valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 17:58:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
d1582944a7
SigmaHQ/rules/windows/file_event
History
Florian Roth 7ce7095c2c fix: title with lower case letters
2021-05-27 15:01:32 +02:00
..
sysmon_creation_system_file.yml Remove additional backslash 2020-11-19 22:58:50 -03:00
sysmon_cred_dump_tools_dropped_files.yml att&ck tags review: windows/builtin, windows/driver_load, windows/file_event, windows/image_load, windows/other 2020-08-25 01:09:17 +02:00
sysmon_cve_2021_26858_msexchange.yml Added rules for successful exploitation fo CVE-2021-26857/8 in Exchannge 2021-03-03 12:46:50 +05:45
sysmon_ghostpack_safetykatz.yml Update sysmon_ghostpack_safetykatz.yml 2020-10-15 15:59:09 -03:00
sysmon_hack_dumpert.yml att&ck tags review: windows/builtin, windows/driver_load, windows/file_event, windows/image_load, windows/other 2020-08-25 01:09:17 +02:00
sysmon_lsass_memory_dump_file_creation.yml att&ck tags review: windows/builtin, windows/driver_load, windows/file_event, windows/image_load, windows/other 2020-08-25 01:09:17 +02:00
sysmon_non_priv_program_files_move.yml Logic fix for sysmon_non_priv_program_files_move 2020-11-10 10:01:47 -05:00
sysmon_office_persistence.yml att&ck tags review: windows/builtin, windows/driver_load, windows/file_event, windows/image_load, windows/other 2020-08-25 01:09:17 +02:00
sysmon_pcre_net_temp_file.yml A few more - 7 Rules 2020-10-29 21:11:41 -04:00
sysmon_powershell_exploit_scripts.yml Update sysmon_powershell_exploit_scripts.yml 2020-10-15 16:00:20 -03:00
sysmon_quarkspw_filedump.yml Update sysmon_quarkspw_filedump.yml 2020-10-27 22:02:47 -03:00
sysmon_redmimicry_winnti_filedrop.yml fix: renamed files and lien break change 2020-07-01 09:48:48 +02:00
sysmon_startup_folder_file_write.yml Clean-up service: sysmon as it will be replaced by filling the category 2021-04-15 02:02:25 +02:00
sysmon_susp_adsi_cache_usage.yml Update sysmon_susp_adsi_cache_usage.yml 2020-10-27 22:04:31 -03:00
sysmon_susp_clr_logs.yml Update sysmon_susp_clr_logs.yml 2020-10-14 18:11:49 +05:30
sysmon_susp_desktop_ini.yml att&ck tags review: windows/builtin, windows/driver_load, windows/file_event, windows/image_load, windows/other 2020-08-25 01:09:17 +02:00
sysmon_susp_pfx_file_creation.yml Clean-up service: sysmon as it will be replaced by filling the category 2021-04-15 02:02:25 +02:00
sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml Update sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml 2020-10-27 22:10:17 -03:00
sysmon_tsclient_filewrite_startup.yml Remove additional backslash 2020-11-19 23:04:26 -03:00
sysmon_webshell_creation_detect.yml fixed various spelling errors all over rules and source code 2021-02-24 14:43:13 +00:00
sysmon_wmi_persistence_script_event_consumer_write.yml att&ck tags review: windows/builtin, windows/driver_load, windows/file_event, windows/image_load, windows/other 2020-08-25 01:09:17 +02:00
win_outlook_c2_macro_creation.yml Update and rename rules/windows/other/win_Outlook_C2_Macro_Creation.yml to rules/windows/file_event/win_outlook_c2_macro_creation.yml 2021-05-04 09:36:26 +02:00
win_rclone_exec_file.yml fix: title with lower case letters 2021-05-27 15:01:32 +02:00
win_susp_desktopimgdownldr_file.yml docs: more references 2020-07-03 13:19:44 +02:00
win_susp_multiple_files_renamed_or_deleted.yml Fixes and improvements 2021-04-03 00:08:55 +02:00