valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 02:08:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
efc404fbae
SigmaHQ/rules/windows/sysmon
History
yugoslavskiy efc404fbae resolve conflicts with rule IDs; restored and deprecated sysmon_mimikatz_detection_lsass.yml
2019-11-19 02:11:19 +01:00
..
sysmon_ads_executable.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_alternate_powershell_hosts_moduleload.yml oscd task #6 done. 2019-11-10 18:43:41 +03:00
sysmon_alternate_powershell_hosts_pipe.yml oscd task #6 done. 2019-11-10 18:43:41 +03:00
sysmon_asep_reg_keys_modification.yml rename file 2019-11-10 21:56:34 +03:00
sysmon_cactustorch.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_cmstp_execution.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_cobaltstrike_process_injection.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_createremotethread_loadlibrary.yml oscd task #6 done. 2019-11-10 18:43:41 +03:00
sysmon_cred_dump_lsass_access.yml Update and rename sysmon_mimikatz_detection_lsass.yml to sysmon_cred_dump_lsass_access.yml 2019-11-08 02:05:34 +03:00
sysmon_cred_dump_tools_dropped_files.yml Update sysmon_cred_dump_tools_dropped_files.yml 2019-11-14 00:53:25 +03:00
sysmon_cred_dump_tools_named_pipes.yml oscd task #2 completed 2019-11-04 04:26:34 +03:00
sysmon_dhcp_calloutdll.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_disable_security_events_logging_adding_reg_key_minint.yml Update sysmon_disable_security_events_logging_adding_reg_key_minint.yml 2019-11-13 23:40:29 +03:00
sysmon_dns_serverlevelplugindll.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_ghostpack_safetykatz.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_in_memory_assembly_execution.yml Adding rule Suspicious In-Memory Module Execution 2019-10-28 22:07:26 -07:00
sysmon_logon_scripts_userinitmprlogonscript.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_lsass_memdump.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_lsass_memory_dump_file_creation.yml Update sysmon_lsass_memory_dump_file_creation.yml 2019-11-14 00:55:20 +03:00
sysmon_mal_namedpipes.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_malware_backconnect_ports.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_malware_verclsid_shellcode.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_mimikatz_inmemory_detection.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_mimikatz_trough_winrm.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_minidumwritedump_lsass.yml Update sysmon_minidumwritedump_lsass.yml 2019-11-14 00:32:06 +03:00
sysmon_narrator_feedback_persistance.yml Update sysmon_narrator_feedback_persistance.yml 2019-11-10 22:47:48 +03:00
sysmon_new_dll_added_to_appcertdlls_registry_key.yml Update sysmon_new_dll_added_to_appcertdlls_registry_key.yml 2019-11-14 00:19:30 +03:00
sysmon_new_dll_added_to_appinit_dlls_registry_key.yml Update sysmon_new_dll_added_to_appinit_dlls_registry_key.yml 2019-11-13 23:47:24 +03:00
sysmon_password_dumper_lsass.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_possible_dns_rebinding.yml Update sysmon_possible_dns_rebinding.yml 2019-11-14 00:08:50 +03:00
sysmon_possible_privilege_escalation_via_service_registry_permissions_weakness.yml Update sysmon_possible_privilege_escalation_via_service_registry_permissions_weakness.yml 2019-11-11 01:30:19 +03:00
sysmon_powershell_execution_moduleload.yml oscd task #6 done. 2019-11-10 18:43:41 +03:00
sysmon_powershell_execution_pipe.yml oscd task #6 done. 2019-11-10 18:43:41 +03:00
sysmon_powershell_exploit_scripts.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_powershell_network_connection.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_quarkspw_filedump.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_raw_disk_access_using_illegitimate_tools.yml Update sysmon_raw_disk_access_using_illegitimate_tools.yml 2019-11-14 00:58:00 +03:00
sysmon_rdp_registry_modification.yml oscd task #6 done. 2019-11-10 18:43:41 +03:00
sysmon_rdp_reverse_tunnel.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_rdp_settings_hijack.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_registry_persistence_key_linking.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_regsvr32_network_activity.yml Update sysmon_regsvr32_network_activity.yml 2019-11-10 22:51:53 +03:00
sysmon_remote_powershell_session_network.yml added: 2019-10-24 15:48:38 +02:00
sysmon_renamed_powershell.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_renamed_procdump.yml fix: casing fix in renamed procdump rule 2019-11-18 15:57:14 +01:00
sysmon_renamed_psexec.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_rundll32_net_connections.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_ssp_added_lsa_config.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_stickykey_like_backdoor.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_susp_download_run_key.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_susp_driver_load.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_susp_file_characteristics.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_susp_image_load.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_susp_lsass_dll_load.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_susp_powershell_rundll32.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_susp_prog_location_network_connection.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_susp_rdp.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_susp_reg_persist_explorer_run.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_susp_run_key_img_folder.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_suspicious_keyboard_layout_load.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_suspicious_outbound_kerberos_connection.yml Update sysmon_suspicious_outbound_kerberos_connection.yml 2019-11-14 00:10:05 +03:00
sysmon_suspicious_remote_thread.yml Update sysmon_suspicious_remote_thread.yml 2019-11-14 00:34:09 +03:00
sysmon_svchost_dll_search_order_hijack.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_sysinternals_eula_accepted.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_tsclient_filewrite_startup.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_uac_bypass_eventvwr.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_uac_bypass_sdclt.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_unsigned_image_loaded_into_lsass.yml Update sysmon_unsigned_image_loaded_into_lsass.yml 2019-11-14 00:58:39 +03:00
sysmon_webshell_creation_detect.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_win_binary_github_com.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_win_binary_susp_com.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_win_reg_persistence.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_wmi_event_subscription.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_wmi_module_load.yml oscd task #6 done. 2019-11-10 18:43:41 +03:00
sysmon_wmi_persistence_commandline_event_consumer.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_wmi_persistence_script_event_consumer_write.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_wmi_susp_scripting.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00