| .. |
|
sigma_av_exploiting.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_av_password_dumper.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_av_relevant_files.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_av_webshell.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_mal_azorult_reg.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_powershell_alternate_powershell_hosts.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_powershell_clear_powershell_history.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_powershell_create_local_user.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_powershell_data_compressed.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_powershell_dnscat_execution.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_powershell_downgrade_attack.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_powershell_exe_calling_ps.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_powershell_invoke_obfuscation_obfuscated_iex.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_powershell_malicious_commandlets.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_powershell_malicious_keywords.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_powershell_nishang_malicious_commandlets.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_powershell_ntfs_ads_access.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_powershell_prompt_credentials.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_powershell_psattack.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_powershell_remote_powershell_session.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_powershell_shellcode_b64.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_powershell_suspicious_download.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_powershell_suspicious_invocation_generic.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_powershell_suspicious_invocation_specific.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_powershell_suspicious_keywords.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_powershell_suspicious_profile_create.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_powershell_winlogon_helper_dll.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_powershell_wmimplant.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_powershell_xor_commandline.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_abusing_azure_browser_sso.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_ads_executable.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_alternate_powershell_hosts_pipe.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_apt_leviathan.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_apt_muddywater_dnstunnel.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_apt_oceanlotus_registry.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_apt_pandemic.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_apt_turla_namedpipes.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_asep_reg_keys_modification.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_cactustorch.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_cmstp_execution.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_cobaltstrike_process_injection.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_comhijack_sdclt.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_createremotethread_loadlibrary.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_creation_system_file.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_cred_dump_lsass_access.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_cred_dump_tools_dropped_files.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_cred_dump_tools_named_pipes.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_cve-2020-1048.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_dhcp_calloutdll.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_disable_security_events_logging_adding_reg_key_minint.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_dllhost_net_connections.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_dns_serverlevelplugindll.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_etw_disabled.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_ghostpack_safetykatz.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_hack_dumpert.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_hack_wce_reg.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_hack_wce.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_in_memory_assembly_execution.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_in_memory_powershell.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_invoke_phantom.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_lazagne_cred_dump_lsass_access.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_logon_scripts_userinitmprlogonscript_proc.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_logon_scripts_userinitmprlogonscript_reg.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_lsass_memdump.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_lsass_memory_dump_file_creation.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_mal_namedpipes.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_malware_backconnect_ports.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_malware_verclsid_shellcode.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_mimikatz_detection_lsass.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_mimikatz_trough_winrm.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_narrator_feedback_persistance.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_new_dll_added_to_appcertdlls_registry_key.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_new_dll_added_to_appinit_dlls_registry_key.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_notepad_network_connection.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_office_persistence.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_password_dumper_lsass.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_possible_dns_rebinding.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_possible_privilege_escalation_via_service_registry_permissions_weakness.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_powershell_execution_moduleload.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_powershell_exploit_scripts.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_powershell_network_connection.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_quarkspw_filedump.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_raw_disk_access_using_illegitimate_tools.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_rdp_registry_modification.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_rdp_reverse_tunnel.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_rdp_settings_hijack.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_redmimicry_winnti_filedrop.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_redmimicry_winnti_reg.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_reg_office_security.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_registry_persistence_key_linking.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_registry_persistence_search_order.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_registry_trust_record_modification.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_regsvr32_network_activity.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_remote_powershell_session_network.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_rundll32_net_connections.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_ssp_added_lsa_config.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_stickykey_like_backdoor.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_susp_adsi_cache_usage.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_susp_desktop_ini.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_susp_download_run_key.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_susp_driver_load.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_susp_fax_dll.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_susp_image_load.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_susp_lsass_dll_load.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_susp_mic_cam_access.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_susp_office_dotnet_assembly_dll_load.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_susp_office_dotnet_clr_dll_load.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_susp_office_dotnet_gac_dll_load.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_susp_office_dsparse_dll_load.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_susp_office_kerberos_dll_load.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_susp_powershell_rundll32.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_susp_prog_location_network_connection.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_susp_rdp.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_susp_reg_persist_explorer_run.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_susp_run_key_img_folder.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_susp_service_installed.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_susp_winword_vbadll_load.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_susp_winword_wmidll_load.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_suspicious_dbghelp_dbgcore_load.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_suspicious_keyboard_layout_load.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_suspicious_outbound_kerberos_connection.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_suspicious_remote_thread.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_svchost_dll_search_order_hijack.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_sysinternals_eula_accepted.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_tsclient_filewrite_startup.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_uac_bypass_eventvwr.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_uac_bypass_sdclt.