Techniques
Sample rules
Github Commit Changes In Master
- source: splunk
- technicques:
- T1199
Description
This search is to detect a pushed or commit to master or main branch. This is to avoid unwanted modification to master without a review to the changes. Ideally in terms of devsecops the changes made in a branch and do a PR for review. of course in some cases admin of the project may did a changes directly to master branch
Detection logic
`github` branches{}.name = main OR branches{}.name = master
| stats count min(_time) as firstTime max(_time) as lastTime by commit.commit.author.email commit.author.login commit.commit.message repository.pushed_at commit.commit.committer.date repository.full_name
| rename commit.author.login as user, repository.full_name as repository
| `security_content_ctime(firstTime)`
| `security_content_ctime(lastTime)`
| `github_commit_changes_in_master_filter`