Skip to content

[Asimily | IoT Security] (Log Sourced) New CDFs #175

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
mcdequiroz wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Asimily | IoT Security] (Log Sourced) New CDFs #175

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 13 additions & 0 deletions ...mily/IOT Security/Active Device Manufactured by Company Banned for US Government Use.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
title: Active Device Manufactured by Company Banned for US Government Use
description: Asimily detection for active devices manufactured by companies banned for US government use. Detects when such a device is identified by Asimily's threat intelligence.
references: []
logsource:
category: THIRD_PARTY_LOG
product: Asimily
definition: THIRDPARTY_THIRDPARTY
detection:
string_condition_0:
eventName: "*Active Device Manufactured by Company Banned for US Government Use*"
condition: string_condition_0
level: info
taxonomy: tm-v1
13 changes: 13 additions & 0 deletions tm-v1-sigma-rules/third_party_logs/Asimily/IOT Security/Browsing Blacklist Domain.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
title: Browsing Blacklist Domain
description: Asimily detection for browsing blacklist domains. Detects when a device attempts to access a domain that has been flagged as malicious by Asimily's threat intelligence.
references: []
logsource:
category: THIRD_PARTY_LOG
product: Asimily
definition: THIRDPARTY_THIRDPARTY
detection:
string_condition_0:
eventName: "*Browsing Blacklist Domain*"
condition: string_condition_0
level: info
taxonomy: tm-v1
13 changes: 13 additions & 0 deletions tm-v1-sigma-rules/third_party_logs/Asimily/IOT Security/DNS Connection to External IP.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
title: DNS Connection to External IP
description: Asimily detection for DNS connections to external IP addresses. Detects when a DNS connection is made to an IP address that has been flagged as external by Asimily's threat intelligence.
references: []
logsource:
category: THIRD_PARTY_LOG
product: Asimily
definition: THIRDPARTY_THIRDPARTY
detection:
string_condition_0:
ruleName: "*DNS Connection to External IP*"
condition: string_condition_0
level: info
taxonomy: tm-v1
13 changes: 13 additions & 0 deletions tm-v1-sigma-rules/third_party_logs/Asimily/IOT Security/DNS Lookup of Malicious Domain.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
title: DNS Lookup of Malicious Domain
description: Asimily detection for DNS lookups of malicious domains. Detects when a DNS lookup is made for a domain that has been flagged as malicious by Asimily's threat intelligence.
references: []
logsource:
category: THIRD_PARTY_LOG
product: Asimily
definition: THIRDPARTY_THIRDPARTY
detection:
string_condition_0:
eventName: "*DNS Lookup of Malicious Domain*"
condition: string_condition_0
level: info
taxonomy: tm-v1
13 changes: 13 additions & 0 deletions tm-v1-sigma-rules/third_party_logs/Asimily/IOT Security/HTTP Connection to Malicious IP.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
title: HTTP Connection to Malicious IP
description: Asimily detection for HTTP connections to malicious IPs. Detects when an HTTP connection is made to an IP address that has been flagged as malicious by Asimily's threat intelligence.
references: []
logsource:
category: THIRD_PARTY_LOG
product: Asimily
definition: THIRDPARTY_THIRDPARTY
detection:
string_condition_0:
eventName: "*HTTP Connection to Malicious IP*"
condition: string_condition_0
level: info
taxonomy: tm-v1
13 changes: 13 additions & 0 deletions ...sigma-rules/third_party_logs/Asimily/IOT Security/High-Volume External Data Transfer.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
title: High-Volume External Data Transfer
description: Asimily detection for high-volume external data transfers. Detects when a device transfers a large volume of data to an external IP address.
references: []
logsource:
category: THIRD_PARTY_LOG
product: Asimily
definition: THIRDPARTY_THIRDPARTY
detection:
string_condition_0:
