Outdated Dependency Or Vulnerability Alert Disabled
Dependabot performs a scan to detect insecure dependencies, and sends Dependabot alerts. This rule detects when an organization owner disables Dependabot alerts private repositories or Dependabot security updates for all repositories.
Sigma rule (View on GitHub)
1title: Outdated Dependency Or Vulnerability Alert Disabled
2id: 34e1c7d4-0cd5-419d-9f1b-1dad3f61018d
3status: test
4description: |
5 Dependabot performs a scan to detect insecure dependencies, and sends Dependabot alerts.
6 This rule detects when an organization owner disables Dependabot alerts private repositories or Dependabot security updates for all repositories.
7author: Muhammad Faisal (@faisalusuf)
8date: 2023-01-27
9references:
10 - https://docs.github.com/en/code-security/dependabot/dependabot-alerts/about-dependabot-alerts
11 - https://docs.github.com/en/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization
12tags:
13 - attack.initial-access
14 - attack.t1195.001
15logsource:
16 product: github
17 service: audit
18 definition: 'Requirements: The audit log streaming feature must be enabled to be able to receive such logs. You can enable following the documentation here: https://docs.github.com/en/enterprise-cloud@latest/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise#setting-up-audit-log-streaming'
19detection:
20 selection:
21 action:
22 - 'dependabot_alerts_new_repos.disable'
23 - 'dependabot_alerts.disable'
24 - 'dependabot_security_updates_new_repos.disable'
25 - 'dependabot_security_updates.disable'
26 - 'repository_vulnerability_alerts.disable'
27 condition: selection
28falsepositives:
29 - Approved changes by the Organization owner. Please validate the 'actor' if authorized to make the changes.
30level: high
References
-
GitHub sends Dependabot alerts when we detect that your repository uses a vulnerable dependency.
Read More -
You can control features that secure and analyze the code in your organization's projects on GitHub.
Read More
Related rules
- ADSelfService Exploitation
- AWS Suspicious SAML Activity
- Account Disabled or Blocked for Sign in Attempts
- Account Tampering - Suspicious Failed Logon Reasons
- Activity From Anonymous IP Address