valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 17:58:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
f9be5b99ad
SigmaHQ/rules/windows/sysmon
History
Florian Roth f9be5b99ad Rule: Suspicious task creation description changed
2017-03-21 10:23:53 +01:00
..
sysmon_bitsadmin_download.yml Sysmon as 'service' of product 'windows' 2017-03-13 09:23:08 +01:00
sysmon_certutil_decode.yml Broader definition certutil.exe rule 2017-03-20 22:07:04 +01:00
sysmon_malware_backconnect_ports.yml Rules: Suspicious locations and back connect ports 2017-03-19 15:22:27 +01:00
sysmon_malware_verclsid_shellcode.yml Sysmon as 'service' of product 'windows' 2017-03-13 09:23:08 +01:00
sysmon_mimikatz_detection_lsass.yml Sysmon as 'service' of product 'windows' 2017-03-13 09:23:08 +01:00
sysmon_mimikatz_inmemory_detection.yml Sysmon as 'service' of product 'windows' 2017-03-13 09:23:08 +01:00
sysmon_mshta_spawn_shell.yml Sysmon as 'service' of product 'windows' 2017-03-13 09:23:08 +01:00
sysmon_office_macro_cmd.yml Sysmon as 'service' of product 'windows' 2017-03-13 09:23:08 +01:00
sysmon_office_shell.yml Sysmon as 'service' of product 'windows' 2017-03-13 09:23:08 +01:00
sysmon_password_dumper_lsass.yml Sysmon as 'service' of product 'windows' 2017-03-13 09:23:08 +01:00
sysmon_powershell_download.yml Sysmon as 'service' of product 'windows' 2017-03-13 09:23:08 +01:00
sysmon_powershell_network_connection.yml Reduced to user accounts 2017-03-13 19:09:29 +01:00
sysmon_powershell_suspicious_parameter_combo.yml Bugfix in rule 2017-03-13 15:09:48 +01:00
sysmon_powershell_suspicious_parameter_variation.yml Rule: Suspicious PowerShell Parameter Substring 2017-03-13 17:23:25 +01:00
sysmon_susp_driver_load.yml Sysmon as 'service' of product 'windows' 2017-03-13 09:23:08 +01:00
sysmon_susp_execution_path_webserver.yml Rule: Suspicious executions in web folders / non-exe folders 2017-03-13 23:56:06 +01:00
sysmon_susp_execution_path.yml Rules: Suspicious locations and back connect ports 2017-03-19 15:22:27 +01:00
sysmon_susp_mmc_source.yml Sysmon as 'service' of product 'windows' 2017-03-13 09:23:08 +01:00
sysmon_susp_powershell_parent_combo.yml Rule: Suspicious PowerShell parent image combination 2017-03-16 18:58:59 +01:00
sysmon_susp_prog_location_network_connection.yml Rules: Suspicious locations and back connect ports 2017-03-19 15:22:27 +01:00
sysmon_susp_recon_activity.yml Rule: Windows recon activity 2017-03-16 18:59:17 +01:00
sysmon_susp_schtask_creation.yml Rule: Suspicious task creation description changed 2017-03-21 10:23:53 +01:00
sysmon_susp_script_execution.yml Renamed and removed double space 2017-03-16 18:58:32 +01:00
sysmon_susp_vssadmin_ntds_activity.yml Added references to rule 2017-03-17 00:25:54 +01:00
sysmon_uac_bypass_eventvwr.yml Bugfix in UAC Rule 2017-03-19 19:46:19 +01:00
sysmon_uac_bypass_sdclt.yml Rule: UAC bypass via eventvwr, minor changes 2017-03-19 19:34:06 +01:00
sysmon_vssadmin_delete.yml Sysmon as 'service' of product 'windows' 2017-03-13 09:23:08 +01:00
sysmon_vul_java_remote_debugging.yml Sysmon as 'service' of product 'windows' 2017-03-13 09:23:08 +01:00
sysmon_webshell_detection.yml Sysmon as 'service' of product 'windows' 2017-03-13 09:23:08 +01:00
sysmon_webshell_spawn.yml Sysmon as 'service' of product 'windows' 2017-03-13 09:23:08 +01:00