11 KiB
11 KiB
| 1 | TenantId | SourceSystem | MG | ManagementGroupName | TimeGenerated [UTC] | Computer | RawData | alertType_defaultSeverity_s | alertType_platform_s | createdTimestamp_d | test_s | Name_s | events_s | status_s | vuid_s | connectorUids_s | alertType_vuid_s | alertType_name_s | alertType_description_s | alertType_severity_s | creationTimestamp_d | Type | _ResourceId |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2 | 08867a2d-b526-4cf5-9f56-1dcb7da90e3f | RestAPI | 11/15/2023, 2:44:17.643 PM | Medium | GitHub | [{"action":{"actionDescription":"A hook's configuration was changed.","actionName":"config_changed","actionType":"hook"},"actorType":"User","actorUser":{"email":"","id":"johnervinvalsec","name":"","orgUnits":null},"aux":{"@timestamp":"2023-11-15T14:44:04.65Z","_document_id":"j2nCu9luZro1I08NmySwug","action":"hook.config_changed","active":"true","actor":"johnervinvalsec","config.content_type":"json","config.insecure_ssl":"0","config.secret":"********","config.url":"https://valencsecurity.com","config_was.content_type":"json","config_was.insecure_ssl":"0","config_was.url":"https://valencsecurity.com","created_at":"2023-11-15T14:44:04.65Z","events[0]":"*","hook_id":"398276950","name":"webhook","operation_type":"modify","org":"kugaorg","org_id":"95769067","organization":"kugaorg","user_agent":"Mozilla/5.0 (Macintosh Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36"},"connectorDisplayName":"Primary","connectorUid":"17___GitHub___FetchAndEDS___Primary","eventId":"j2nCu9luZro1I08NmySwug","eventResult":"Success","eventResultDetails":"","eventSummary":"johnervinvalsec changed configuration for webhook https://valencsecurity.com","eventTime":{"timestamp":1700059444,"timestampKind":"exact"},"ip":"","platform":"GitHub","target":{"email":"","id":"398276950","name":"webhook","orgUnits":null},"targetType":"Configuration","userAgent":"Mozilla/5.0 (Macintosh Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36"}] | Open | VALENCE:_:m2qYgl9JDR:_:ALERT:_:17___GitHub___FetchAndEDS___Primary:_::_:j2nCu9luZro1I08NmySwug | ["17___GitHub___FetchAndEDS___Primary"] | VALENCE:_::_:ALERT_TYPE:_::_::_:hook.config_changed | A webhook's configuration was changed | Webhooks allow external services to receive updates and notifications about events in a GitHub repository. The risk lies in the possibility of a malicious actor gaining unauthorized access to sensitive information or actions within the repository through a compromised webhook. If the webhook's endpoint is not properly secured or is controlled by an attacker, they could intercept sensitive data, inject malicious code into the repository, or trigger unauthorized actions. It's crucial to carefully configure and monitor webhooks, use authentication and encryption, and regularly review and revoke unnecessary or suspicious webhook connections to mitigate these risks and ensure the security of your GitHub repositories. | Medium | 1700059444 | ValenceAlert_CL | ||||||||
| 3 | 08867a2d-b526-4cf5-9f56-1dcb7da90e3f | RestAPI | 11/15/2023, 2:44:18.490 PM | Medium | GitHub | [{"action":{"actionDescription":"A hook's configuration was changed.","actionName":"config_changed","actionType":"hook"},"actorType":"User","actorUser":{"email":"","id":"johnervinvalsec","name":"","orgUnits":null},"aux":{"@timestamp":"2023-11-15T14:43:57.892Z","_document_id":"NUoPCurcVuzC3UUa5M5kwA","action":"hook.config_changed","active":"true","actor":"johnervinvalsec","config.content_type":"json","config.insecure_ssl":"0","config.url":"https://valencsecurity.com","config_was.content_type":"json","config_was.insecure_ssl":"0","config_was.url":"https://valencsecurity.com","created_at":"2023-11-15T14:43:57.892Z","events[0]":"*","hook_id":"398276950","name":"webhook","operation_type":"modify","org":"kugaorg","org_id":"95769067","organization":"kugaorg","user_agent":"Mozilla/5.0 (Macintosh Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36"},"connectorDisplayName":"Primary","connectorUid":"17___GitHub___FetchAndEDS___Primary","eventId":"NUoPCurcVuzC3UUa5M5kwA","eventResult":"Success","eventResultDetails":"","eventSummary":"johnervinvalsec changed configuration for webhook https://valencsecurity.com","eventTime":{"timestamp":1700059437,"timestampKind":"exact"},"ip":"","platform":"GitHub","target":{"email":"","id":"398276950","name":"webhook","orgUnits":null},"targetType":"Configuration","userAgent":"Mozilla/5.0 (Macintosh Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36"}] | Open | VALENCE:_:m2qYgl9JDR:_:ALERT:_:17___GitHub___FetchAndEDS___Primary:_::_:NUoPCurcVuzC3UUa5M5kwA | ["17___GitHub___FetchAndEDS___Primary"] | VALENCE:_::_:ALERT_TYPE:_::_::_:hook.config_changed | A webhook's configuration was changed | Webhooks allow external services to receive updates and notifications about events in a GitHub repository. The risk lies in the possibility of a malicious actor gaining unauthorized access to sensitive information or actions within the repository through a compromised webhook. If the webhook's endpoint is not properly secured or is controlled by an attacker, they could intercept sensitive data, inject malicious code into the repository, or trigger unauthorized actions. It's crucial to carefully configure and monitor webhooks, use authentication and encryption, and regularly review and revoke unnecessary or suspicious webhook connections to mitigate these risks and ensure the security of your GitHub repositories. | Medium | 1700059437 | ValenceAlert_CL | ||||||||
