valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 17:58:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1cb631017a
SigmaHQ/rules/windows/registry_event
History
Wojciech Lesicki 7c8f9b2d8c
Merge branch 'SigmaHQ:master' into master
2021-06-29 11:05:42 +02:00
..
sysmon_apt_leviathan.yml att&ck tags review: windows/registry_event 2020-09-06 22:10:44 +03:00
sysmon_apt_oceanlotus_registry.yml Update sysmon_apt_oceanlotus_registry.yml 2020-11-20 01:51:53 -03:00
sysmon_apt_pandemic.yml Update sysmon_apt_pandemic.yml 2020-07-16 08:48:32 +02:00
sysmon_asep_reg_keys_modification.yml Fixes and improvements 2021-04-03 00:08:55 +02:00
sysmon_bypass_via_wsreset.yml Some fixes for rules 2020-10-14 19:06:59 +03:00
sysmon_cmstp_execution.yml Fixes and improvements 2021-04-03 00:08:55 +02:00
sysmon_cobaltstrike_service_installs.yml CobaltStrike Service Installations in Registry 2021-06-29 10:52:10 +02:00
sysmon_comhijack_sdclt.yml feat: generic registry events compatible with native audit logging 2021-04-26 09:31:36 +02:00
sysmon_cve-2020-1048.yml feat: generic registry events compatible with native audit logging 2021-04-26 09:31:36 +02:00
sysmon_dhcp_calloutdll.yml Update sysmon_dhcp_calloutdll.yml 2020-10-15 20:02:58 -03:00
sysmon_disable_microsoft_office_security_features.yml T1562.001 Atomic Test #18 - Disable Microsoft Office Security Features 2021-06-08 09:32:01 +02:00
sysmon_disable_security_events_logging_adding_reg_key_minint.yml fixed various spelling errors all over rules and source code 2021-02-24 14:43:13 +00:00
sysmon_disable_wdigest_credential_guard.yml 13 Rules from THP - Backlog Rules (old) 2020-10-13 03:33:55 -04:00
sysmon_dns_serverlevelplugindll.yml Update sysmon_dns_serverlevelplugindll.yml 2020-11-28 13:46:02 -03:00
sysmon_enabling_cor_profiler_env_variables.yml Fixes&improvements 2021-04-08 01:06:40 +02:00
sysmon_etw_disabled.yml refactor: sysmon rule cleanup > generlization 2020-07-01 10:58:39 +02:00
sysmon_hack_wce_reg.yml Fixes and improvements 2021-04-03 00:08:55 +02:00
sysmon_hybridconnectionmgr_svc_installation.yml HybridConnectionMgr Service Activity 2021-04-12 16:26:15 -04:00
sysmon_logon_scripts_userinitmprlogonscript_reg.yml Update sysmon_logon_scripts_userinitmprlogonscript_reg.yml 2020-10-15 20:04:05 -03:00
sysmon_modify_screensaver_binary_path.yml remove redundant reference 2020-10-11 23:39:08 +02:00
sysmon_narrator_feedback_persistance.yml att&ck tags review: windows/registry_event 2020-09-06 22:10:44 +03:00
sysmon_new_application_appcompat.yml Clean-up service: sysmon as it will be replaced by filling the category 2021-04-15 02:02:25 +02:00
sysmon_new_dll_added_to_appcertdlls_registry_key.yml fixed various spelling errors all over rules and source code 2021-02-24 14:43:13 +00:00
sysmon_new_dll_added_to_appinit_dlls_registry_key.yml Merge branch 'oscd' 2021-03-02 22:58:41 +03:00
sysmon_office_test_regadd.yml Update sysmon_office_test_regadd.yml 2020-11-29 18:02:37 +05:30
sysmon_office_vsto_persistence.yml fix: rule FPs with Stealthy VSTO Persistence 2021-06-01 13:58:35 +02:00
sysmon_possible_privilege_escalation_via_service_registry_permissions_weakness.yml att&ck tags review: windows/registry_event 2020-09-06 22:10:44 +03:00
sysmon_powershell_as_service.yml Fix falsepositives list 2021-05-21 11:15:10 +02:00
sysmon_rdp_registry_modification.yml Update Threat Hunter Playbook Reference 2021-05-22 01:09:30 -03:00
sysmon_rdp_settings_hijack.yml Update sysmon_rdp_settings_hijack.yml 2020-10-15 20:04:57 -03:00
sysmon_redmimicry_winnti_reg.yml fix: renamed files and lien break change 2020-07-01 09:48:48 +02:00
sysmon_reg_office_security.yml feat: generic registry events compatible with native audit logging 2021-04-26 09:31:36 +02:00
