| .. |
|
sysmon_ads_executable.yml
|
Move null values out from list in rules
|
2020-06-03 13:57:22 +02:00 |
|
sysmon_alternate_powershell_hosts_pipe.yml
|
Initial round of subtechnique updates
|
2020-06-16 14:46:08 -06:00 |
|
sysmon_apt_turla_namedpipes.yml
|
refactor: moved rues from 'apt' folder in respective folders
|
2020-02-01 17:59:26 +01:00 |
|
sysmon_cactustorch.yml
|
fix: fixed missing date fields in remaining files
|
2020-01-30 16:07:37 +01:00 |
|
sysmon_cmstp_execution.yml
|
filter on createkey only when needed
|
2020-05-22 10:37:00 -04:00 |
|
sysmon_cobaltstrike_process_injection.yml
|
Added UUIDs to rules
|
2019-11-12 23:12:27 +01:00 |
|
sysmon_createremotethread_loadlibrary.yml
|
Removed ATT&CK technique ids from titles and added tags
|
2020-01-11 00:33:50 +01:00 |
|
sysmon_cred_dump_tools_named_pipes.yml
|
Initial round of subtechnique updates
|
2020-06-16 14:46:08 -06:00 |
|
sysmon_mal_namedpipes.yml
|
Add Covenant default named pipe
|
2019-12-18 15:19:47 +00:00 |
|
sysmon_password_dumper_lsass.yml
|
Initial round of subtechnique updates
|
2020-06-16 14:46:08 -06:00 |
|
sysmon_possible_dns_rebinding.yml
|
Initial round of subtechnique updates
|
2020-06-16 14:46:08 -06:00 |
|
sysmon_raw_disk_access_using_illegitimate_tools.yml
|
Rule fixes
|
2020-02-20 23:00:16 +01:00 |
|
sysmon_redmimicry_winnti_inject.yml
|
fix: renamed files and lien break change
|
2020-07-01 09:48:48 +02:00 |
|
sysmon_susp_powershell_rundll32.yml
|
Initial round of subtechnique updates
|
2020-06-16 14:46:08 -06:00 |
|
sysmon_suspicious_remote_thread.yml
|
Date typos...more than I thought...
|
2020-04-02 10:00:00 +02:00 |
|
sysmon_wmi_event_subscription.yml
|
Initial round of subtechnique updates
|
2020-06-16 14:46:08 -06:00 |
|
sysmon_wmi_susp_scripting.yml
|
Initial round of subtechnique updates
|
2020-06-16 14:46:08 -06:00 |
