Skip to content

tayontech/threat-detection-repo

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

ย 

History

68 Commits
aws/iam
aws/iam
ย 
ย 
github
github
ย 
ย 
okta
okta
ย 
ย 
README.md
README.md
ย 
ย 

Repository files navigation

๐Ÿ›ก๏ธ Cloud and SaaS Threat Detections Repository

This repository contains a curated collection of threat detection queries designed for Cloud and SaaS application environments. These detections are organized to provide security teams with the ability to identify suspicious and malicious activity.

๐Ÿ“‚ Repository Structure

Detections are organized by the platform they monitor.

Directory Description Examples of Events Monitored
aws/ Detections targeting AWS services. IAM changes, resource creation, privilege escalation.
okta/ Detections for Okta authentication events. Suspicious sign-ons, MFA manipulation, policy changes.
github/ Detections for GitHub Enterprise and repository audits. Repository visibility changes, secret scanning alerts, PAT abuse.
azure/ Detections for Azure/Microsoft 365 events. App consent, unusual mailbox access, brute-force attempts.
gcp/ Detections for Google Cloud Platform events. Storage bucket changes, service account key compromise.
gworkspace/ Detections for Google Workspace activities. External file sharing, unusual Drive access, Admin audit logs.

โš ๏ธ IMPORTANT: Security logs are rarely standardized. You should review and adjust the field names in these queries to match your specific SIEM/log management schema (e.g., Splunk, Sentinel, Panther, or ELK).

๐Ÿš€ Usage

1. Clone the Repository

To get started, clone the repository to your local machine:

git clone https://github.com/tayontech/threat-detections-repo.git
cd threat-detections-repo

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

9 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors