LoFP
/
github
github rule
Title
Tags
a self-hosted runner is automatically removed from github if it has not connected to github actions for more than 14 days.
t1078
t1078.004
t1213
t1213.003
t1526
github
sigma
admin can do changes directly to develop branch
t1199
github
splunk
admin can do changes directly to master branch
t1199
github
splunk
allowed administrative activities.
t1020
t1078
t1078.004
t1537
t1562
t1562.001
github
sigma
allowed self-hosted runners changes in the environment.
t1078
t1078.004
t1213
t1213.003
t1526
github
sigma
an ephemeral self-hosted runner is automatically removed from github if it has not connected to github actions for more than 1 day.
t1078
t1078.004
t1213
t1213.003
t1526
github
sigma
approved administrator/owner activities.
t1556
github
sigma
approved changes by the organization owner. please validate the 'actor' if authorized to make the changes.
t1195
t1195.001
github
sigma
organization approved new members
t1136
t1136.003
github
sigma
this detection cloud be noisy depending on the environment. it is recommended to keep a check on the new secrets when created and validate the \"actor\".
t1078
t1078.004
github
sigma
validate the actor if permitted to access the repo.
t1098
t1098.001
t1098.003
t1213
t1213.003
github
sigma
validate the deletion activity is permitted. the \"actor\" field need to be validated.
t1213
t1213.003
github
sigma
validate the multifactor authentication changes.
t1098
t1098.001
t1098.003
t1213
t1213.003
github
sigma
LoFP
/
github