sysmon_reg_silentprocessexit_lsass.yml feat: generic registry events compatible with native audit logging 2021-04-26 09:31:36 +02:00
sysmon_reg_silentprocessexit.yml feat: generic registry events compatible with native audit logging 2021-04-26 09:31:36 +02:00
sysmon_reg_vbs_payload_stored.yml fix: wrong conditions 2021-03-05 11:55:49 +01:00
sysmon_registry_add_local_hidden_user.yml registry_event is a category 2021-05-12 08:51:38 +02:00
sysmon_registry_persistence_key_linking.yml Merge branch 'oscd' 2021-03-02 22:58:41 +03:00
sysmon_registry_persistence_search_order.yml Grouping filters 2021-05-01 21:05:34 +02:00
sysmon_registry_trust_record_modification.yml att&ck tags review: windows/registry_event 2020-09-06 22:10:44 +03:00
sysmon_removal_amsi_registry_key.yml T1562.001 Remove the AMSI Provider registry key in HKLM\Software\Microsoft\AMSI to disable AMSI inspection 2021-06-07 10:09:21 +02:00
sysmon_removal_com_hijacking_registry_key.yml Clean-up service: sysmon as it will be replaced by filling the category 2021-04-15 02:02:25 +02:00
sysmon_runkey_winekey.yml ryuk changes 2020-10-30 13:15:11 +05:30
sysmon_runonce_persistence.yml feat: generic registry events compatible with native audit logging 2021-04-26 09:31:36 +02:00
sysmon_ssp_added_lsa_config.yml att&ck tags review: windows/registry_event 2020-09-06 22:10:44 +03:00
sysmon_stickykey_like_backdoor.yml feat: generic registry events compatible with native audit logging 2021-04-26 09:31:36 +02:00
sysmon_susp_atbroker_change.yml fix typo of level 2021-05-24 10:45:58 +02:00
sysmon_susp_download_run_key.yml Fixes and improvements 2021-04-03 00:08:55 +02:00
sysmon_susp_lsass_dll_load.yml Update sysmon_susp_lsass_dll_load.yml 2020-10-15 20:08:12 -03:00
sysmon_susp_mic_cam_access.yml Merge branch 'oscd' 2021-03-02 22:58:41 +03:00
sysmon_susp_reg_persist_explorer_run.yml Update sysmon_susp_reg_persist_explorer_run.yml 2020-11-28 13:52:36 -03:00
sysmon_susp_run_key_img_folder.yml Update sysmon_susp_run_key_img_folder.yml 2020-11-28 13:54:59 -03:00
sysmon_susp_service_installed.yml Update sysmon_susp_service_installed.yml 2020-11-20 01:38:17 -03:00
sysmon_suspicious_keyboard_layout_load.yml Remove additional backlash 2020-11-20 01:38:57 -03:00
sysmon_sysinternals_eula_accepted.yml Update sysmon_sysinternals_eula_accepted.yml 2020-10-15 20:10:44 -03:00
sysmon_sysinternals_sdelete_registry_keys.yml registry_event is a category 2021-05-12 08:36:42 +02:00
sysmon_taskcache_entry.yml Merge fixes for Rules 2021-06-16 10:45:20 +05:00
sysmon_uac_bypass_eventvwr.yml Update sysmon_uac_bypass_eventvwr.yml 2020-11-20 01:41:20 -03:00
sysmon_uac_bypass_sdclt.yml Update sysmon_uac_bypass_sdclt.yml 2020-11-20 01:42:17 -03:00
sysmon_volume_shadow_copy_service_keys.yml fix: FPs with Volume Shadow Copy Service Keys 2021-06-02 13:04:05 +02:00
sysmon_wab_dllpath_reg_change.yml Fix falsepositives list 2021-05-21 11:12:04 +02:00
sysmon_wdigest_enable_uselogoncredential.yml duplicate uuid 2dbd9d3d-9e27-42a8-b8df-f13825c6c3d5 2021-05-27 20:59:26 +02:00
sysmon_win_reg_persistence.yml feat: generic registry events compatible with native audit logging 2021-04-26 09:31:36 +02:00
sysmon_win_reg_telemetry_persistence.yml feat: generic registry events compatible with native audit logging 2021-04-26 09:31:36 +02:00
win_outlook_c2_registry_key.yml Renamed file to all lowercase 2021-06-10 16:35:02 +02:00
win_outlook_registry_todaypage.yml Removed EventIDs 2021-06-10 16:41:00 +02:00
win_outlook_registry_webview.yml Removed EventIDs 2021-06-10 16:41:00 +02:00
win_portproxy_registry_key.yml Add Synergy as possible FP for PortProxy key 2021-06-28 12:10:16 +02:00