SigmaHQ/rules/windows
2021-04-20 20:05:51 +05:45
..
builtin more AV event and suspicious commands 2021-01-07 17:54:19 +01:00
deprecated fix: buggy rule 2020-05-23 18:32:02 +02:00
driver_load att&ck tags review: windows/builtin, windows/driver_load, windows/file_event, windows/image_load, windows/other 2020-08-25 01:09:17 +02:00
file_event Added rules for successful exploitation fo CVE-2021-26857/8 in Exchannge 2021-03-03 12:46:50 +05:45
image_load Update the azure image_load rule to be a generic sysmon rule 2020-12-23 16:29:49 -05:00
malware more AV event and suspicious commands 2021-01-07 17:54:19 +01:00
network_connection added missing ATT&CK v6.3 IDs with comments and removed unnecessary "modified" attributes 2020-08-25 23:51:22 +00:00
other fix reference field + add test for references in plural form 2020-11-27 10:17:45 +01:00
powershell fix: Malicious Nishang PowerShell Commandlets FP with MDATP 2020-12-05 09:33:42 +01:00
process_access Split up cmstp rule into 3 separate rules and remove duplicates 2020-12-23 12:17:39 -05:00
process_creation Added rule for Lazarus activity of Apr 2021 2021-04-20 20:05:51 +05:45
registry_event Added Stealthy Office Persistence via VSTO 2021-01-10 17:54:17 +05:45
sysmon Merge pull request #1315 from rtkdmasse/split-up-cmstp-rule 2021-01-09 10:30:33 +01:00