valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-06 17:35:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
d5f73a8910
SigmaHQ/rules/windows/sysmon
History
Cyb3rEng d5f73a8910
Updated Rule 
Completed the following updates on the rule:
- Modified the title
- incremented 4 spaces for references and tags
- updated false positives
- updated author
- updated description in detection section. 
- Removed the service: Sysmon, updated selection1.
2021-08-31 22:03:31 -06:00
..
Monitor_executable_and_script_files_creation_by_Office_applications_using_file_extentions.yml Updated Rule 2021-08-31 22:03:31 -06:00
Monitor_LOLBins_Process_Creations_by_Office_applications.yml Rule Update Review 2021-08-31 21:50:44 -06:00
Monitor_LOLBins_process_creations_with_Wmiprvse_parent_process.yml Updated Rule 2021-08-31 21:58:50 -06:00
Monitor_Office_Applications_from_proxy_executing_regsvr32_with_payload.yml Updated Rule 2021-08-31 21:58:09 -06:00
Office_Applications_Spawning_WMI_command-line.yml Add files via upload 2021-08-30 21:48:03 -06:00
sysmon_abusing_windows_telemetry_for_persistence.yml escape / in regex 2021-07-15 08:13:49 +02:00
sysmon_accessing_winapi_in_powershell_credentials_dumping.yml Merge branch 'master' into falsepositives_NOT_a_list 2021-05-27 10:23:19 +02:00
sysmon_config_modification.yml fix: Correct incorrect message / keyword usage 2021-08-12 16:28:07 +02:00
sysmon_cve_2021_31979_cve_2021_33771_exploits.yml Fix invalid tags 2021-08-25 09:15:57 +02:00
sysmon_dcom_iertutil_dll_hijack.yml Updated rules with modifiers instead of '*' and remove trailing '\\' 2021-06-27 14:51:29 +02:00
sysmon_dns_hybridconnectionmgr_servicebus.yml Convert eventID 22 to category dns_query 2021-06-10 16:43:33 +02:00
sysmon_pingback_backdoor.yml Fixed too many spaces after hyphen error 2021-05-05 12:48:29 +05:45
sysmon_wmiprvse_wbemcomn_dll_hijack.yml forget to add modified 2021-06-10 17:27:15 +02:00