valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 09:48:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
c05dacb1f0
SigmaHQ/rules/windows/process_access
History
frack113 895a2f6154 fix 3 times the same name file
2021-07-02 11:01:07 +02:00
..
sysmon_cmstp_execution_by_access.yml fix 3 times the same name file 2021-07-02 11:01:07 +02:00
sysmon_cred_dump_lsass_access.yml Add Windows Defender on WL 2021-05-16 14:10:33 +02:00
sysmon_in_memory_assembly_execution.yml Add filter on sdiagnhost.exe in Suspicious In-Memory Module Execution rule 2021-05-16 16:03:33 +02:00
sysmon_invoke_phantom.yml Update sysmon_invoke_phantom.yml 2020-11-20 01:30:58 -03:00
sysmon_lazagne_cred_dump_lsass_access.yml Update sysmon_lazagne_cred_dump_lsass_access.yml 2020-11-20 01:33:04 -03:00
sysmon_load_undocumented_autoelevated_com_interface.yml Fixes and improvements 2021-04-03 00:08:55 +02:00
sysmon_lsass_dump_comsvcs_dll.yml fix TargetImage|endswith 2021-06-21 21:21:34 +02:00
sysmon_lsass_memdump.yml fix TargetImage|endswith 2021-06-21 21:19:04 +02:00
sysmon_malware_verclsid_shellcode.yml Update sysmon_malware_verclsid_shellcode.yml 2020-11-20 01:34:43 -03:00
sysmon_mimikatz_trough_winrm.yml fix TargetImage|endswith 2021-06-21 21:14:36 +02:00
sysmon_svchost_cred_dump.yml fix: several issues 2021-06-14 09:42:25 +02:00
win_susp_shell_spawn_from_winrm.yml Update win_susp_shell_spawn_from_winrm.yml 2021-05-22 15:28:50 +02:00