| .. |
|
builtin
|
refactor: global rule match on system and security
|
2021-08-30 15:17:53 +02:00 |
|
create_remote_thread
|
Merging upstream updates
|
2021-07-01 12:18:30 +05:45 |
|
create_stream_hash
|
Merging upstream updates
|
2021-07-01 12:18:30 +05:45 |
|
deprecated
|
Merging upstream updates
|
2021-07-01 12:18:30 +05:45 |
|
dns_query
|
Removed EventID from generic DNS query rule
|
2021-07-08 07:41:11 +02:00 |
|
driver_load
|
fix: more changes to incomplete windivert rule
|
2021-08-07 11:22:44 +02:00 |
|
file_delete
|
Added rule for deletion of DLLs by PrintNightmare
|
2021-07-01 16:33:55 +05:45 |
|
file_event
|
Merge branch 'master' into rule-devel
|
2021-08-17 12:29:55 +02:00 |
|
image_load
|
update modified after FP fix
|
2021-08-18 18:17:53 +02:00 |
|
malware
|
rule: av hacktool events
|
2021-08-16 10:57:03 +02:00 |
|
network_connection
|
Merge branch 'master' into master
|
2021-07-11 00:32:55 +02:00 |
|
other
|
Merge pull request #1834 from secDre4mer/master
|
2021-08-16 09:16:33 +02:00 |
|
pipe_created
|
docs: note to improved sysmon config
|
2021-09-01 13:07:18 +02:00 |
|
powershell
|
fix: FPs with [reflection.assembly]::Load
|
2021-08-18 09:49:34 +02:00 |
|
process_access
|
new rule LittleCorporal generated maldoc process injection
|
2021-08-11 09:25:23 +02:00 |
|
process_creation
|
rules: cobalt strike rules refactored
|
2021-08-30 15:10:30 +02:00 |
|
raw_access_thread
|
Fix selection with only 1 element
|
2021-08-14 09:54:27 +02:00 |
|
registry_event
|
Fix selection with only 1 element
|
2021-08-14 09:54:27 +02:00 |
|
sysmon
|
fix: Correct incorrect message / keyword usage
|
2021-08-12 16:28:07 +02:00 |
|
wmi_event
|
Merging upstream updates
|
2021-07-01 12:18:30 +05:45 |
