GitHub Security Vulnerability in Repository
| Id | 5436f471-b03d-41cb-b333-65891f887c43 |
| Rulename | GitHub Security Vulnerability in Repository |
| Description | This alerts when there is a new security vulnerability in a GitHub repository. |
| Severity | Informational |
| Tactics | InitialAccess Execution PrivilegeEscalation DefenseEvasion CredentialAccess LateralMovement |
| Techniques | T1190 T1203 T1068 T1211 T1212 T1210 |
| Kind | Scheduled |
| Query frequency | 1h |
| Query period | 1h |
| Trigger threshold | 0 |
| Trigger operator | gt |
| Source Uri | https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/GitHub/Analytic Rules/Security Vulnerability in Repo.yaml |
| Version | 1.0.3 |
| Arm template | 5436f471-b03d-41cb-b333-65891f887c43.json |
GitHubRepo
| where Action == "vulnerabilityAlert"
| project TimeGenerated, DismmisedAt, Reason, vulnerableManifestFilename, Description, Link, PublishedAt, Severity, Summary
kind: Scheduled
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/GitHub/Analytic Rules/Security Vulnerability in Repo.yaml
query: |
GitHubRepo
| where Action == "vulnerabilityAlert"
| project TimeGenerated, DismmisedAt, Reason, vulnerableManifestFilename, Description, Link, PublishedAt, Severity, Summary
requiredDataConnectors: []
tactics:
- InitialAccess
- Execution
- PrivilegeEscalation
- DefenseEvasion
- CredentialAccess
- LateralMovement
name: GitHub Security Vulnerability in Repository
relevantTechniques:
- T1190
- T1203
- T1068
- T1211
- T1212
- T1210
severity: Informational
entityMappings:
- fieldMappings:
- identifier: Url
columnName: Link
entityType: URL
queryFrequency: 1h
description: |
'This alerts when there is a new security vulnerability in a GitHub repository.'
triggerThreshold: 0
triggerOperator: gt
version: 1.0.3
queryPeriod: 1h
id: 5436f471-b03d-41cb-b333-65891f887c43