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_unsigned_image_loaded_into_lsass.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_webshell_creation_detect.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_win_binary_github_com.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_win_binary_susp_com.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_win_reg_persistence.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_wmi_event_subscription.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_wmi_module_load.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_wmi_persistence_commandline_event_consumer.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_wmi_persistence_script_event_consumer_write.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_sysmon_wmi_susp_scripting.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_account_backdoor_dcsync_rights.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_account_discovery.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_ad_object_writedac_access.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_ad_replication_non_machine_account.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_ad_user_enumeration.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_admin_rdp_login.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_admin_share_access.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_advanced_ip_scanner.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_alert_active_directory_user_control.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_alert_ad_user_backdoors.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_alert_enable_weak_encryption.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_alert_lsass_access.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_alert_mimikatz_keywords.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_alert_ruler.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_applocker_file_was_not_allowed_to_run.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_apt_apt29_thinktanks.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_apt_babyshark.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_apt_bear_activity_gtr19.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_apt_bluemashroom.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_apt_carbonpaper_turla.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_apt_chafer_mar18.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_apt_cloudhopper.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_apt_dragonfly.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_apt_elise.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_apt_emissarypanda_sep19.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_apt_empiremonkey.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_apt_equationgroup_dll_u_load.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_apt_evilnum_jul20.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_apt_gallium.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_apt_greenbug_may20.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_apt_hurricane_panda.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_apt_judgement_panda_gtr19.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_apt_ke3chang_regadd.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_apt_lazarus_session_highjack.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_apt_mustangpanda.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_apt_slingshot.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_apt_sofacy.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_apt_stonedrill.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_apt_ta17_293a_ps.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_apt_taidoor.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_apt_tropictrooper.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_apt_turla_comrat_may20.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_apt_turla_service_png.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_apt_unidentified_nov_18.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_apt_winnti_mal_hk_jan20.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_apt_winnti_pipemon.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_apt_wocao.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_apt_zxshell.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_atsvc_task.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_attrib_hiding_files.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_audit_cve.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_av_relevant_match.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_bootconf_mod.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_bypass_squiblytwo.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_change_default_file_association.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_cmdkey_recon.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_cmstp_com_object_access.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_commandline_path_traversal.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_control_panel_item.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_copying_sensitive_files_with_credential_data.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_crime_fireball.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_crime_maze_ransomware.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_crime_snatch_ransomware.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_data_compressed_with_rar.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_dcsync.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_defender_amsi_trigger.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_defender_bypass.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_defender_disabled.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_defender_history_delete.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_defender_psexec_wmi_asr.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_defender_threat.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_disable_event_logging.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_dns_exfiltration_tools_execution.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_dnscat2_powershell_implementation.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_dpapi_domain_backupkey_extraction.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_dpapi_domain_masterkey_backup_attempt.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_dsquery_domain_trust_discovery.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_encoded_frombase64string.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_encoded_iex.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_etw_modification_cmdline.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_etw_modification.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_etw_trace_evasion.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_exfiltration_and_tunneling_tools_execution.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_exploit_cve_2015_1641.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_exploit_cve_2017_0261.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_exploit_cve_2017_8759.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_exploit_cve_2017_11882.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_exploit_cve_2019_1378.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_exploit_cve_2019_1388.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_exploit_cve_2020_1048.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_exploit_cve_2020_1350.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_exploit_cve_2020_10189.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_external_device.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_file_permission_modifications.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_global_catalog_enumeration.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_GPO_scheduledtasks.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_grabbing_sensitive_hives_via_reg.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_hack_bloodhound.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_hack_koadic.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_hack_rubeus.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_hack_secutyxploded.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_hack_smbexec.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_hh_chm.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_hktl_createminidump.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_html_help_spawn.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_hwp_exploits.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_impacket_lateralization.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_impacket_secretdump.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_indirect_cmd.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_install_reg_debugger_backdoor.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_interactive_at.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_invoke_obfuscation_obfuscated_iex_commandline.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_invoke_obfuscation_obfuscated_iex_services.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_kernel_and_3rd_party_drivers_exploits_token_stealing.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_lethalhta.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_lm_namedpipe.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_local_system_owner_account_discovery.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_lsass_access_non_system_account.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_lsass_dump.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_mal_adwind.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_mal_blue_mockingbird.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_mal_creddumper.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_mal_flowcloud.