valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 17:58:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
4fb9821b49
SigmaHQ/rules/windows
History
yugoslavskiy 4fb9821b49 added: 
win_non_interactive_powershell.yml
	win_remote_powershell_session.yml
	win_wmiprvse_spawning_process.yml
	powershell_alternate_powershell_hosts.yml
	powershell_remote_powershell_session.yml
	sysmon_alternate_powershell_hosts_moduleload.yml
	sysmon_alternate_powershell_hosts_pipe.yml
	sysmon_non_interactive_powershell_execution.yml
	sysmon_powershell_execution_moduleload.yml
	sysmon_powershell_execution_pipe.yml
	sysmon_remote_powershell_session_network.yml
	sysmon_remote_powershell_session_process.yml
	sysmon_wmi_module_load.yml
	sysmon_wmiprvse_spawning_process.yml
2019-10-24 15:48:38 +02:00
..
builtin added: 2019-10-24 15:48:38 +02:00
malware rules: AV rules updated to reflect 1.7.2 auf AV cheat sheet 2019-10-04 16:17:34 +02:00
other Converted to use the new process_creation data source 2019-03-09 20:57:59 +03:00
powershell added: 2019-10-24 15:48:38 +02:00
process_creation rule: another reference link for 'execution by ordinal' 2019-10-22 15:18:19 +02:00
sysmon added: 2019-10-24 15:48:38 +02:00