Florian Roth 6b2bacd2cc Merge pull request #1979 from frack113/test_global ... Change ID in global action rule		2021-09-06 08:44:14 +02:00
..
sysmon_creation_system_file.yml	Merging upstream updates	2021-07-01 12:18:30 +05:45
sysmon_cred_dump_tools_dropped_files.yml	att&ck tags review: windows/builtin, windows/driver_load, windows/file_event, windows/image_load, windows/other	2020-08-25 01:09:17 +02:00
sysmon_cve_2021_26858_msexchange.yml	Update cve tags	2021-08-24 10:50:01 +02:00
sysmon_detect_powerup_dllhijacking.yml	Some cleanup	2021-08-21 17:33:39 +02:00
sysmon_ghostpack_safetykatz.yml	Merging upstream updates	2021-07-01 12:18:30 +05:45
sysmon_hack_dumpert.yml	Update global id	2021-09-03 06:35:35 +02:00
sysmon_lsass_memory_dump_file_creation.yml	Merge branch 'master' into rule-devel	2021-08-17 12:29:55 +02:00
sysmon_non_priv_program_files_move.yml	Fix selection with only 1 element	2021-08-14 09:54:27 +02:00
sysmon_office_persistence.yml	att&ck tags review: windows/builtin, windows/driver_load, windows/file_event, windows/image_load, windows/other	2020-08-25 01:09:17 +02:00
sysmon_outlook_newform.yml	Merging upstream updates	2021-07-01 12:18:30 +05:45
sysmon_pcre_net_temp_file.yml	Fix selection with only 1 element	2021-08-14 09:54:27 +02:00
sysmon_powershell_exploit_scripts.yml	Merging upstream updates	2021-07-01 12:18:30 +05:45
sysmon_quarkspw_filedump.yml	Merging upstream updates	2021-07-01 12:18:30 +05:45
sysmon_redmimicry_winnti_filedrop.yml	fix: renamed files and lien break change	2020-07-01 09:48:48 +02:00
sysmon_startup_folder_file_write.yml	Merging upstream updates	2021-07-01 12:18:30 +05:45
sysmon_susp_adsi_cache_usage.yml	Merging upstream updates	2021-07-01 12:18:30 +05:45
sysmon_susp_clr_logs.yml	Merging upstream updates	2021-07-01 12:18:30 +05:45
sysmon_susp_desktop_ini.yml	att&ck tags review: windows/builtin, windows/driver_load, windows/file_event, windows/image_load, windows/other	2020-08-25 01:09:17 +02:00
sysmon_susp_pfx_file_creation.yml	Update sysmon_susp_pfx_file_creation.yml	2021-07-04 10:38:53 +08:00
sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml	Merging upstream updates	2021-07-01 12:18:30 +05:45
sysmon_suspicious_powershell_profile_create.yml	Update PS rules	2021-08-21 09:50:59 +02:00
sysmon_tsclient_filewrite_startup.yml	add missing tags	2021-09-01 19:38:35 +02:00
sysmon_uac_bypass_cleanmgr_tmpfile.yml	chore: move level/falsepositives to bottom	2021-09-02 14:55:17 +02:00
sysmon_uac_bypass_consent_comctl32.yml	chore: move level/falsepositives to bottom	2021-09-02 14:55:17 +02:00
sysmon_uac_bypass_dotnet_profiler.yml	chore: move level/falsepositives to bottom	2021-09-02 14:55:17 +02:00
sysmon_uac_bypass_ieinstal.yml	chore: move level/falsepositives to bottom	2021-09-02 14:55:17 +02:00
sysmon_uac_bypass_msconfig_gui.yml	chore: move level/falsepositives to bottom	2021-09-02 14:55:17 +02:00
sysmon_uac_bypass_ntfs_reparse_point.yml	chore: move level/falsepositives to bottom	2021-09-02 14:55:17 +02:00
sysmon_uac_bypass_winsat.yml	chore: move level/falsepositives to bottom	2021-09-02 14:55:17 +02:00
sysmon_uac_bypass_wmp.yml	chore: move level/falsepositives to bottom	2021-09-02 14:55:17 +02:00
sysmon_webshell_creation_detect.yml	Merging upstream updates	2021-07-01 12:18:30 +05:45
sysmon_wmi_persistence_script_event_consumer_write.yml	att&ck tags review: windows/builtin, windows/driver_load, windows/file_event, windows/image_load, windows/other	2020-08-25 01:09:17 +02:00
win_cve_2021_1675_printspooler.yml	Update cve tags	2021-08-24 10:50:01 +02:00
win_hivenightmare_file_exports.yml	Update cve tags	2021-08-24 10:50:01 +02:00
win_outlook_c2_macro_creation.yml	fix tags	2021-08-24 12:36:31 +02:00
win_rclone_exec_file.yml	Merging upstream updates	2021-07-01 12:18:30 +05:45
win_susp_desktopimgdownldr_file.yml	docs: more references	2020-07-03 13:19:44 +02:00
win_susp_multiple_files_renamed_or_deleted.yml	Merging upstream updates	2021-07-01 12:18:30 +05:45