Florian Roth 6b9eef58da Merge pull request #1338 from Neo23x0/rule-devel ... Improved UNC2452 activity rules		2021-01-25 14:36:44 +01:00
..
builtin	docs: removed CVE	2021-01-15 13:25:10 +01:00
deprecated	fix: buggy rule	2020-05-23 18:32:02 +02:00
driver_load	att&ck tags review: windows/builtin, windows/driver_load, windows/file_event, windows/image_load, windows/other	2020-08-25 01:09:17 +02:00
file_event	Merge pull request #989 from oscd-initiative/master	2020-09-08 13:27:58 +02:00
image_load	Update the azure image_load rule to be a generic sysmon rule	2020-12-23 16:29:49 -05:00
malware	more AV event and suspicious commands	2021-01-07 17:54:19 +01:00
network_connection	rework: impossible rule with Sysmon	2021-01-19 14:12:40 +01:00
other	fix service from system to security for rule win_pcap_drivers.yml	2021-01-22 09:10:02 +01:00
powershell	fix: Malicious Nishang PowerShell Commandlets FP with MDATP	2020-12-05 09:33:42 +01:00
process_access	Split up cmstp rule into 3 separate rules and remove duplicates	2020-12-23 12:17:39 -05:00
process_creation	Merge pull request #1338 from Neo23x0/rule-devel	2021-01-25 14:36:44 +01:00
registry_event	Added Stealthy Office Persistence via VSTO	2021-01-10 17:54:17 +05:45
sysmon	Merge pull request #1315 from rtkdmasse/split-up-cmstp-rule	2021-01-09 10:30:33 +01:00