.. |
sysmon_creation_system_file.yml
|
Re-fix sysmon rules that are lost changes with category refactoring.
|
2020-07-06 10:55:42 -04:00 |
sysmon_cred_dump_tools_dropped_files.yml
|
Changed category names and remove sysmon log source
|
2020-06-24 17:41:21 +02:00 |
sysmon_ghostpack_safetykatz.yml
|
Changed category names and remove sysmon log source
|
2020-06-24 17:41:21 +02:00 |
sysmon_hack_dumpert.yml
|
Fixes for rules in the sysmon file_event category
|
2020-07-03 16:22:29 -04:00 |
sysmon_lsass_memory_dump_file_creation.yml
|
Changed category names and remove sysmon log source
|
2020-06-24 17:41:21 +02:00 |
sysmon_office_persistence.yml
|
refactor: sysmon rule cleanup > generlization
|
2020-07-01 10:58:39 +02:00 |
sysmon_powershell_exploit_scripts.yml
|
Updated tags to include sub-techniques
|
2020-07-18 02:50:57 +01:00 |
sysmon_quarkspw_filedump.yml
|
Changed category names and remove sysmon log source
|
2020-06-24 17:41:21 +02:00 |
sysmon_redmimicry_winnti_filedrop.yml
|
fix: renamed files and lien break change
|
2020-07-01 09:48:48 +02:00 |
sysmon_susp_adsi_cache_usage.yml
|
Re-fix sysmon rules that are lost changes with category refactoring.
|
2020-07-06 10:55:42 -04:00 |
sysmon_susp_desktop_ini.yml
|
Changed category names and remove sysmon log source
|
2020-06-24 17:41:21 +02:00 |
sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml
|
Updated to include sub-technique mapping
|
2020-07-18 02:29:58 +01:00 |
sysmon_tsclient_filewrite_startup.yml
|
Fixes for rules in the sysmon file_event category
|
2020-07-03 16:22:29 -04:00 |
sysmon_webshell_creation_detect.yml
|
Changed category names and remove sysmon log source
|
2020-06-24 17:41:21 +02:00 |
sysmon_wmi_persistence_script_event_consumer_write.yml
|
add wmi persistence script event consumer false positive
|
2020-07-20 12:27:16 +08:00 |
win_susp_desktopimgdownldr_file.yml
|
docs: more references
|
2020-07-03 13:19:44 +02:00 |