SigmaHQ/rules/windows
2021-01-22 09:10:02 +01:00
..
builtin docs: removed CVE 2021-01-15 13:25:10 +01:00
deprecated fix: buggy rule 2020-05-23 18:32:02 +02:00
driver_load att&ck tags review: windows/builtin, windows/driver_load, windows/file_event, windows/image_load, windows/other 2020-08-25 01:09:17 +02:00
file_event Merge pull request #989 from oscd-initiative/master 2020-09-08 13:27:58 +02:00
image_load Update the azure image_load rule to be a generic sysmon rule 2020-12-23 16:29:49 -05:00
malware more AV event and suspicious commands 2021-01-07 17:54:19 +01:00
network_connection rework: impossible rule with Sysmon 2021-01-19 14:12:40 +01:00
other fix service from system to security for rule win_pcap_drivers.yml 2021-01-22 09:10:02 +01:00
powershell fix: Malicious Nishang PowerShell Commandlets FP with MDATP 2020-12-05 09:33:42 +01:00
process_access Split up cmstp rule into 3 separate rules and remove duplicates 2020-12-23 12:17:39 -05:00
process_creation Merge pull request #1336 from Neo23x0/rule-devel 2021-01-21 18:17:31 +01:00
registry_event Added Stealthy Office Persistence via VSTO 2021-01-10 17:54:17 +05:45
sysmon Merge pull request #1315 from rtkdmasse/split-up-cmstp-rule 2021-01-09 10:30:33 +01:00