Techniques
Sample rules
Github High Risk Configuration Disabled
- source: sigma
- technicques:
- t1556
Description
Detects when a user disables a critical security feature for an organization.
Detection logic
condition: selection
selection:
action:
- org.advanced_security_policy_selected_member_disabled
- org.disable_oauth_app_restrictions
- org.disable_two_factor_requirement
- repo.advanced_security_disabled