.. |
sysmon_abusing_azure_browser_sso.yml
|
Update the azure image_load rule to be a generic sysmon rule
|
2020-12-23 16:29:49 -05:00 |
sysmon_in_memory_powershell.yml
|
Update sysmon_in_memory_powershell.yml
|
2020-10-18 01:16:11 +03:00 |
sysmon_mimikatz_inmemory_detection.yml
|
Update sysmon_mimikatz_inmemory_detection.yml
|
2020-10-15 16:05:11 -03:00 |
sysmon_powershell_execution_moduleload.yml
|
att&ck tags review: windows/builtin, windows/driver_load, windows/file_event, windows/image_load, windows/other
|
2020-08-25 01:09:17 +02:00 |
sysmon_susp_fax_dll.yml
|
att&ck tags review: windows/builtin, windows/driver_load, windows/file_event, windows/image_load, windows/other
|
2020-08-25 01:09:17 +02:00 |
sysmon_susp_image_load.yml
|
Update sysmon_susp_image_load.yml
|
2020-10-15 16:05:50 -03:00 |
sysmon_susp_office_dotnet_assembly_dll_load.yml
|
Remove additional backslash
|
2020-11-19 23:08:40 -03:00 |
sysmon_susp_office_dotnet_clr_dll_load.yml
|
Update sysmon_susp_office_dotnet_clr_dll_load.yml
|
2020-10-15 16:06:47 -03:00 |
sysmon_susp_office_dotnet_gac_dll_load.yml
|
Update sysmon_susp_office_dotnet_gac_dll_load.yml
|
2020-10-15 16:07:10 -03:00 |
sysmon_susp_office_dsparse_dll_load.yml
|
Update sysmon_susp_office_dsparse_dll_load.yml
|
2020-10-27 22:13:02 -03:00 |
sysmon_susp_office_kerberos_dll_load.yml
|
Update sysmon_susp_office_kerberos_dll_load.yml
|
2020-10-15 16:09:03 -03:00 |
sysmon_susp_script_dotnet_clr_dll_load.yml
|
adding slashes
|
2020-10-15 17:51:21 +05:30 |
sysmon_susp_winword_vbadll_load.yml
|
Update sysmon_susp_winword_vbadll_load.yml
|
2020-10-15 16:09:21 -03:00 |
sysmon_susp_winword_wmidll_load.yml
|
Merge branch 'oscd'
|
2021-03-02 22:58:41 +03:00 |
sysmon_suspicious_dbghelp_dbgcore_load.yml
|
att&ck tags review: windows/builtin, windows/driver_load, windows/file_event, windows/image_load, windows/other
|
2020-08-25 01:09:17 +02:00 |
sysmon_svchost_dll_search_order_hijack.yml
|
Remove additional backslash
|
2020-11-19 23:09:50 -03:00 |
sysmon_tttracer_mod_load.yml
|
Update sysmon_tttracer_mod_load.yml
|
2020-10-09 09:34:05 +03:00 |
sysmon_uac_bypass_via_dism.yml
|
Update sysmon_uac_bypass_via_dism.yml
|
2020-10-17 21:35:44 +02:00 |
sysmon_unsigned_image_loaded_into_lsass.yml
|
att&ck tags review: windows/builtin, windows/driver_load, windows/file_event, windows/image_load, windows/other
|
2020-08-25 01:09:17 +02:00 |
sysmon_wmi_module_load.yml
|
be more specific about file location
|
2020-07-09 13:33:59 -04:00 |
sysmon_wmi_persistence_commandline_event_consumer.yml
|
att&ck tags review: windows/builtin, windows/driver_load, windows/file_event, windows/image_load, windows/other
|
2020-08-25 01:09:17 +02:00 |