role_frequent_activation.yml


--------------------------------------------------------------------------------
/sigma/azure/privileged_identity_management/azure_pim_role_no_mfa_required.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/privileged_identity_management/azure_pim_role_no_mfa_required.yml


--------------------------------------------------------------------------------
/sigma/azure/privileged_identity_management/azure_pim_role_not_used.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/privileged_identity_management/azure_pim_role_not_used.yml


--------------------------------------------------------------------------------
/sigma/azure/privileged_identity_management/azure_pim_too_many_global_admins.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/privileged_identity_management/azure_pim_too_many_global_admins.yml


--------------------------------------------------------------------------------
/sigma/azure/signin_logs/azure_account_lockout.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/signin_logs/azure_account_lockout.yml


--------------------------------------------------------------------------------
/sigma/azure/signin_logs/azure_ad_auth_failure_increase.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/signin_logs/azure_ad_auth_failure_increase.yml


--------------------------------------------------------------------------------
/sigma/azure/signin_logs/azure_ad_auth_sucess_increase.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/signin_logs/azure_ad_auth_sucess_increase.yml


--------------------------------------------------------------------------------
/sigma/azure/signin_logs/azure_ad_auth_to_important_apps_using_single_factor_auth.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/signin_logs/azure_ad_auth_to_important_apps_using_single_factor_auth.yml


--------------------------------------------------------------------------------
/sigma/azure/signin_logs/azure_ad_authentications_from_countries_you_do_not_operate_out_of.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/signin_logs/azure_ad_authentications_from_countries_you_do_not_operate_out_of.yml


--------------------------------------------------------------------------------
/sigma/azure/signin_logs/azure_ad_azurehound_discovery.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/signin_logs/azure_ad_azurehound_discovery.yml


--------------------------------------------------------------------------------
/sigma/azure/signin_logs/azure_ad_device_registration_or_join_without_mfa.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/signin_logs/azure_ad_device_registration_or_join_without_mfa.yml


--------------------------------------------------------------------------------
/sigma/azure/signin_logs/azure_ad_only_single_factor_auth_required.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/signin_logs/azure_ad_only_single_factor_auth_required.yml


--------------------------------------------------------------------------------
/sigma/azure/signin_logs/azure_ad_risky_sign_ins_with_singlefactorauth_from_unknown_devices.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/signin_logs/azure_ad_risky_sign_ins_with_singlefactorauth_from_unknown_devices.yml


--------------------------------------------------------------------------------
/sigma/azure/signin_logs/azure_ad_sign_ins_from_noncompliant_devices.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/signin_logs/azure_ad_sign_ins_from_noncompliant_devices.yml


--------------------------------------------------------------------------------
/sigma/azure/signin_logs/azure_ad_sign_ins_from_unknown_devices.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/signin_logs/azure_ad_sign_ins_from_unknown_devices.yml


--------------------------------------------------------------------------------
/sigma/azure/signin_logs/azure_ad_suspicious_signin_bypassing_mfa.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/signin_logs/azure_ad_suspicious_signin_bypassing_mfa.yml


--------------------------------------------------------------------------------
/sigma/azure/signin_logs/azure_app_device_code_authentication.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/signin_logs/azure_app_device_code_authentication.yml


--------------------------------------------------------------------------------
/sigma/azure/signin_logs/azure_app_ropc_authentication.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/signin_logs/azure_app_ropc_authentication.yml


--------------------------------------------------------------------------------
/sigma/azure/signin_logs/azure_blocked_account_attempt.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/signin_logs/azure_blocked_account_attempt.yml


--------------------------------------------------------------------------------
/sigma/azure/signin_logs/azure_conditional_access_failure.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/signin_logs/azure_conditional_access_failure.yml


--------------------------------------------------------------------------------
/sigma/azure/signin_logs/azure_legacy_authentication_protocols.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/signin_logs/azure_legacy_authentication_protocols.yml


--------------------------------------------------------------------------------
/sigma/azure/signin_logs/azure_login_to_disabled_account.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/signin_logs/azure_login_to_disabled_account.yml


--------------------------------------------------------------------------------
/sigma/azure/signin_logs/azure_mfa_denies.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/signin_logs/azure_mfa_denies.yml


--------------------------------------------------------------------------------
/sigma/azure/signin_logs/azure_mfa_interrupted.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/signin_logs/azure_mfa_interrupted.yml


--------------------------------------------------------------------------------
/sigma/azure/signin_logs/azure_unusual_authentication_interruption.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/signin_logs/azure_unusual_authentication_interruption.yml


--------------------------------------------------------------------------------
/sigma/azure/signin_logs/azure_user_login_blocked_by_conditional_access.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/signin_logs/azure_user_login_blocked_by_conditional_access.yml


--------------------------------------------------------------------------------
/sigma/azure/signin_logs/azure_users_authenticating_to_other_azure_ad_tenants.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/sigma/azure/signin_logs/azure_users_authenticating_to_other_azure_ad_tenants.yml


--------------------------------------------------------------------------------
/suzaku/aws/cloudtrail/aws_cloudtrail_api_call_from_hacking_distro.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/suzaku/aws/cloudtrail/aws_cloudtrail_api_call_from_hacking_distro.yml


--------------------------------------------------------------------------------
/suzaku/aws/cloudtrail/aws_cloudtrail_api_key_created.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/suzaku/aws/cloudtrail/aws_cloudtrail_api_key_created.yml


--------------------------------------------------------------------------------
/suzaku/aws/cloudtrail/aws_cloudtrail_attempt_to_create_api_key.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/suzaku/aws/cloudtrail/aws_cloudtrail_attempt_to_create_api_key.yml