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_mal_octopus_scanner.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_mal_ryuk.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_mal_service_installs.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_mal_ursnif.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_mal_wceaux_dll.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_malware_dridex.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_malware_dtrack.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_malware_emotet.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_malware_formbook.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_malware_notpetya.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_malware_qbot.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_malware_ryuk.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_malware_script_dropper.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_malware_trickbot_recon_activity.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_malware_trickbot_wermgr.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_malware_wannacry.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_mavinject_proc_inj.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_metasploit_authentication.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_meterpreter_or_cobaltstrike_getsystem_service_installation.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_meterpreter_or_cobaltstrike_getsystem_service_start.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_mimikatz_command_line.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_mmc20_lateral_movement.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_mmc_spawn_shell.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_mouse_lock.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_mshta_javascript.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_mshta_spawn_shell.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_multiple_suspicious_cli.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_net_enum.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_net_ntlm_downgrade.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_net_user_add.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_netsh_allow_port_rdp.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_netsh_fw_add_susp_image.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_netsh_fw_add.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_netsh_packet_capture.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_netsh_port_fwd_3389.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_netsh_port_fwd.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_netsh_wifi_credential_harvesting.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_network_sniffing.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_new_or_renamed_user_account_with_dollar_sign.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_new_service_creation.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_non_interactive_powershell.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_not_allowed_rdp_access.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_office_shell.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_office_spawn_exe_from_users_directory.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_overpass_the_hash.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_pass_the_hash_2.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_pass_the_hash.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_pcap_drivers.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_plugx_susp_exe_locations.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_possible_applocker_bypass.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_possible_dc_shadow.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_possible_privilege_escalation_using_rotten_potato.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_powershell_amsi_bypass.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_powershell_audio_capture.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_powershell_b64_shellcode.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_powershell_bitsjob.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_powershell_dll_execution.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_powershell_downgrade_attack.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_powershell_download.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_powershell_frombase64string.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_powershell_suspicious_parameter_variation.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_powershell_web_request.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_powershell_xor_commandline.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_powersploit_empire_schtasks.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_proc_wrong_parent.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_process_creation_bitsadmin_download.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_process_dump_rundll32_comsvcs.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_protected_storage_service_access.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_psexesvc_start.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_quarkspwdump_clearing_hive_access_history.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_query_registry.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_rare_schtask_creation.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_rare_schtasks_creations.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_rare_service_installs.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_rdp_bluekeep_poc_scanner.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_rdp_hijack_shadowing.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_rdp_localhost_login.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_rdp_potential_cve-2019-0708.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_rdp_reverse_tunnel.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_redmimicry_winnti_proc.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_register_new_logon_process_by_rubeus.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_remote_powershell_session_process.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_remote_powershell_session.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_remote_registry_management_using_reg_utility.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_remote_time_discovery.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_renamed_binary_highly_relevant.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_renamed_binary.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_renamed_jusched.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_renamed_paexec.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_renamed_powershell.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_renamed_procdump.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_renamed_psexec.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_run_powershell_script_from_ads.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_sam_registry_hive_handle_request.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_scm_database_handle_failure.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_scm_database_privileged_operation.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_sdbinst_shim_persistence.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_service_execution.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_service_stop.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_shadow_copies_access_symlink.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_shadow_copies_creation.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_shadow_copies_deletion.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_shell_spawn_susp_program.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_silenttrinity_stage_use.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_soundrec_audio_capture.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_spn_enum.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_add_domain_trust.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_add_sid_history.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_adfind.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_backup_delete.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_bcdedit.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_bginfo.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_calc.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_cdb.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_certutil_command.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_certutil_encode.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_cli_escape.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_cmd_http_appdata.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_codeintegrity_check_failure.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_codepage_switch.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_commands_recon_activity.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_compression_params.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_comsvcs_procdump.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_control_dll_load.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_copy_lateral_movement.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_copy_system32.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_covenant.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_crackmapexec_execution.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_crackmapexec_powershell_obfuscation.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_csc_folder.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_csc.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_curl_download.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_curl_fileupload.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_curl_start_combo.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_dctask64_proc_inject.