valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-06 17:35:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
87e5fc48fa
SigmaHQ/rules/windows/registry_event
History
frack113 047ebab36b fix HKCU
2021-09-13 14:01:39 +02:00
..
registry_event_abusing_windows_telemetry_for_persistence.yml Split global sysmon rules 2021-09-09 16:11:41 +02:00
registry_event_cve_2021_31979_cve_2021_33771_exploits.yml Split global sysmon rules 2021-09-09 16:11:41 +02:00
sysmon_apt_leviathan.yml fix TargetObject HK 2021-09-13 13:16:16 +02:00
sysmon_apt_oceanlotus_registry.yml fix HKCU 2021-09-13 14:01:39 +02:00
sysmon_apt_pandemic.yml Update global id 2021-09-03 06:35:35 +02:00
sysmon_asep_reg_keys_modification.yml fix condition operator case 2021-09-10 13:51:52 +02:00
sysmon_bypass_via_wsreset.yml Merging upstream updates 2021-07-01 12:18:30 +05:45
sysmon_cmstp_execution_by_registry.yml fix 3 times the same name file 2021-07-02 11:01:07 +02:00
sysmon_cobaltstrike_service_installs.yml Merging upstream updates 2021-07-01 12:18:30 +05:45
sysmon_comhijack_sdclt.yml Merging upstream updates 2021-07-01 12:18:30 +05:45
sysmon_cve-2020-1048.yml Merging upstream updates 2021-07-01 12:18:30 +05:45
sysmon_dhcp_calloutdll.yml Merging upstream updates 2021-07-01 12:18:30 +05:45
sysmon_disable_microsoft_office_security_features.yml Merging upstream updates 2021-07-01 12:18:30 +05:45
sysmon_disable_security_events_logging_adding_reg_key_minint.yml Merging upstream updates 2021-07-01 12:18:30 +05:45
sysmon_disable_wdigest_credential_guard.yml Merging upstream updates 2021-07-01 12:18:30 +05:45
sysmon_disabled_exploit_guard_network_protection_on_microsoft_defender.yml Create sysmon_disabled_exploit_guard_network_protection_on_microsoft_defender.yml 2021-08-04 19:11:00 -05:00
sysmon_disabled_pua_protection_on_microsoft_defender.yml Update sysmon_disabled_pua_protection_on_microsoft_defender.yml 2021-08-04 17:00:34 -05:00
sysmon_disabled_tamper_protection_on_microsoft_defender.yml Create sysmon_disabled_tamper_protection_on_microsoft_defender.yml 2021-08-04 19:08:10 -05:00
sysmon_dns_over_https_enabled.yml Update sysmon_dns_over_https_enabled.yml 2021-09-09 08:04:54 +07:00
sysmon_dns_serverlevelplugindll.yml Update global ID 2021-09-02 21:16:55 +02:00
sysmon_enabling_cor_profiler_env_variables.yml Merging upstream updates 2021-07-01 12:18:30 +05:45
sysmon_etw_disabled.yml refactor: sysmon rule cleanup > generlization 2020-07-01 10:58:39 +02:00
sysmon_hack_wce_reg.yml Merging upstream updates 2021-07-01 12:18:30 +05:45
sysmon_hybridconnectionmgr_svc_installation.yml Merging upstream updates 2021-07-01 12:18:30 +05:45
sysmon_logon_scripts_userinitmprlogonscript_reg.yml Merging upstream updates 2021-07-01 12:18:30 +05:45
sysmon_modify_screensaver_binary_path.yml Merging upstream updates 2021-07-01 12:18:30 +05:45
sysmon_narrator_feedback_persistance.yml att&ck tags review: windows/registry_event 2020-09-06 22:10:44 +03:00
sysmon_new_application_appcompat.yml Merging upstream updates 2021-07-01 12:18:30 +05:45
sysmon_new_dll_added_to_appcertdlls_registry_key.yml Merging upstream updates 2021-07-01 12:18:30 +05:45
sysmon_new_dll_added_to_appinit_dlls_registry_key.yml Merging upstream updates 2021-07-01 12:18:30 +05:45
sysmon_office_test_regadd.yml fix TargetObject HK 2021-09-13 13:16:16 +02:00
sysmon_office_vsto_persistence.yml Tune false positive 2021-07-27 09:58:00 +02:00
sysmon_possible_privilege_escalation_via_service_registry_permissions_weakness.yml att&ck tags review: windows/registry_event 2020-09-06 22:10:44 +03:00
sysmon_powershell_as_service.yml Merging upstream updates 2021-07-01 12:18:30 +05:45
sysmon_rdp_registry_modification.yml Merging upstream updates 2021-07-01 12:18:30 +05:45
sysmon_rdp_settings_hijack.yml Merging upstream updates 2021-07-01 12:18:30 +05:45
