This repository contains Scanner detection rules for Github.
Here are a few examples of the detections that are included in this repository:
- MFA Requirement Disabled
- Audit Log Streaming Endpoint Was Removed
- Secret Scanning Alert Generated
When these detection rules are triggered, alerts are sent to the event sinks you have configured in Scanner. Depending on the alert's severity level, it will be sent to one of these event sink keys:
informational_severity_alertslow_severity_alertsmedium_severity_alertshigh_severity_alertscritical_severity_alertsfatal_severity_alerts
To deploy these rules into your Scanner instance, you can follow the instructions in the Scanner documentation under Detection Rules as Code.