Expanding Security Coverage: New Out-of-the-Box Detection Rules for 12 Log Sources

We're excited to announce a major expansion of Scanner's detection capabilities with ready-to-use rules across 12 critical log sources. This release brings our total to 214 detection rules, covering 11 MITRE ATT&CK tactics and 45 techniques, providing extensive security monitoring across your technology stack.

Detection?Coverage?Across?Your?Cloud?Infrastructure

Our?new?detection?rules?span?four?key?areas:

Cloud?Platforms

Monitor your cloud infrastructure with specialized rules for AWS CloudTrail, Google Cloud Platform, and Microsoft Azure. These rules help you detect suspicious activities, unauthorized access, and potential security violations across your cloud environments.

AWS?CloudTrail?-?Detection?rules?for?AWS?audit?logs?and?CloudTrail?events

• Repository:?scanner-inc/detection-rules-aws-cloudtrail

Google?Cloud?Platform?(GCP)?-?Detection?rules?for?GCP?audit?and?security?logs

• Repository:?scanner-inc/detection-rules-gcp

Microsoft?Azure?-?Detection?rules?for?Azure?activity?and?security?logs

• Repository:?scanner-inc/detection-rules-azure

Identity?and?Access?Management

Strengthen?your?identity?security?with?dedicated?rules?for?Okta,?Auth0,?and?Cisco?Duo.?Track?authentication?patterns,?administrative?changes,?and?potential?account?compromises?across?your?identity?providers.

Okta?-?Detection?rules?for?Okta?authentication?and?administration?events

• Repository:?scanner-inc/detection-rules-okta

Auth0?-?Detection?rules?for?Auth0?authentication?logs

• Repository:?scanner-inc/detection-rules-auth0

Cisco?Duo?-?Detection?rules?for?Duo?Security?authentication?events

• Repository:?scanner-inc/detection-rules-cisco-duo

Collaboration?and?Productivity

Protect your workforce tools with rules for GitHub, Microsoft 365, Slack, and Google Workspace. Monitor sensitive actions, data access, and potential insider threats across your collaboration platforms.

GitHub?-?Detection?rules?for?GitHub?organization?and?repository?events

• Repository:?scanner-inc/detection-rules-github

Microsoft?365?-?Detection?rules?for?Microsoft?365?audit?logs

• Repository:?scanner-inc/detection-rules-microsoft-365

Slack?-?Detection?rules?for?Slack?workspace?events

• Repository:?scanner-inc/detection-rules-slack

Google?Workspace?(formerly?GSuite)?-?Detection?rules?for?Google?Workspace?admin?and?security?logs

• Repository:?scanner-inc/detection-rules-gsuite

Data?and?Infrastructure

Secure your critical data and systems with specialized rules for Snowflake and Windows process creation events. Track database access, system changes, and potentially malicious processes.

Snowflake?-?Detection?rules?for?Snowflake?database?access?and?usage

• Repository:?scanner-inc/detection-rules-snowflake

Windows?Process?Creation?Events?-?Detection?rules?for?Windows?process?creation?events

• Repository:?scanner-inc/detection-rules-windows-process-creation

Flexible?and?Customizable

Every?environment?is?unique,?which?is?why?we've?designed?these?rules?to?be?adaptable:

• Fork?any?repository?to?create?your?customized?version?while?maintaining?upstream?updates
• Enable?or?disable?individual?rules?through?Scanner's?interface
• Adjust?detection?parameters?like?thresholds,?time?windows,?and?severity?levels
• Contribute?improvements?back?to?the?community?through?pull?requests

Getting?Started

All detection rules are available in their respective repositories under the Scanner organization. Simply connect your log sources to Scanner and enable the relevant rules to begin strengthening your security posture.

Start exploring our detection rules today to enhance your security monitoring capabilities. For detailed documentation and implementation guides, visit our documentation on Scanner's Out-of-the-Box Detection Rules.

Join?the?Webinar?on?1/30

Come join us for our webinar on January 30th where we'll talk about setting up detections-as-code with CI/CD in Scanner. We'll demonstrate how to automate your detection engineering workflow and maintain detection rules at scale.