ruleName: "*High-Volume External Data Transfer*"
condition: string_condition_0
level: info
taxonomy: tm-v1
14 changes: 14 additions & 0 deletions ..._logs/Asimily/IOT Security/Insecure Communication - Basic HTTP Authentication in Use.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
title: Insecure Communication - Basic HTTP Authentication in Use
description: Asimily detection for devices using basic HTTP authentication. Detects when a device attempts to use basic HTTP authentication, which is considered insecure.
references: []
logsource:
category: THIRD_PARTY_LOG
product: Asimily
definition: THIRDPARTY_THIRDPARTY
detection:
string_condition_0:
category: "*Insecure Communication*"
eventName: "*Basic HTTP Authentication in Use*"
condition: string_condition_0
level: info
taxonomy: tm-v1
14 changes: 14 additions & 0 deletions ...ogs/Asimily/IOT Security/Insecure Communication - Expired SSL-TLS Certificate In Use.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
title: Insecure Communication - Expired SSL-TLS Certificate In Use
description: Asimily detection for devices using expired SSL-TLS certificates. Detects when a device attempts to use an expired SSL-TLS certificate, which is considered insecure.
references: []
logsource:
category: THIRD_PARTY_LOG
product: Asimily
definition: THIRDPARTY_THIRDPARTY
detection:
string_condition_0:
category: "*Insecure Communication*"
eventName: "*Expired SSL-TLS Certificate In Use*"
condition: string_condition_0
level: info
taxonomy: tm-v1
13 changes: 13 additions & 0 deletions ...les/third_party_logs/Asimily/IOT Security/IoMT device Browsing Non-Whitelist Domains.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
title: IoMT device Browsing Non-Whitelist Domains
description: Asimily detection for IoMT devices browsing non-whitelisted domains. Detects when an IoMT device attempts to access a domain that is not on the approved list.
references: []
logsource:
category: THIRD_PARTY_LOG
product: Asimily
definition: THIRDPARTY_THIRDPARTY
detection:
string_condition_0:
eventName: "*IoMT device Browsing Non-Whitelist Domains*"
condition: string_condition_0
level: info
taxonomy: tm-v1
13 changes: 13 additions & 0 deletions ...igma-rules/third_party_logs/Asimily/IOT Security/Possible Exploit Attempt Identified.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
title: Possible Exploit Attempt Identified
description: Asimily detection for possible exploit attempts. Detects when a potential exploit attempt is identified by Asimily's threat intelligence.
references: []
logsource:
category: THIRD_PARTY_LOG
product: Asimily
definition: THIRDPARTY_THIRDPARTY
detection:
string_condition_0:
category: "*Exploit Attempt*"
condition: string_condition_0
level: info
taxonomy: tm-v1
13 changes: 13 additions & 0 deletions ...les/third_party_logs/Asimily/IOT Security/Possible Reconnaissance Attempt Identified.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
title: Possible Reconnaissance Attempt Identified
description: Asimily detection for possible reconnaissance attempts. Detects when a potential reconnaissance attempt is identified by Asimily's threat intelligence.
references: []
logsource:
category: THIRD_PARTY_LOG
product: Asimily
definition: THIRDPARTY_THIRDPARTY
detection:
string_condition_0:
category: "*Reconnaissance Attempt*"
condition: string_condition_0
level: info
taxonomy: tm-v1
13 changes: 13 additions & 0 deletions ...rules/third_party_logs/Asimily/IOT Security/Telnet Connection to or from External IP.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
title: Telnet Connection to or from External IP
description: Asimily detection for Telnet connections to or from external IP addresses. Detects when a Telnet connection is made to or from an IP address that has been flagged as external by Asimily's threat intelligence.
references: []
logsource:
category: THIRD_PARTY_LOG
product: Asimily
definition: THIRDPARTY_THIRDPARTY
detection:
string_condition_0:
eventName: '*Telnet Connection to*from External IP*'
condition: string_condition_0
level: info
taxonomy: tm-v1