valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 02:08:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
2d44803bf5
SigmaHQ/rules/windows/image_load
History
Florian Roth adbdb5b22f
Merge branch 'master' into falsepositives_NOT_a_list
2021-05-27 10:23:19 +02:00
..
sysmon_abusing_azure_browser_sso.yml Fixes&improvements 2021-04-08 01:06:40 +02:00
sysmon_alternate_powershell_hosts_moduleload.yml Merge pull request #1475 from wagga40/master 2021-05-14 08:59:39 +02:00
sysmon_in_memory_powershell.yml Update sysmon_in_memory_powershell.yml 2020-10-18 01:16:11 +03:00
sysmon_mimikatz_inmemory_detection.yml Update sysmon_mimikatz_inmemory_detection.yml 2020-10-15 16:05:11 -03:00
sysmon_pcre_net_load.yml Fix falsepositives list 2021-05-21 12:32:24 +02:00
sysmon_powershell_execution_moduleload.yml Update Threat Hunter Playbook Reference 2021-05-22 01:01:07 -03:00
sysmon_scrcons_imageload_wmi_scripteventconsumer.yml Fixes&improvements 2021-04-08 01:06:40 +02:00
sysmon_susp_fax_dll.yml att&ck tags review: windows/builtin, windows/driver_load, windows/file_event, windows/image_load, windows/other 2020-08-25 01:09:17 +02:00
sysmon_susp_image_load.yml Clean-up service: sysmon as it will be replaced by filling the category 2021-04-15 02:02:25 +02:00
sysmon_susp_office_dotnet_assembly_dll_load.yml Remove additional backslash 2020-11-19 23:08:40 -03:00
sysmon_susp_office_dotnet_clr_dll_load.yml Update sysmon_susp_office_dotnet_clr_dll_load.yml 2020-10-15 16:06:47 -03:00
sysmon_susp_office_dotnet_gac_dll_load.yml Update sysmon_susp_office_dotnet_gac_dll_load.yml 2020-10-15 16:07:10 -03:00
sysmon_susp_office_dsparse_dll_load.yml Update sysmon_susp_office_dsparse_dll_load.yml 2020-10-27 22:13:02 -03:00
sysmon_susp_office_kerberos_dll_load.yml Update sysmon_susp_office_kerberos_dll_load.yml 2020-10-15 16:09:03 -03:00
sysmon_susp_python_image_load.yml image_load is a category 2021-05-12 08:59:51 +02:00
sysmon_susp_script_dotnet_clr_dll_load.yml adding slashes 2020-10-15 17:51:21 +05:30
sysmon_susp_system_drawing_load.yml - Modified rules to use categories instead of hardcoded event IDs 2021-04-15 01:40:31 +02:00
sysmon_susp_winword_vbadll_load.yml Update sysmon_susp_winword_vbadll_load.yml 2020-10-15 16:09:21 -03:00
sysmon_susp_winword_wmidll_load.yml Merge branch 'oscd' 2021-03-02 22:58:41 +03:00
sysmon_suspicious_dbghelp_dbgcore_load.yml att&ck tags review: windows/builtin, windows/driver_load, windows/file_event, windows/image_load, windows/other 2020-08-25 01:09:17 +02:00
sysmon_svchost_dll_search_order_hijack.yml Fixes and improvements 2021-04-03 00:08:55 +02:00
sysmon_tttracer_mod_load.yml Update sysmon_tttracer_mod_load.yml 2020-10-09 09:34:05 +03:00
sysmon_uac_bypass_via_dism.yml Fixes and improvements 2021-04-03 00:08:55 +02:00
sysmon_uipromptforcreds_dlls.yml Fixes&improvements 2021-04-08 01:06:40 +02:00
sysmon_unsigned_image_loaded_into_lsass.yml att&ck tags review: windows/builtin, windows/driver_load, windows/file_event, windows/image_load, windows/other 2020-08-25 01:09:17 +02:00
sysmon_wmi_module_load.yml Update Threat Hunter Playbook Reference 2021-05-22 01:01:33 -03:00
sysmon_wmi_persistence_commandline_event_consumer.yml att&ck tags review: windows/builtin, windows/driver_load, windows/file_event, windows/image_load, windows/other 2020-08-25 01:09:17 +02:00
sysmon_wmic_remote_xsl_scripting_dlls.yml Fixes&improvements 2021-04-08 01:06:40 +02:00
sysmon_wsman_provider_image_load.yml 13 Rules from THP - Backlog Rules (old) 2020-10-13 03:33:55 -04:00