valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 01:45:21 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
e4d764ceba
SigmaHQ/rules/windows/builtin
History
IeM e4d764ceba Create win_pass_the_hash.yml 
Rule to detects the attack technique pass the hash which is used to move laterally inside the network
2017-03-08 18:04:31 +01:00
..
win_alert_mimikatz_keywords.yml Windows Built-In rules > LogSource definition 2017-03-05 23:55:52 +01:00
win_av_relevant_match.yml Windows Built-In rules > LogSource definition 2017-03-05 23:55:52 +01:00
win_malicious_service_install.yml Windows Malicious Password Dumper Service Installs 2017-03-05 23:52:02 +01:00
win_pass_the_hash.yml Create win_pass_the_hash.yml 2017-03-08 18:04:31 +01:00
win_susp_add_sid_history.yml Windows Built-In rules > LogSource definition 2017-03-05 23:55:52 +01:00
win_susp_dsrm_password_change.yml Windows Built-In rules > LogSource definition 2017-03-05 23:55:52 +01:00
win_susp_eventlog_cleared.yml Windows Built-In rules > LogSource definition 2017-03-05 23:55:52 +01:00
win_susp_failed_logon_reasons.yml Windows Built-In rules > LogSource definition 2017-03-05 23:55:52 +01:00
win_susp_failed_logons_single_source.yml Windows Built-In rules > LogSource definition 2017-03-05 23:55:52 +01:00
win_susp_kerberos_manipulation.yml Windows Built-In rules > LogSource definition 2017-03-05 23:55:52 +01:00
win_susp_lsass_dump.yml Windows Built-In rules > LogSource definition 2017-03-05 23:55:52 +01:00
win_susp_rc4_kerberos.yml Windows Built-In rules > LogSource definition 2017-03-05 23:55:52 +01:00
win_susp_recon_activity.yml Rule: Windows - Recon Activity (improved) 2017-03-07 13:06:38 +01:00
win_susp_security_eventlog_cleared.yml Windows Built-In rules > LogSource definition 2017-03-05 23:55:52 +01:00