sysmon_redmimicry_winnti_reg.yml fix: renamed files and lien break change 2020-07-01 09:48:48 +02:00
sysmon_reg_office_security.yml Added latest McAfee zloader's reference for Office Security Settings Changed 2021-07-12 16:56:21 +05:45
sysmon_reg_silentprocessexit_lsass.yml Merging upstream updates 2021-07-01 12:18:30 +05:45
sysmon_reg_silentprocessexit.yml Merging upstream updates 2021-07-01 12:18:30 +05:45
sysmon_reg_vbs_payload_stored.yml add missing tags 2021-09-01 19:38:35 +02:00
sysmon_registry_add_local_hidden_user.yml Merging upstream updates 2021-07-01 12:18:30 +05:45
sysmon_registry_persistence_key_linking.yml Replace old mitre techniques by new one 2021-08-22 13:57:56 +02:00
sysmon_registry_persistence_search_order.yml Fix selection with only 1 element 2021-08-14 09:54:27 +02:00
sysmon_registry_susp_printer_driver.yml Update cve tags 2021-08-24 10:50:01 +02:00
sysmon_registry_trust_record_modification.yml att&ck tags review: windows/registry_event 2020-09-06 22:10:44 +03:00
sysmon_removal_amsi_registry_key.yml Merging upstream updates 2021-07-01 12:18:30 +05:45
sysmon_removal_com_hijacking_registry_key.yml Merging upstream updates 2021-07-01 12:18:30 +05:45
sysmon_runkey_winekey.yml ryuk changes 2020-10-30 13:15:11 +05:30
sysmon_runonce_persistence.yml Merging upstream updates 2021-07-01 12:18:30 +05:45
sysmon_ssp_added_lsa_config.yml att&ck tags review: windows/registry_event 2020-09-06 22:10:44 +03:00
sysmon_stickykey_like_backdoor.yml Update global ID 2021-09-02 21:16:55 +02:00
sysmon_susp_atbroker_change.yml Spelling Errors on Rules 2021-08-18 18:58:20 +00:00
sysmon_susp_download_run_key.yml Merging upstream updates 2021-07-01 12:18:30 +05:45
sysmon_susp_lsass_dll_load.yml Merging upstream updates 2021-07-01 12:18:30 +05:45
sysmon_susp_mic_cam_access.yml Merging upstream updates 2021-07-01 12:18:30 +05:45
sysmon_susp_reg_persist_explorer_run.yml Fix invalid tags 2021-08-25 09:15:57 +02:00
sysmon_susp_run_key_img_folder.yml Merging upstream updates 2021-07-01 12:18:30 +05:45
sysmon_susp_service_installed.yml Merging upstream updates 2021-07-01 12:18:30 +05:45
sysmon_suspicious_keyboard_layout_load.yml add missing tags 2021-09-01 20:01:03 +02:00
sysmon_sysinternals_eula_accepted.yml Merge pull request #1979 from frack113/test_global 2021-09-06 08:44:14 +02:00
sysmon_sysinternals_sdelete_registry_keys.yml Merging upstream updates 2021-07-01 12:18:30 +05:45
sysmon_taskcache_entry.yml Tune false positive 2021-07-27 10:05:57 +02:00
sysmon_uac_bypass_eventvwr.yml Update global ID 2021-09-02 21:16:55 +02:00
sysmon_uac_bypass_sdclt.yml add another possible sdclt uac bypass registry path 2021-08-31 12:51:21 +02:00
sysmon_uac_bypass_shell_open.yml fix: rename filter 2021-09-03 13:26:34 +02:00
sysmon_uac_bypass_winsat.yml chore: move level/falsepositives to bottom 2021-09-02 14:55:17 +02:00
sysmon_uac_bypass_wmp.yml chore: move level/falsepositives to bottom 2021-09-02 14:55:17 +02:00
sysmon_volume_shadow_copy_service_keys.yml Merging upstream updates 2021-07-01 12:18:30 +05:45
sysmon_wab_dllpath_reg_change.yml Merging upstream updates 2021-07-01 12:18:30 +05:45
sysmon_wdigest_enable_uselogoncredential.yml Merging upstream updates 2021-07-01 12:18:30 +05:45
sysmon_win_reg_persistence.yml Merging upstream updates 2021-07-01 12:18:30 +05:45
sysmon_win_reg_telemetry_persistence.yml Merging upstream updates 2021-07-01 12:18:30 +05:45
win_outlook_c2_registry_key.yml fix TargetObject HK 2021-09-13 13:16:16 +02:00
win_outlook_registry_todaypage.yml Spelling Errors on Rules 2021-08-18 18:58:20 +00:00
win_outlook_registry_webview.yml Spelling Errors on Rules 2021-08-18 18:58:20 +00:00
win_portproxy_registry_key.yml fix TargetObject HK 2021-09-13 13:16:16 +02:00
win_registry_mimikatz_printernightmare.yml Update cve tags 2021-08-24 10:50:01 +02:00