Cyb3rEng ca19f43a06 Resolved more issues from last commit as per comments ... Added the following fixes to text inside the rule: date attack.defense_evasion added custom id		2021-09-09 21:35:21 -06:00
..
Monitor_executable_and_script_files_creation_by_Office_applications_using_file_extentions.yml	Resolved more issues from last commit as per comments	2021-09-09 21:33:36 -06:00
Monitor_LOLBins_Process_Creations_by_Office_applications.yml	changed id uuid to v4	2021-09-09 21:31:20 -06:00
Monitor_LOLBins_process_creations_with_Wmiprvse_parent_process.yml	Resolved more issues from last commit as per comments	2021-09-09 21:31:57 -06:00
Monitor_Office_Applications_from_proxy_executing_regsvr32_with_payload.yml	Resolved more issues from last commit as per comments	2021-09-09 21:32:42 -06:00
Office_Applications_Spawning_WMI_command-line.yml	Resolved more issues from last commit as per comments	2021-09-09 21:35:21 -06:00
sysmon_abusing_windows_telemetry_for_persistence.yml	Various fixes	2021-09-07 23:38:07 +02:00
sysmon_accessing_winapi_in_powershell_credentials_dumping.yml	Merge branch 'master' into falsepositives_NOT_a_list	2021-05-27 10:23:19 +02:00
sysmon_config_modification_error.yml	Split global rules	2021-09-07 13:30:32 +02:00
sysmon_config_modification_status.yml	Split global rules	2021-09-07 13:30:32 +02:00
sysmon_cve_2021_31979_cve_2021_33771_exploits.yml	Update global ID	2021-09-02 21:16:55 +02:00
sysmon_dcom_iertutil_dll_hijack.yml	Updated rules with modifiers instead of '*' and remove trailing '\\'	2021-06-27 14:51:29 +02:00
sysmon_dns_hybridconnectionmgr_servicebus.yml	Convert eventID 22 to category dns_query	2021-06-10 16:43:33 +02:00
sysmon_pingback_backdoor.yml	update global id	2021-09-02 21:03:25 +02:00
sysmon_wmiprvse_wbemcomn_dll_hijack.yml	Update global ID	2021-09-02 20:07:03 +02:00