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_desktopimgdownldr_file.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_desktopimgdownldr.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_devtoolslauncher.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_dhcp_config_failed.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_dhcp_config.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_direct_asep_reg_keys_modification.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_disable_ie_features.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_ditsnap.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_dns_config.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_dnx.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_double_extension.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_dsrm_password_change.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_dxcap.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_esentutl_activity.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_eventlog_clear.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_eventlog_cleared.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_exec_folder.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_execution_path_webserver.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_execution_path.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_explorer_break_proctree.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_failed_logon_reasons.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_failed_logon_source.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_failed_logons_single_source.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_file_characteristics.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_findstr_lnk.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_firewall_disable.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_fsutil_usage.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_gup.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_interactive_logons.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_iss_module_install.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_kerberos_manipulation.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_ldap_dataexchange.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_local_anon_logon_created.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_lsass_dump_generic.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_lsass_dump.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_mpcmdrun_download.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_mshta_execution.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_msiexec_cwd.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_msiexec_web_install.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_msmpeng_crash.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_msoffice.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_net_execution.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_net_recon_activity.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_netsh_dll_persistence.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_ntdsutil.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_ntlm_auth.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_ntlm_rdp.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_odbcconf.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_openwith.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_outlook_temp.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_outlook.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_ping_hex_ip.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_powershell_empire_launch.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_powershell_empire_uac_bypass.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_powershell_enc_cmd.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_powershell_encoded_param.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_powershell_hidden_b64_cmd.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_powershell_parent_combo.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_powershell_parent_process.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_procdump.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_prog_location_process_starts.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_ps_appdata.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_ps_downloadfile.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_psexec.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_psr_capture_screenshots.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_raccess_sensitive_fext.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_rar_flags.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_rasdial_activity.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_rc4_kerberos.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_recon_activity.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_regsvr32_anomalies.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_regsvr32_flags_anomaly.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_renamed_dctask64.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_renamed_debugview.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_rottenpotato.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_run_locations.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_rundll32_activity.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_rundll32_by_ordinal.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_sam_dump.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_schtask_creation.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_script_execution.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_sdelete.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_security_eventlog_cleared.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_service_path_modification.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_squirrel_lolbin.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_svchost_no_cli.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_svchost.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_sysprep_appdata.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_sysvol_access.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_taskmgr_localsystem.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_taskmgr_parent.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_time_modification.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_tscon_localsystem.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_tscon_rdp_redirect.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_use_of_csharp_console.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_userinit_child.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_vssadmin_ntds_activity.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_whoami.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_wmi_execution.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_wmi_login.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_susp_wmic_proc_create_rundll32.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_suspicious_outbound_kerberos_connection.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_svcctl_remote_service.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_syskey_registry_access.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_sysmon_driver_unload.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_system_exe_anomaly.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_tap_driver_installation.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_tap_installer_execution.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_task_folder_evasion.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_termserv_proc_spawn.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_tool_psexec.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_transferring_files_with_credential_data_via_network_shares.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_trust_discovery.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_uac_cmstp.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_uac_fodhelper.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_uac_wsreset.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_usb_device_plugged.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_user_added_to_local_administrators.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_user_couldnt_call_privileged_service_lsaregisterlogonprocess.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_user_creation.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_user_driver_loaded.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_using_sc_to_change_sevice_image_path_by_non_admin.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_vul_cve_2020_0688.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_vul_cve_2020_1472.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_vul_java_remote_debugging.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_webshell_detection.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_webshell_recon_detection.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_webshell_spawn.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_whoami_as_system.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_win10_sched_task_0day.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_wmi_backdoor_exchange_transport_agent.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_wmi_persistence_script_event_consumer.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_wmi_persistence.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_wmi_spwns_powershell.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_wmiprvse_spawning_process.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_workflow_compiler.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_wsreset_uac_bypass.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
|
sigma_win_xsl_script_processing.yml
|
123
|
2020-12-03 01:43:30 +03:00 |
