Rule Info
Name
SAML Token Issuer Anomaly
Author
Mark Morowczynski '@markmorow', Gloria Lee, '@gleeiamglo'
Description
Indicates the SAML token issuer for the associated SAML token is potentially compromised. The claims included in the token are unusual or match known attacker patterns
Date
2023-09-03 00:00:00
Modified
None
Id
e3393cba-31f0-4207-831e-aef90ab17a8c
Tags
attack.t1606 attack.credential-access DEMO
Type
Community Rule
Link to Public Repo
Rule History
Author
Title
Date
Commit
Nasreddine Bencherchali
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12
github-actions[bot]
Merge PR #4891 from @nasbench - Promote older rules status from `experimental` to `test`
2024-07-01
Mark Morowczynski
Merge PR #4423 from @MarkMorow - Add Azure AD Identity Protection Rules
2023-09-06