Skip to content

github-new-rules #5018

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 19 commits into
base: master
Choose a base branch
from
Open

github-new-rules #5018

wants to merge 19 commits into from

Conversation

saakovv
Copy link
Contributor

@saakovv saakovv commented Sep 20, 2024
edited
Loading

Summary of the Pull Request

  • Detects when GitHub Pages of a repository are made public, which may indicate potential unauthorized exposure of sensitive information or code.

  • Detects when a GitHub repository is archived or unarchived, which may indicate unauthorized changes to repository status.

Changelog

Example Log Event

1

{ [-]
action: archived
enterprise: { [-]
avatar_url: https://avatars.githubusercontent.com/
created_at: 2023-06-22
description: null
html_url: https://github.com/enterprises/XXX
id: 50XXX
name: XXX
node_id: E_XXX
slug: XXX
updated_at: 2023-07-27
website_url: XXX
}
organization: { [+]
}
repository: { [+]
}
sender: { [+]
}
}

2

{ [-]
action: unarchived
enterprise: { [-]
avatar_url: https://avatars.githubusercontent.com/
created_at: 2023-06-22
description: null
html_url: https://github.com/enterprises/XXX
id: 50XXX
name: XXX
node_id: E_XXX
slug: XXX
updated_at: 2023-07-27
website_url: null
}
organization: { [+]
}
repository: { [+]
}
sender: { [+]
}
}

3
{
@timestamp: 17212432969
_document_id: n9gWerm
action: repo.pages_public
actor: XXX
actor_id: XXX
actor_is_bot: false
business: XXX
business_id: XXX
created_at: 17212432969
external_identity_nameid: XXX
external_identity_username: null
operation_type: modify
org: XXX
org_id: XXX
public_repo: true
repo: XXX
repo_id: 830148486
user_agent: Mozilla/5.0 (Windows NT 10.0 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko)
visibility: public
}

Fixed Issues

SigmaHQ Rule Creation Conventions

  • If your PR adds new rules, please consider following and applying these conventions

@github-actions github-actions bot added the Rules label Sep 20, 2024
@nasbench nasbench added the Work In Progress Some changes are needed label Sep 22, 2024
@nasbench nasbench self-assigned this Sep 22, 2024
@saakovv
Copy link
Contributor Author

saakovv commented Sep 22, 2024

fixed
status: experimental

@saakovv
Copy link
Contributor Author

saakovv commented Oct 19, 2024

Hi!
@nasbench , any updates on this review? do you need anything else from me?

@nasbench
Copy link
Member

In progress :)

@saakovv
Copy link
Contributor Author

saakovv commented Feb 23, 2025

@nasbench
I have added a link to such a reference, it may be useful.

https://www.sentinelone.com/blog/exploiting-repos-6-ways-threat-actors-abuse-github-other-devops-platforms

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nasbench nasbench nasbench left review comments

Assignees

@nasbench nasbench

Labels
Rules Work In Progress Some changes are needed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@saakovv @nasbench