| .. |
|
sysmon_bitsadmin_download.yml
|
Added field names to first rules
|
2017-09-12 23:54:04 +02:00 |
|
sysmon_dhcp_calloutdll.yml
|
Corrected rule
|
2017-05-25 12:06:23 +02:00 |
|
sysmon_dns_serverlevelplugindll.yml
|
Added field names to first rules
|
2017-09-12 23:54:04 +02:00 |
|
sysmon_malware_backconnect_ports.yml
|
Rules: Suspicious locations and back connect ports
|
2017-03-19 15:22:27 +01:00 |
|
sysmon_malware_script_dropper.yml
|
Added field names to first rules
|
2017-09-12 23:54:04 +02:00 |
|
sysmon_malware_verclsid_shellcode.yml
|
Sysmon as 'service' of product 'windows'
|
2017-03-13 09:23:08 +01:00 |
|
sysmon_mimikatz_detection_lsass.yml
|
Removed unneeded array
|
2017-10-18 15:12:29 +02:00 |
|
sysmon_mimikatz_inmemory_detection.yml
|
Removed 'last' from timeframe
|
2017-08-05 00:32:24 +02:00 |
|
sysmon_mshta_spawn_shell.yml
|
Added field names to first rules
|
2017-09-12 23:54:04 +02:00 |
|
sysmon_office_macro_cmd.yml
|
Added field names to first rules
|
2017-09-12 23:54:04 +02:00 |
|
sysmon_office_shell.yml
|
Added field names to first rules
|
2017-09-12 23:54:04 +02:00 |
|
sysmon_password_dumper_lsass.yml
|
Sysmon as 'service' of product 'windows'
|
2017-03-13 09:23:08 +01:00 |
|
sysmon_plugx_susp_exe_locations.yml
|
Added field names to first rules
|
2017-09-12 23:54:04 +02:00 |
|
sysmon_powershell_download.yml
|
Added field names to first rules
|
2017-09-12 23:54:04 +02:00 |
|
sysmon_powershell_network_connection.yml
|
Reduced to user accounts
|
2017-03-13 19:09:29 +01:00 |
|
sysmon_powershell_suspicious_parameter_combo.yml
|
Bugfix in rule
|
2017-03-13 15:09:48 +01:00 |
|
sysmon_powershell_suspicious_parameter_variation.yml
|
Rule: Suspicious PowerShell Parameter Substring
|
2017-03-13 17:23:25 +01:00 |
|
sysmon_susp_certutil_command.yml
|
Added field names to first rules
|
2017-09-12 23:54:04 +02:00 |
|
sysmon_susp_cmd_http_appdata.yml
|
Added field names to first rules
|
2017-09-12 23:54:04 +02:00 |
|
sysmon_susp_control_dll_load.yml
|
Added field names to first rules
|
2017-09-12 23:54:04 +02:00 |
|
sysmon_susp_driver_load.yml
|
Sysmon as 'service' of product 'windows'
|
2017-03-13 09:23:08 +01:00 |
|
sysmon_susp_exec_folder.yml
|
Executables Started in Suspicious Folder
|
2017-10-14 23:23:04 +02:00 |
|
sysmon_susp_execution_path_webserver.yml
|
Added field names to first rules
|
2017-09-12 23:54:04 +02:00 |
|
sysmon_susp_execution_path.yml
|
Added field names to first rules
|
2017-09-12 23:54:04 +02:00 |
|
sysmon_susp_mmc_source.yml
|
Added field names to first rules
|
2017-09-12 23:54:04 +02:00 |
|
sysmon_susp_net_execution.yml
|
Added field names to first rules
|
2017-09-12 23:54:04 +02:00 |
|
sysmon_susp_powershell_parent_combo.yml
|
Added field names to first rules
|
2017-09-12 23:54:04 +02:00 |
|
sysmon_susp_prog_location_network_connection.yml
|
Rules: Suspicious locations and back connect ports
|
2017-03-19 15:22:27 +01:00 |
|
sysmon_susp_recon_activity.yml
|
Added field names to first rules
|
2017-09-12 23:54:04 +02:00 |
|
sysmon_susp_regsvr32_anomalies.yml
|
Added field names to first rules
|
2017-09-12 23:54:04 +02:00 |
|
sysmon_susp_run_key_img_folder.yml
|
Rule: New RUN Key Pointing to Suspicious Folder
|
2017-10-17 16:19:56 +02:00 |
|
sysmon_susp_schtask_creation.yml
|
Added field names to first rules
|
2017-09-12 23:54:04 +02:00 |
|
sysmon_susp_script_execution.yml
|
Added field names to first rules
|
2017-09-12 23:54:04 +02:00 |
|
sysmon_susp_svchost.yml
|
Added field names to first rules
|
2017-09-12 23:54:04 +02:00 |
|
sysmon_susp_vssadmin_ntds_activity.yml
|
Added field names to first rules
|
2017-09-12 23:54:04 +02:00 |
|
sysmon_susp_wmi_execution.yml
|
Added field names to first rules
|
2017-09-12 23:54:04 +02:00 |
|
sysmon_uac_bypass_eventvwr.yml
|
Added field names to first rules
|
2017-09-12 23:54:04 +02:00 |
|
sysmon_uac_bypass_sdclt.yml
|
Bugfix: Minor fix cause Sysmon uses SID as Software key
|
2017-03-21 10:44:53 +01:00 |
|
sysmon_vul_java_remote_debugging.yml
|
Added field names to first rules
|
2017-09-12 23:54:04 +02:00 |
|
sysmon_vuln_cve_2017_8759.yml
|
CVE-2017-8759 - Winword.exe > csc.exe
|
2017-09-15 15:49:56 +02:00 |
|
sysmon_webshell_detection.yml
|
Added field names to first rules
|
2017-09-12 23:54:04 +02:00 |
|
sysmon_webshell_spawn.yml
|
Added field names to first rules
|
2017-09-12 23:54:04 +02:00 |
|
sysmon_win_binary_github_com.yml
|
Rule: Microsoft Binary Github Communication
|
2017-08-24 18:27:40 +02:00 |
