valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-06 17:35:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
6a7ac098ed
SigmaHQ/rules/windows/sysmon
History
Cyb3rEng 6a7ac098ed
changed id uuid to v4 
b45e1519-5de5-4dfe-bef6-73bc48c2b983
2021-09-09 21:31:20 -06:00
..
Monitor_executable_and_script_files_creation_by_Office_applications_using_file_extentions.yml Changed Category 2021-09-08 20:38:07 -06:00
Monitor_LOLBins_Process_Creations_by_Office_applications.yml changed id uuid to v4 2021-09-09 21:31:20 -06:00
Monitor_LOLBins_process_creations_with_Wmiprvse_parent_process.yml Update Monitor_LOLBins_process_creations_with_Wmiprvse_parent_process.yml 2021-09-09 06:28:48 +02:00
Monitor_Office_Applications_from_proxy_executing_regsvr32_with_payload.yml Completed changes to selection1 2021-09-08 21:26:01 -06:00
Office_Applications_Spawning_WMI_command-line.yml Completed Changes based on review 2021-09-09 21:02:11 -06:00
sysmon_abusing_windows_telemetry_for_persistence.yml Various fixes 2021-09-07 23:38:07 +02:00
sysmon_accessing_winapi_in_powershell_credentials_dumping.yml Merge branch 'master' into falsepositives_NOT_a_list 2021-05-27 10:23:19 +02:00
sysmon_config_modification_error.yml Split global rules 2021-09-07 13:30:32 +02:00
sysmon_config_modification_status.yml Split global rules 2021-09-07 13:30:32 +02:00
sysmon_cve_2021_31979_cve_2021_33771_exploits.yml Update global ID 2021-09-02 21:16:55 +02:00
sysmon_dcom_iertutil_dll_hijack.yml Updated rules with modifiers instead of '*' and remove trailing '\\' 2021-06-27 14:51:29 +02:00
sysmon_dns_hybridconnectionmgr_servicebus.yml Convert eventID 22 to category dns_query 2021-06-10 16:43:33 +02:00
sysmon_pingback_backdoor.yml update global id 2021-09-02 21:03:25 +02:00
sysmon_wmiprvse_wbemcomn_dll_hijack.yml Update global ID 2021-09-02 20:07:03 +02:00