| .. |
|
net_dns_high_subdomain_rate.yml
|
UUIDs + moved unsupported logic
|
2019-12-19 23:56:36 +01:00 |
|
net_dns_large_domain_name.yml
|
UUIDs + moved unsupported logic
|
2019-12-19 23:56:36 +01:00 |
|
net_possible_dns_rebinding.yml
|
UUIDs + moved unsupported logic
|
2019-12-19 23:56:36 +01:00 |
|
sysmon_always_install_elevated_msi_spawned_cmd_and_powershell_spawned_processes.yml
|
Move to rules-unsupported as use special enrichment field
|
2021-07-09 07:40:57 +02:00 |
|
sysmon_always_install_elevated_parent_child_correlated.yml
|
[OSCD] Always Install Elevated
|
2020-10-15 21:59:37 -04:00 |
|
sysmon_process_reimaging.yml
|
All Rules use 'TargetFilename' instead of 'TargetFileName'.
|
2020-06-03 09:00:59 +02:00 |
|
win_access_fake_files_with_stored_credentials.yml
|
Replace start of paths with placeholders
|
2020-10-17 09:36:25 -04:00 |
|
win_dumping_ntdsdit_via_dcsync.yml
|
UUIDs + moved unsupported logic
|
2019-12-19 23:56:36 +01:00 |
|
win_dumping_ntdsdit_via_netsync.yml
|
UUIDs + moved unsupported logic
|
2019-12-19 23:56:36 +01:00 |
|
win_kernel_and_3rd_party_drivers_exploits_token_stealing.yml
|
2 more rule with custom field
|
2021-07-09 10:07:41 +02:00 |
|
win_possible_privilege_escalation_using_rotten_potato.yml
|
2 more rule with custom field
|
2021-07-09 10:07:41 +02:00 |
|
win_remote_schtask.yml
|
Added selection criteria + moved to Unsupported rule
|
2020-10-11 12:48:48 +10:30 |
|
win_remote_service.yml
|
Added conditional description + moved to unsupported-rules
|
2020-10-11 12:40:24 +10:30 |
