bug fix

Patrick Bareiss · Patrick Bareiss · commit 0c12b684589a · 2025-02-21T09:36:24.000+01:00
diff --git a/detections/cloud/github_enterprise_delete_branch_ruleset.yml b/detections/cloud/github_enterprise_delete_branch_ruleset.yml
@@ -43,7 +43,7 @@ rba:
     score: 25
   threat_objects:
   - field: user_agent
-    type: user_agent
+    type: http_user_agent
 tags:
   analytic_story:
   - GitHub Malicious Activity
diff --git a/detections/cloud/github_enterprise_disable_2fa_requirement.yml b/detections/cloud/github_enterprise_disable_2fa_requirement.yml
@@ -41,7 +41,9 @@ rba:
   - field: user
     type: user
     score: 25
-  threat_objects: []
+  threat_objects:
+  - field: user_agent
+    type: http_user_agent
 tags:
   analytic_story:
   - GitHub Malicious Activity
diff --git a/detections/cloud/github_enterprise_disable_audit_log_event_stream.yml b/detections/cloud/github_enterprise_disable_audit_log_event_stream.yml
@@ -41,7 +41,9 @@ rba:
   - field: user
     type: user
     score: 25
-  threat_objects: []
+  threat_objects:
+  - field: user_agent
+    type: http_user_agent
 tags:
   analytic_story:
   - GitHub Malicious Activity
diff --git a/detections/cloud/github_enterprise_disable_classic_branch_protection_rule.yml b/detections/cloud/github_enterprise_disable_classic_branch_protection_rule.yml
@@ -41,7 +41,9 @@ rba:
   - field: user
     type: user
     score: 25
-  threat_objects: []
+  threat_objects:
+  - field: user_agent
+    type: http_user_agent
 tags:
   analytic_story:
   - GitHub Malicious Activity
diff --git a/detections/cloud/github_enterprise_disable_dependabot.yml b/detections/cloud/github_enterprise_disable_dependabot.yml
@@ -39,7 +39,9 @@ rba:
   - field: user
     type: user
     score: 25
-  threat_objects: []
+  threat_objects:
+  - field: user_agent
+    type: http_user_agent
 tags:
   analytic_story:
   - GitHub Malicious Activity
diff --git a/detections/cloud/github_enterprise_disable_ip_allow_list.yml b/detections/cloud/github_enterprise_disable_ip_allow_list.yml
@@ -40,7 +40,9 @@ rba:
   - field: user
     type: user
     score: 25
-  threat_objects: []
+  threat_objects:
+  - field: user_agent
+    type: http_user_agent
 tags:
   analytic_story:
   - GitHub Malicious Activity
diff --git a/detections/cloud/github_enterprise_modify_audit_log_event_stream.yml b/detections/cloud/github_enterprise_modify_audit_log_event_stream.yml
@@ -41,7 +41,9 @@ rba:
   - field: user
     type: user
     score: 25
-  threat_objects: []
+  threat_objects:
+  - field: user_agent
+    type: http_user_agent
 tags:
   analytic_story:
   - GitHub Malicious Activity
diff --git a/detections/cloud/github_enterprise_pause_audit_log_event_stream.yml b/detections/cloud/github_enterprise_pause_audit_log_event_stream.yml
@@ -41,7 +41,9 @@ rba:
   - field: user
     type: user
     score: 25
-  threat_objects: []
+  threat_objects:
+  - field: user_agent
+    type: http_user_agent
 tags:
   analytic_story:
   - GitHub Malicious Activity
diff --git a/detections/cloud/github_enterprise_register_self_hosted_runner.yml b/detections/cloud/github_enterprise_register_self_hosted_runner.yml
@@ -40,7 +40,9 @@ rba:
   - field: user
     type: user
     score: 25
-  threat_objects: []
+  threat_objects:
+  - field: user_agent
+    type: http_user_agent
 tags:
   analytic_story:
   - GitHub Malicious Activity
diff --git a/detections/cloud/github_enterprise_remove_organization.yml b/detections/cloud/github_enterprise_remove_organization.yml
@@ -39,7 +39,9 @@ rba:
   - field: user
     type: user
     score: 25
-  threat_objects: []
+  threat_objects:
+  - field: user_agent
+    type: http_user_agent
 tags:
   analytic_story:
   - GitHub Malicious Activity
diff --git a/detections/cloud/github_enterprise_repository_archived.yml b/detections/cloud/github_enterprise_repository_archived.yml
@@ -42,7 +42,9 @@ rba:
   - field: user
     type: user
     score: 25
-  threat_objects: []
+  threat_objects:
+  - field: user_agent
+    type: http_user_agent
 tags:
   analytic_story:
   - GitHub Malicious Activity
diff --git a/detections/cloud/github_enterprise_repository_deleted.yml b/detections/cloud/github_enterprise_repository_deleted.yml
@@ -39,7 +39,9 @@ rba:
   - field: user
     type: user
     score: 25
-  threat_objects: []
+  threat_objects:
+  - field: user_agent
+    type: http_user_agent
 tags:
   analytic_story:
   - GitHub Malicious Activity
diff --git a/detections/cloud/github_organizations_delete_branch_ruleset.yml b/detections/cloud/github_organizations_delete_branch_ruleset.yml
@@ -41,7 +41,9 @@ rba:
   - field: user
     type: user
     score: 25
-  threat_objects: []
+  threat_objects:
+  - field: user_agent
+    type: http_user_agent
 tags:
   analytic_story:
   - GitHub Malicious Activity
diff --git a/detections/cloud/github_organizations_disable_2fa_requirement.yml b/detections/cloud/github_organizations_disable_2fa_requirement.yml
@@ -40,7 +40,9 @@ rba:
   - field: user
     type: user
     score: 25
-  threat_objects: []
+  threat_objects:
+  - field: user_agent
+    type: http_user_agent
 tags:
   analytic_story:
   - GitHub Malicious Activity
diff --git a/detections/cloud/github_organizations_disable_classic_branch_protection_rule.yml b/detections/cloud/github_organizations_disable_classic_branch_protection_rule.yml
@@ -41,7 +41,9 @@ rba:
   - field: user
     type: user
     score: 25
-  threat_objects: []
+  threat_objects:
+  - field: user_agent
+    type: http_user_agent
 tags:
   analytic_story:
   - GitHub Malicious Activity
diff --git a/detections/cloud/github_organizations_disable_dependabot.yml b/detections/cloud/github_organizations_disable_dependabot.yml
@@ -39,7 +39,9 @@ rba:
   - field: user
     type: user
     score: 25
-  threat_objects: []
+  threat_objects:
+  - field: user_agent
+    type: http_user_agent
 tags:
   analytic_story:
   - GitHub Malicious Activity
diff --git a/detections/cloud/github_organizations_repository_archived.yml b/detections/cloud/github_organizations_repository_archived.yml
@@ -42,7 +42,9 @@ rba:
   - field: user
     type: user
     score: 25
-  threat_objects: []
+  threat_objects:
+  - field: user_agent
+    type: http_user_agent
 tags:
   analytic_story:
   - GitHub Malicious Activity
diff --git a/detections/cloud/github_organizations_repository_deleted.yml b/detections/cloud/github_organizations_repository_deleted.yml
@@ -42,7 +42,9 @@ rba:
   - field: user
     type: user
     score: 25
-  threat_objects: []
+  threat_objects:
+  - field: user_agent
+    type: http_user_agent
 tags:
   analytic_story:
   - GitHub Malicious Activity