--------------------------------------------------------------------------------
/suzaku/aws/cloudtrail/aws_cloudtrail_attempt_to_delete_logs.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/suzaku/aws/cloudtrail/aws_cloudtrail_attempt_to_delete_logs.yml


--------------------------------------------------------------------------------
/suzaku/aws/cloudtrail/aws_cloudtrail_attempt_to_get_credentials_for_identity.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/suzaku/aws/cloudtrail/aws_cloudtrail_attempt_to_get_credentials_for_identity.yml


--------------------------------------------------------------------------------
/suzaku/aws/cloudtrail/aws_cloudtrail_attempt_to_get_federation_token.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/suzaku/aws/cloudtrail/aws_cloudtrail_attempt_to_get_federation_token.yml


--------------------------------------------------------------------------------
/suzaku/aws/cloudtrail/aws_cloudtrail_attempt_to_get_signin_token.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/suzaku/aws/cloudtrail/aws_cloudtrail_attempt_to_get_signin_token.yml


--------------------------------------------------------------------------------
/suzaku/aws/cloudtrail/aws_cloudtrail_attempt_to_modify_log_settings.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/suzaku/aws/cloudtrail/aws_cloudtrail_attempt_to_modify_log_settings.yml


--------------------------------------------------------------------------------
/suzaku/aws/cloudtrail/aws_cloudtrail_attempt_to_stop_logging.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/suzaku/aws/cloudtrail/aws_cloudtrail_attempt_to_stop_logging.yml


--------------------------------------------------------------------------------
/suzaku/aws/cloudtrail/aws_cloudtrail_console_login_with_mfa.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/suzaku/aws/cloudtrail/aws_cloudtrail_console_login_with_mfa.yml


--------------------------------------------------------------------------------
/suzaku/aws/cloudtrail/aws_cloudtrail_console_login_without_mfa.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/suzaku/aws/cloudtrail/aws_cloudtrail_console_login_without_mfa.yml


--------------------------------------------------------------------------------
/suzaku/aws/cloudtrail/aws_cloudtrail_ec2_password_data_retrieved.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/suzaku/aws/cloudtrail/aws_cloudtrail_ec2_password_data_retrieved.yml


--------------------------------------------------------------------------------
/suzaku/aws/cloudtrail/aws_cloudtrail_failed_login.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/suzaku/aws/cloudtrail/aws_cloudtrail_failed_login.yml


--------------------------------------------------------------------------------
/suzaku/aws/cloudtrail/aws_cloudtrail_get_caller_identity.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/suzaku/aws/cloudtrail/aws_cloudtrail_get_caller_identity.yml


--------------------------------------------------------------------------------
/suzaku/aws/cloudtrail/aws_cloudtrail_get_credentials_for_identity.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/suzaku/aws/cloudtrail/aws_cloudtrail_get_credentials_for_identity.yml


--------------------------------------------------------------------------------
/suzaku/aws/cloudtrail/aws_cloudtrail_get_federation_token.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/suzaku/aws/cloudtrail/aws_cloudtrail_get_federation_token.yml


--------------------------------------------------------------------------------
/suzaku/aws/cloudtrail/aws_cloudtrail_get_signin_token.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/suzaku/aws/cloudtrail/aws_cloudtrail_get_signin_token.yml


--------------------------------------------------------------------------------
/suzaku/aws/cloudtrail/aws_cloudtrail_iam_login_profile_created.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/suzaku/aws/cloudtrail/aws_cloudtrail_iam_login_profile_created.yml


--------------------------------------------------------------------------------
/suzaku/aws/cloudtrail/aws_cloudtrail_iam_login_profile_deleted.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/suzaku/aws/cloudtrail/aws_cloudtrail_iam_login_profile_deleted.yml


--------------------------------------------------------------------------------
/suzaku/aws/cloudtrail/aws_cloudtrail_log_settings_modified.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/suzaku/aws/cloudtrail/aws_cloudtrail_log_settings_modified.yml


--------------------------------------------------------------------------------
/suzaku/aws/cloudtrail/aws_cloudtrail_logging_stopped.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/suzaku/aws/cloudtrail/aws_cloudtrail_logging_stopped.yml


--------------------------------------------------------------------------------
/suzaku/aws/cloudtrail/aws_cloudtrail_logs_deleted.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/suzaku/aws/cloudtrail/aws_cloudtrail_logs_deleted.yml


--------------------------------------------------------------------------------
/suzaku/aws/cloudtrail/aws_cloudtrail_many_failed_logins.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/suzaku/aws/cloudtrail/aws_cloudtrail_many_failed_logins.yml


--------------------------------------------------------------------------------
/suzaku/aws/cloudtrail/aws_cloudtrail_many_recon_events.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/suzaku/aws/cloudtrail/aws_cloudtrail_many_recon_events.yml


--------------------------------------------------------------------------------
/suzaku/aws/cloudtrail/aws_cloudtrail_open_ingress_port_22.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/suzaku/aws/cloudtrail/aws_cloudtrail_open_ingress_port_22.yml


--------------------------------------------------------------------------------
/suzaku/aws/cloudtrail/aws_cloudtrail_role_enumeration.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/suzaku/aws/cloudtrail/aws_cloudtrail_role_enumeration.yml


--------------------------------------------------------------------------------
/suzaku/aws/cloudtrail/aws_cloudtrail_user_enumeration.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Yamato-Security/suzaku-rules/HEAD/suzaku/aws/cloudtrail/aws_cloudtrail_user_enumeration.yml


--------------------------------------------------------------------------------