 frack113
|
4c85858e12
|
split global sysmon_regsvr32_network_activity.yml
|
2021-09-21 10:33:47 +02:00 |
|
|
frack113
|
2a76c469e0
|
normalise name
|
2021-09-11 13:34:19 +02:00 |
|
|
frack113
|
d9cd1652f2
|
Split global sysmon rules
|
2021-09-09 16:11:41 +02:00 |
|
|
Thomas Patzke
|
103a8f8052
|
Removed EventID from generic DNS query rule
|
2021-07-08 07:41:11 +02:00 |
|
|
Florian Roth
|
c0b93a010c
|
NCCGroup rules from rclone blog post
https://research.nccgroup.com/2021/05/27/detecting-rclone-an-effective-tool-for-exfiltration/
|
2021-05-27 12:49:40 +02:00 |
|
|
Steven
|
0c9a82af89
|
- Remove 'service: sysmon' since defining the categories made the rules generic
|
2020-10-02 09:37:52 +02:00 |
|
|
Steven
|
8b74abe0bc
|
- Created new categories for sysmon events
- Replaced the explicit EventIDs with the reference to the category
- Moved the rules to the corresponding directories
|
2020-09-30 20:44:14 +02:00 |
|