valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 02:08:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
4c5d489428
SigmaHQ/rules/windows/sysmon
History
Antonlovesdnb 4c5d489428
Update sysmon_susp_office_kerberos_dll_load.yml
2020-02-25 09:23:52 -05:00
..
sysmon_ads_executable.yml fix: multiple false positive conditions 2020-01-28 10:11:09 +01:00
sysmon_apt_oceanlotus_registry.yml refactor: moved rues from 'apt' folder in respective folders 2020-02-01 17:59:26 +01:00
sysmon_apt_pandemic.yml refactor: moved rues from 'apt' folder in respective folders 2020-02-01 17:59:26 +01:00
sysmon_apt_turla_namedpipes.yml refactor: moved rues from 'apt' folder in respective folders 2020-02-01 17:59:26 +01:00
sysmon_cactustorch.yml fix: fixed missing date fields in remaining files 2020-01-30 16:07:37 +01:00
sysmon_cmstp_execution.yml fix: fixed missing date fields in remaining files 2020-01-30 16:07:37 +01:00
sysmon_cobaltstrike_process_injection.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_dhcp_calloutdll.yml fix: fixed casing and long rule titles 2020-01-30 17:26:09 +01:00
sysmon_dns_serverlevelplugindll.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_ghostpack_safetykatz.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_hack_dumpert.yml fix: dumpert rule with wrong sysmon event id 2020-02-07 13:14:18 +01:00
sysmon_hack_wce.yml Fixed rule: added condition 2020-01-07 15:20:16 +01:00
sysmon_invoke_phantom.yml fix: fixed casing and long rule titles 2020-01-30 17:26:09 +01:00
sysmon_logon_scripts_userinitmprlogonscript.yml fix: fixed missing date fields in remaining files 2020-01-30 16:07:37 +01:00
sysmon_lsass_memdump.yml fix: fixed missing date fields in remaining files 2020-01-30 16:07:37 +01:00
sysmon_mal_namedpipes.yml Add Covenant default named pipe 2019-12-18 15:19:47 +00:00
sysmon_malware_backconnect_ports.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_malware_verclsid_shellcode.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_mimikatz_detection_lsass.yml fix: fixed missing date fields in remaining files 2020-01-30 16:07:37 +01:00
sysmon_mimikatz_inmemory_detection.yml fix: fixed missing date fields in remaining files 2020-01-30 16:07:37 +01:00
sysmon_mimikatz_trough_winrm.yml fix: fixed missing date fields in remaining files 2020-01-30 16:07:37 +01:00
sysmon_password_dumper_lsass.yml fix: fixed missing date fields in remaining files 2020-01-30 16:07:37 +01:00
sysmon_powershell_exploit_scripts.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_powershell_network_connection.yml fix: fixed missing date fields in remaining files 2020-01-30 16:07:37 +01:00
sysmon_quarkspw_filedump.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_rdp_reverse_tunnel.yml fix: fixed casing and long rule titles 2020-01-30 17:26:09 +01:00
sysmon_rdp_settings_hijack.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_registry_persistence_key_linking.yml fix: fixed casing and long rule titles 2020-01-30 17:26:09 +01:00
sysmon_registry_trust_record_modification.yml Update sysmon_registry_trust_record_modification.yml 2020-02-19 14:50:09 -05:00
sysmon_renamed_jusched.yml Missing ID, wrong tag 2020-01-31 07:32:28 +01:00
sysmon_renamed_powershell.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_renamed_procdump.yml fix: fixed typo in rule for renamed procdump 2019-11-19 15:59:07 +01:00
sysmon_renamed_psexec.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_rundll32_net_connections.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_ssp_added_lsa_config.yml fix: fixed casing and long rule titles 2020-01-30 17:26:09 +01:00
sysmon_stickykey_like_backdoor.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_susp_download_run_key.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_susp_driver_load.yml fix: fixed missing date fields in remaining files 2020-01-30 16:07:37 +01:00
sysmon_susp_file_characteristics.yml fix: fixed casing and long rule titles 2020-01-30 17:26:09 +01:00
sysmon_susp_image_load.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_susp_lsass_dll_load.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_susp_office_dotnet_assembly_dll_load.yml Update sysmon_susp_office_dotnet_assembly_dll_load.yml 2020-02-25 09:23:22 -05:00
sysmon_susp_office_dotnet_clr_dll_load.yml Update sysmon_susp_office_dotnet_clr_dll_load.yml 2020-02-25 09:19:03 -05:00
sysmon_susp_office_dotnet_gac_dll_load.yml Update sysmon_susp_office_dotnet_gac_dll_load.yml 2020-02-25 09:22:37 -05:00
sysmon_susp_office_dsparse_dll_load.yml Update sysmon_susp_office_dsparse_dll_load.yml 2020-02-25 09:22:56 -05:00
sysmon_susp_office_kerberos_dll_load.yml Update sysmon_susp_office_kerberos_dll_load.yml 2020-02-25 09:23:52 -05:00
sysmon_susp_powershell_rundll32.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_susp_prog_location_network_connection.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_susp_rdp.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_susp_reg_persist_explorer_run.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_susp_run_key_img_folder.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_susp_winword_vbadll_load.yml Update sysmon_susp_winword_vbadll_load.yml 2020-02-19 14:51:00 -05:00
sysmon_susp_winword_wmidll_load.yml fix: fixed casing and long rule titles 2020-01-30 17:26:09 +01:00
sysmon_suspicious_keyboard_layout_load.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_svchost_dll_search_order_hijack.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_sysinternals_eula_accepted.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_tsclient_filewrite_startup.yml fix: fixed casing and long rule titles 2020-01-30 17:26:09 +01:00
sysmon_uac_bypass_eventvwr.yml fix: fixed missing date fields in remaining files 2020-01-30 16:07:37 +01:00
sysmon_uac_bypass_sdclt.yml fix: fixed casing and long rule titles 2020-01-30 17:26:09 +01:00
sysmon_webshell_creation_detect.yml fix: fixed casing and long rule titles 2020-01-30 17:26:09 +01:00
sysmon_win_binary_github_com.yml fix: fixed missing date fields in remaining files 2020-01-30 16:07:37 +01:00
sysmon_win_binary_susp_com.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_win_reg_persistence.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_wmi_event_subscription.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_wmi_persistence_commandline_event_consumer.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_wmi_persistence_script_event_consumer_write.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_wmi_susp_scripting.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00