SigmaHQ

mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 09:48:58 +00:00

History

Roberto Rodriguez 972326f761 A few more - 7 Rules		2020-10-29 21:11:41 -04:00
..
sysmon_in_memory_powershell.yml	Merge pull request #989 from oscd-initiative/master	2020-09-08 13:27:58 +02:00
sysmon_mimikatz_inmemory_detection.yml	Changed category names and remove sysmon log source	2020-06-24 17:41:21 +02:00
sysmon_pcre_net_load.yml	A few more - 7 Rules	2020-10-29 21:11:41 -04:00
sysmon_powershell_execution_moduleload.yml	att&ck tags review: windows/builtin, windows/driver_load, windows/file_event, windows/image_load, windows/other	2020-08-25 01:09:17 +02:00
sysmon_scrcons_imageload_wmi_scripteventconsumer.yml	13 Rules from THP - Backlog Rules (old)	2020-10-13 03:33:55 -04:00
sysmon_susp_fax_dll.yml	att&ck tags review: windows/builtin, windows/driver_load, windows/file_event, windows/image_load, windows/other	2020-08-25 01:09:17 +02:00
sysmon_susp_image_load.yml	att&ck tags review: windows/builtin, windows/driver_load, windows/file_event, windows/image_load, windows/other	2020-08-25 01:09:17 +02:00
sysmon_susp_office_dotnet_assembly_dll_load.yml	att&ck tags review: windows/builtin, windows/driver_load, windows/file_event, windows/image_load, windows/other	2020-08-25 01:09:17 +02:00
sysmon_susp_office_dotnet_clr_dll_load.yml	att&ck tags review: windows/builtin, windows/driver_load, windows/file_event, windows/image_load, windows/other	2020-08-25 01:09:17 +02:00
sysmon_susp_office_dotnet_gac_dll_load.yml	att&ck tags review: windows/builtin, windows/driver_load, windows/file_event, windows/image_load, windows/other	2020-08-25 01:09:17 +02:00
sysmon_susp_office_dsparse_dll_load.yml	att&ck tags review: windows/builtin, windows/driver_load, windows/file_event, windows/image_load, windows/other	2020-08-25 01:09:17 +02:00
sysmon_susp_office_kerberos_dll_load.yml	att&ck tags review: windows/builtin, windows/driver_load, windows/file_event, windows/image_load, windows/other	2020-08-25 01:09:17 +02:00
sysmon_susp_winword_vbadll_load.yml	att&ck tags review: windows/builtin, windows/driver_load, windows/file_event, windows/image_load, windows/other	2020-08-25 01:09:17 +02:00
sysmon_susp_winword_wmidll_load.yml	Changed category names and remove sysmon log source	2020-06-24 17:41:21 +02:00
sysmon_suspicious_dbghelp_dbgcore_load.yml	att&ck tags review: windows/builtin, windows/driver_load, windows/file_event, windows/image_load, windows/other	2020-08-25 01:09:17 +02:00
sysmon_svchost_dll_search_order_hijack.yml	att&ck tags review: windows/builtin, windows/driver_load, windows/file_event, windows/image_load, windows/other	2020-08-25 01:09:17 +02:00
sysmon_uipromptforcreds_dlls.yml	A few more - 7 Rules	2020-10-29 21:11:41 -04:00
sysmon_unsigned_image_loaded_into_lsass.yml	att&ck tags review: windows/builtin, windows/driver_load, windows/file_event, windows/image_load, windows/other	2020-08-25 01:09:17 +02:00
sysmon_wmi_module_load.yml	be more specific about file location	2020-07-09 13:33:59 -04:00
sysmon_wmi_persistence_commandline_event_consumer.yml	att&ck tags review: windows/builtin, windows/driver_load, windows/file_event, windows/image_load, windows/other	2020-08-25 01:09:17 +02:00
sysmon_wmic_remote_xsl_scripting_dlls.yml	Create sysmon_wmic_remote_xsl_scripting_dlls.yml	2020-10-17 11:17:48 -04:00
sysmon_wsman_provider_image_load.yml	13 Rules from THP - Backlog Rules (old)	2020-10-13 03:33:55 -04:00