| .. |
|
image_load_pingback_backdoor.yml
|
Split global sysmon rules
|
2021-09-09 16:11:41 +02:00 |
|
image_load_silenttrinity_stage_use.yml
|
Remove unneeded EventID
|
2021-10-04 21:25:57 +02:00 |
|
image_load_wmiprvse_wbemcomn_dll_hijack.yml
|
Update image_load_wmiprvse_wbemcomn_dll_hijack.yml
|
2021-09-09 19:56:20 +02:00 |
|
process_creation_tttracer_mod_load.yml
|
split global sysmon_tttracer_mod_load.yml
|
2021-09-21 10:39:02 +02:00 |
|
sysmon_abusing_azure_browser_sso.yml
|
Fixes&improvements
|
2021-04-08 01:06:40 +02:00 |
|
sysmon_alternate_powershell_hosts_moduleload.yml
|
Merging upstream updates
|
2021-07-01 12:18:30 +05:45 |
|
sysmon_foggyweb_nobelium.yml
|
docs: changed description
|
2021-09-27 23:12:18 +02:00 |
|
sysmon_in_memory_powershell.yml
|
Merging upstream updates
|
2021-07-01 12:18:30 +05:45 |
|
sysmon_mimikatz_inmemory_detection.yml
|
test author for Detection Rule License 1.1
|
2021-08-14 19:16:36 +02:00 |
|
sysmon_pcre_net_load.yml
|
Fix selection with only 1 element
|
2021-08-14 09:54:27 +02:00 |
|
sysmon_powershell_execution_moduleload.yml
|
Merging upstream updates
|
2021-07-01 12:18:30 +05:45 |
|
sysmon_scrcons_imageload_wmi_scripteventconsumer.yml
|
Merging upstream updates
|
2021-07-01 12:18:30 +05:45 |
|
sysmon_spoolsv_dll_load.yml
|
Add cve tags
|
2021-10-25 18:40:50 +02:00 |
|
sysmon_susp_fax_dll.yml
|
att&ck tags review: windows/builtin, windows/driver_load, windows/file_event, windows/image_load, windows/other
|
2020-08-25 01:09:17 +02:00 |
|
sysmon_susp_image_load.yml
|
Merging upstream updates
|
2021-07-01 12:18:30 +05:45 |
|
sysmon_susp_office_dotnet_assembly_dll_load.yml
|
Merging upstream updates
|
2021-07-01 12:18:30 +05:45 |
|
sysmon_susp_office_dotnet_clr_dll_load.yml
|
Merging upstream updates
|
2021-07-01 12:18:30 +05:45 |
|
sysmon_susp_office_dotnet_gac_dll_load.yml
|
Merging upstream updates
|
2021-07-01 12:18:30 +05:45 |
|
sysmon_susp_office_dsparse_dll_load.yml
|
Merging upstream updates
|
2021-07-01 12:18:30 +05:45 |
|
sysmon_susp_office_kerberos_dll_load.yml
|
Merging upstream updates
|
2021-07-01 12:18:30 +05:45 |
|
sysmon_susp_python_image_load.yml
|
Merging upstream updates
|
2021-07-01 12:18:30 +05:45 |
|
sysmon_susp_script_dotnet_clr_dll_load.yml
|
Merging upstream updates
|
2021-07-01 12:18:30 +05:45 |
|
sysmon_susp_system_drawing_load.yml
|
Merging upstream updates
|
2021-07-01 12:18:30 +05:45 |
|
sysmon_susp_winword_vbadll_load.yml
|
Merging upstream updates
|
2021-07-01 12:18:30 +05:45 |
|
sysmon_susp_winword_wmidll_load.yml
|
Merging upstream updates
|
2021-07-01 12:18:30 +05:45 |
|
sysmon_suspicious_dbghelp_dbgcore_load.yml
|
Various fixes
|
2021-09-07 23:38:07 +02:00 |
|
sysmon_svchost_dll_search_order_hijack.yml
|
Merging upstream updates
|
2021-07-01 12:18:30 +05:45 |
|
sysmon_tttracer_mod_load.yml
|
split global sysmon_tttracer_mod_load.yml
|
2021-09-21 10:39:02 +02:00 |
|
sysmon_uac_bypass_via_dism.yml
|
Merging upstream updates
|
2021-07-01 12:18:30 +05:45 |
|
sysmon_uipromptforcreds_dlls.yml
|
Update mordordatasets references
|
2021-07-06 16:35:20 +08:00 |
|
sysmon_unsigned_image_loaded_into_lsass.yml
|
att&ck tags review: windows/builtin, windows/driver_load, windows/file_event, windows/image_load, windows/other
|
2020-08-25 01:09:17 +02:00 |
|
sysmon_wmi_module_load.yml
|
update modified after FP fix
|
2021-08-18 18:17:53 +02:00 |
|
sysmon_wmi_persistence_commandline_event_consumer.yml
|
att&ck tags review: windows/builtin, windows/driver_load, windows/file_event, windows/image_load, windows/other
|
2020-08-25 01:09:17 +02:00 |
|
sysmon_wmic_remote_xsl_scripting_dlls.yml
|
Update mordordatasets references
|
2021-07-06 16:35:20 +08:00 |
|
sysmon_wsman_provider_image_load.yml
|
Merging upstream updates
|
2021-07-01 12:18:30 +05:45 |
|
win_susp_svchost_clfsw32.yml
|
rule: PRIVATELOG image load
|
2021-09-07 10:10:14 +02:00 |
|
win_suspicious_vss_ps_load.yml
|
refactor: make the rule more usable
|
2021-07-08 09:05:57 +02:00 |
