valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 09:48:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
15e61a9681
SigmaHQ/rules/windows/sysmon
History
Florian Roth 15e61a9681 Rule: Certutil Decode in AppData
2017-03-02 11:28:34 +01:00
..
sysmon_certutil_decode.yml Rule: Certutil Decode in AppData 2017-03-02 11:28:34 +01:00
sysmon_mimikatz_detection_lsass.yml Removed Sysmon EventLog from selection > via 'logsource' 2017-03-02 11:06:20 +01:00
sysmon_mimikatz_inmemory_detection.yml Removed Sysmon EventLog from selection > via 'logsource' 2017-03-02 11:06:20 +01:00
sysmon_office_macro_cmd.yml Two new Sysmon rules for Office Macro/PS detection 2017-03-02 11:06:53 +01:00
sysmon_password_dumper_lsass.yml Removed Sysmon EventLog from selection > via 'logsource' 2017-03-02 11:06:20 +01:00
sysmon_powershell_download.yml Two new Sysmon rules for Office Macro/PS detection 2017-03-02 11:06:53 +01:00
sysmon_susp_driver_load.yml Removed Sysmon EventLog from selection > via 'logsource' 2017-03-02 11:06:20 +01:00
sysmon_susp_mmc_source.yml Removed Sysmon EventLog from selection > via 'logsource' 2017-03-02 11:06:20 +01:00
sysmon_vul_java_remote_debugging.yml Removed Sysmon EventLog from selection > via 'logsource' 2017-03-02 11:06:20 +01:00
sysmon_webshell_detection.yml Removed Sysmon EventLog from selection > via 'logsource' 2017-03-02 11:06:20 +01:00
sysmon_webshell_spawn.yml Removed Sysmon EventLog from selection > via 'logsource' 2017-03-02 11:06:20 +01:00