| 4 | 08867a2d-b526-4cf5-9f56-1dcb7da90e3f | RestAPI | 11/15/2023, 2:44:18.529 PM | Medium | GitHub | [{"action":{"actionDescription":"A hook's configured events were changed.","actionName":"events_changed","actionType":"hook"},"actorType":"User","actorUser":{"email":"","id":"johnervinvalsec","name":"","orgUnits":null},"aux":{"@timestamp":"2023-11-15T14:43:51.508Z","_document_id":"gRzAXPESkN2u3C3ghR6Vww","action":"hook.events_changed","active":"true","actor":"johnervinvalsec","config.content_type":"json","config.insecure_ssl":"1","config.url":"https://valencsecurity.com","created_at":"2023-11-15T14:43:51.508Z","events[0]":"push","events_were[0]":"*","hook_id":"398276950","name":"webhook","operation_type":"modify","org":"kugaorg","org_id":"95769067","organization":"kugaorg","user_agent":"Mozilla/5.0 (Macintosh Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36"},"connectorDisplayName":"Primary","connectorUid":"17___GitHub___FetchAndEDS___Primary","eventId":"gRzAXPESkN2u3C3ghR6Vww","eventResult":"Success","eventResultDetails":"","eventSummary":"johnervinvalsec changed webhook webhook events","eventTime":{"timestamp":1700059431,"timestampKind":"exact"},"ip":"","platform":"GitHub","target":{"email":"","id":"398276950","name":"webhook","orgUnits":null},"targetType":"Configuration","userAgent":"Mozilla/5.0 (Macintosh Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36"}] | Open | VALENCE:_:m2qYgl9JDR:_:ALERT:_:17___GitHub___FetchAndEDS___Primary:_::_:gRzAXPESkN2u3C3ghR6Vww | ["17___GitHub___FetchAndEDS___Primary"] | VALENCE:_::_:ALERT_TYPE:_::_::_:hook.events_changed | A webhook's configured events were changed | Webhooks allow external services to receive updates and notifications about events in a GitHub repository. The risk lies in the possibility of a malicious actor gaining unauthorized access to sensitive information or actions within the repository through a compromised webhook. If the webhook's endpoint is not properly secured or is controlled by an attacker, they could intercept sensitive data, inject malicious code into the repository, or trigger unauthorized actions. It's crucial to carefully configure and monitor webhooks, use authentication and encryption, and regularly review and revoke unnecessary or suspicious webhook connections to mitigate these risks and ensure the security of your GitHub repositories. | Medium | 1700059431 | ValenceAlert_CL | ||||||||
| 5 | 08867a2d-b526-4cf5-9f56-1dcb7da90e3f | RestAPI | 11/15/2023, 2:44:18.936 PM | Medium | GitHub | [{"action":{"actionDescription":"A hook's configured events were changed.","actionName":"events_changed","actionType":"hook"},"actorType":"User","actorUser":{"email":"","id":"johnervinvalsec","name":"","orgUnits":null},"aux":{"@timestamp":"2023-11-15T14:43:47.598Z","_document_id":"hYqO_zocN402v7rIuvUOjg","action":"hook.events_changed","active":"true","actor":"johnervinvalsec","config.content_type":"json","config.insecure_ssl":"1","config.url":"https://valencsecurity.com","created_at":"2023-11-15T14:43:47.598Z","events[0]":"*","events_were[0]":"push","hook_id":"398276950","name":"webhook","operation_type":"modify","org":"kugaorg","org_id":"95769067","organization":"kugaorg","user_agent":"Mozilla/5.0 (Macintosh Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36"},"connectorDisplayName":"Primary","connectorUid":"17___GitHub___FetchAndEDS___Primary","eventId":"hYqO_zocN402v7rIuvUOjg","eventResult":"Success","eventResultDetails":"","eventSummary":"johnervinvalsec changed webhook webhook events","eventTime":{"timestamp":1700059427,"timestampKind":"exact"},"ip":"","platform":"GitHub","target":{"email":"","id":"398276950","name":"webhook","orgUnits":null},"targetType":"Configuration","userAgent":"Mozilla/5.0 (Macintosh Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36"}] | Open | VALENCE:_:m2qYgl9JDR:_:ALERT:_:17___GitHub___FetchAndEDS___Primary:_::_:hYqO_zocN402v7rIuvUOjg | ["17___GitHub___FetchAndEDS___Primary"] | VALENCE:_::_:ALERT_TYPE:_::_::_:hook.events_changed | A webhook's configured events were changed | Webhooks allow external services to receive updates and notifications about events in a GitHub repository. The risk lies in the possibility of a malicious actor gaining unauthorized access to sensitive information or actions within the repository through a compromised webhook. If the webhook's endpoint is not properly secured or is controlled by an attacker, they could intercept sensitive data, inject malicious code into the repository, or trigger unauthorized actions. It's crucial to carefully configure and monitor webhooks, use authentication and encryption, and regularly review and revoke unnecessary or suspicious webhook connections to mitigate these risks and ensure the security of your GitHub repositories. | Medium | 1700059427 | ValenceAlert_CL |