valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-06 09:25:17 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
8f22d418f3
SigmaHQ/rules/windows/file_event
History
frack113 765acac374
Merge pull request #2195 from frack113/cve_attack 
CVE attack
2021-10-26 10:40:13 +02:00
..
file_event_advanced_ip_scanner.yml split global rules 2021-09-11 20:30:32 +02:00
file_event_apt_unidentified_nov_18.yml spli win_apt_slingshot.yml 2021-09-19 11:36:40 +02:00
file_event_cve_2021_31979_cve_2021_33771_exploits.yml Add cve tags 2021-10-25 18:40:50 +02:00
file_event_executable_and_script_creation_by_office_using_file_ext.yml Order file i correct directory 2021-10-05 07:30:43 +02:00
file_event_hack_dumpert.yml split global sysmon_hack_dumpert.yml 2021-09-21 10:43:42 +02:00
file_event_hktl_createminidump.yml split win_hktl_createminidump.yml 2021-09-19 10:19:34 +02:00
file_event_mal_adwind.yml split win_mal_adwind.yml 2021-09-19 10:12:03 +02:00
file_event_mal_vhd_download.yml Update file_event_mal_vhd_download.yml 2021-10-25 17:29:01 +02:00
file_event_moriya_rootkit.yml split global win_moriya_rootkit.yml 2021-09-21 15:18:25 +02:00
file_event_pingback_backdoor.yml Split global sysmon rules 2021-09-09 16:11:41 +02:00
file_event_script_creation_by_office_using_file_ext.yml fix filename 2021-09-22 18:45:08 +02:00
file_event_tool_psexec.yml split global win_tool_psexec.yml 2021-09-21 10:10:48 +02:00
file_event_uac_bypass_winsat.yml fix duplicate name file 2021-09-20 09:31:04 +02:00
file_event_uac_bypass_wmp.yml fix duplicate name file 2021-09-20 09:31:04 +02:00
file_event_winrm_awl_bypass.yml fix filename 2021-09-22 16:21:07 +02:00
file_event_wmiprvse_wbemcomn_dll_hijack.yml Split global sysmon rules 2021-09-09 16:11:41 +02:00
sysmon_creation_system_file.yml Merging upstream updates 2021-07-01 12:18:30 +05:45
sysmon_cred_dump_tools_dropped_files.yml att&ck tags review: windows/builtin, windows/driver_load, windows/file_event, windows/image_load, windows/other 2020-08-25 01:09:17 +02:00
sysmon_cve_2021_26858_msexchange.yml Add cve tags 2021-10-25 18:14:03 +02:00
sysmon_detect_powerup_dllhijacking.yml Corrected Rules - Logsource 2021-09-13 10:16:02 +05:30
sysmon_ghostpack_safetykatz.yml Merging upstream updates 2021-07-01 12:18:30 +05:45
sysmon_lsass_memory_dump_file_creation.yml Merge branch 'master' into rule-devel 2021-08-17 12:29:55 +02:00
sysmon_non_priv_program_files_move.yml Fix selection with only 1 element 2021-08-14 09:54:27 +02:00
sysmon_office_persistence.yml att&ck tags review: windows/builtin, windows/driver_load, windows/file_event, windows/image_load, windows/other 2020-08-25 01:09:17 +02:00
sysmon_outlook_newform.yml Merging upstream updates 2021-07-01 12:18:30 +05:45
sysmon_pcre_net_temp_file.yml Fix selection with only 1 element 2021-08-14 09:54:27 +02:00
sysmon_powershell_exploit_scripts.yml Merging upstream updates 2021-07-01 12:18:30 +05:45
sysmon_powershell_startup_shortcuts.yml Update sysmon_powershell_startup_shortcuts.yml 2021-10-24 16:07:40 -04:00
sysmon_quarkspw_filedump.yml Merging upstream updates 2021-07-01 12:18:30 +05:45
sysmon_redmimicry_winnti_filedrop.yml fix: renamed files and lien break change 2020-07-01 09:48:48 +02:00
sysmon_startup_folder_file_write.yml Merging upstream updates 2021-07-01 12:18:30 +05:45
sysmon_susp_adsi_cache_usage.yml Merging upstream updates 2021-07-01 12:18:30 +05:45
sysmon_susp_clr_logs.yml Merging upstream updates 2021-07-01 12:18:30 +05:45
sysmon_susp_desktop_ini.yml att&ck tags review: windows/builtin, windows/driver_load, windows/file_event, windows/image_load, windows/other 2020-08-25 01:09:17 +02:00
sysmon_susp_pfx_file_creation.yml Update sysmon_susp_pfx_file_creation.yml 2021-07-04 10:38:53 +08:00
sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml Merging upstream updates 2021-07-01 12:18:30 +05:45
sysmon_suspicious_powershell_profile_create.yml Update PS rules 2021-08-21 09:50:59 +02:00
sysmon_tsclient_filewrite_startup.yml add missing tags 2021-09-01 19:38:35 +02:00
sysmon_uac_bypass_consent_comctl32.yml chore: move level/falsepositives to bottom 2021-09-02 14:55:17 +02:00
sysmon_uac_bypass_dotnet_profiler.yml chore: move level/falsepositives to bottom 2021-09-02 14:55:17 +02:00
sysmon_uac_bypass_ieinstal.yml chore: move level/falsepositives to bottom 2021-09-02 14:55:17 +02:00
sysmon_uac_bypass_msconfig_gui.yml chore: move level/falsepositives to bottom 2021-09-02 14:55:17 +02:00
sysmon_uac_bypass_ntfs_reparse_point.yml chore: move level/falsepositives to bottom 2021-09-02 14:55:17 +02:00
sysmon_webshell_creation_detect.yml Merging upstream updates 2021-07-01 12:18:30 +05:45
sysmon_wmi_persistence_script_event_consumer_write.yml att&ck tags review: windows/builtin, windows/driver_load, windows/file_event, windows/image_load, windows/other 2020-08-25 01:09:17 +02:00
win_cve_2021_1675_printspooler.yml Add cve tags 2021-10-25 18:40:50 +02:00
win_file_winword_cve_2021_40444.yml Update win_file_winword_cve_2021_40444.yml 2021-09-22 22:26:05 -05:00
win_hivenightmare_file_exports.yml Add cve tags 2021-10-25 18:40:50 +02:00
win_outlook_c2_macro_creation.yml fix tags 2021-08-24 12:36:31 +02:00
win_rclone_exec_file.yml Remove unneeded EventID 2021-10-04 21:25:57 +02:00
win_susp_desktopimgdownldr_file.yml docs: more references 2020-07-03 13:19:44 +02:00