SigmaHQ/rules/windows/registry_event
yugoslavskiy 29fe6e46d8
Merge pull request #1211 from zipa-original/win_persistence_telemetry
[OSCD] Added a rule to detect abusing windows telemetry for persistence
2021-01-06 00:20:51 +03:00
..
sysmon_apt_leviathan.yml att&ck tags review: windows/registry_event 2020-09-06 22:10:44 +03:00
sysmon_apt_oceanlotus_registry.yml Update sysmon_apt_oceanlotus_registry.yml 2020-11-20 01:51:53 -03:00
sysmon_apt_pandemic.yml Update sysmon_apt_pandemic.yml 2020-07-16 08:48:32 +02:00
sysmon_asep_reg_keys_modification.yml simplify syntax 2020-11-04 23:03:34 +01:00
sysmon_bypass_via_wsreset.yml Some fixes for rules 2020-10-14 19:06:59 +03:00
sysmon_cmstp_execution.yml Fix 2020-11-20 01:53:15 -03:00
sysmon_cve-2020-1048.yml att&ck tags review: windows/registry_event 2020-09-06 22:10:44 +03:00
sysmon_dhcp_calloutdll.yml Update sysmon_dhcp_calloutdll.yml 2020-10-15 20:02:58 -03:00
sysmon_disable_security_events_logging_adding_reg_key_minint.yml att&ck tags review: windows/registry_event 2020-09-06 22:10:44 +03:00
sysmon_dns_serverlevelplugindll.yml Update sysmon_dns_serverlevelplugindll.yml 2020-11-28 13:46:02 -03:00
sysmon_etw_disabled.yml refactor: sysmon rule cleanup > generlization 2020-07-01 10:58:39 +02:00
sysmon_hack_wce_reg.yml Remove out of context falsepositive 2020-11-20 01:55:48 -03:00
sysmon_logon_scripts_userinitmprlogonscript_reg.yml Update sysmon_logon_scripts_userinitmprlogonscript_reg.yml 2020-10-15 20:04:05 -03:00
sysmon_modify_screensaver_binary_path.yml remove redundant reference 2020-10-11 23:39:08 +02:00
sysmon_narrator_feedback_persistance.yml att&ck tags review: windows/registry_event 2020-09-06 22:10:44 +03:00
sysmon_new_dll_added_to_appcertdlls_registry_key.yml att&ck tags review: windows/registry_event 2020-09-06 22:10:44 +03:00
sysmon_new_dll_added_to_appinit_dlls_registry_key.yml Update sysmon_new_dll_added_to_appinit_dlls_registry_key.yml 2020-10-15 20:04:31 -03:00
sysmon_possible_privilege_escalation_via_service_registry_permissions_weakness.yml att&ck tags review: windows/registry_event 2020-09-06 22:10:44 +03:00
sysmon_powershell_as_service.yml Splitting into two 2020-10-18 02:16:11 +03:00
sysmon_rdp_registry_modification.yml Changed category names and remove sysmon log source 2020-06-24 17:41:21 +02:00
sysmon_rdp_settings_hijack.yml Update sysmon_rdp_settings_hijack.yml 2020-10-15 20:04:57 -03:00
sysmon_redmimicry_winnti_reg.yml fix: renamed files and lien break change 2020-07-01 09:48:48 +02:00
sysmon_reg_office_security.yml Update sysmon_reg_office_security.yml 2020-10-15 20:05:11 -03:00
sysmon_registry_persistence_key_linking.yml Update sysmon_registry_persistence_key_linking.yml 2020-11-20 01:57:34 -03:00
sysmon_registry_persistence_search_order.yml Update sysmon_registry_persistence_search_order.yml 2020-11-28 18:30:41 +01:00
sysmon_registry_trust_record_modification.yml att&ck tags review: windows/registry_event 2020-09-06 22:10:44 +03:00
sysmon_runonce_persistence.yml [OSCD] Added a rule to detect potential persistence using registry keys 2020-11-15 19:04:12 -05:00
sysmon_ssp_added_lsa_config.yml att&ck tags review: windows/registry_event 2020-09-06 22:10:44 +03:00
sysmon_stickykey_like_backdoor.yml Update sysmon_stickykey_like_backdoor.yml 2020-11-28 18:33:21 +01:00
sysmon_susp_atbroker_change.yml values enclosed in quotation marks' 2020-10-13 11:30:17 -07:00
sysmon_susp_download_run_key.yml Remove additional backlash 2020-11-20 02:01:43 -03:00
sysmon_susp_lsass_dll_load.yml Update sysmon_susp_lsass_dll_load.yml 2020-10-15 20:08:12 -03:00
sysmon_susp_mic_cam_access.yml Update sysmon_susp_mic_cam_access.yml 2020-11-20 02:02:26 -03:00
sysmon_susp_reg_persist_explorer_run.yml Update sysmon_susp_reg_persist_explorer_run.yml 2020-11-28 13:52:36 -03:00
sysmon_susp_run_key_img_folder.yml Update sysmon_susp_run_key_img_folder.yml 2020-11-28 13:54:59 -03:00
sysmon_susp_service_installed.yml Update sysmon_susp_service_installed.yml 2020-11-20 01:38:17 -03:00
sysmon_suspicious_keyboard_layout_load.yml Remove additional backlash 2020-11-20 01:38:57 -03:00
sysmon_sysinternals_eula_accepted.yml Update sysmon_sysinternals_eula_accepted.yml 2020-10-15 20:10:44 -03:00
sysmon_uac_bypass_eventvwr.yml Update sysmon_uac_bypass_eventvwr.yml 2020-11-20 01:41:20 -03:00
sysmon_uac_bypass_sdclt.yml Update sysmon_uac_bypass_sdclt.yml 2020-11-20 01:42:17 -03:00
sysmon_wab_dllpath_reg_change.yml Update sysmon_wab_dllpath_reg_change.yml 2020-10-18 00:19:27 +03:00
sysmon_win_reg_persistence.yml Update sysmon_win_reg_persistence.yml 2020-11-20 01:47:19 -03:00
sysmon_win_reg_telemetry_persistence.yml Add a technique tag 2020-10-17 08:46:57 +03:00