blue-team-tools

Files

T

Brad Kish 1e9d0e9653 Fixes for rules in the sysmon file_event category

Fix a couple of typos

For sysmon_hack_dumpert:
Make sure the logsource is category file_event and not sysmon. Don't set
the category at the global level. Instead set in the individual document.

2020-07-03 16:22:29 -04:00

sysmon_creation_system_file.yml

Changed category names and remove sysmon log source

2020-06-24 17:41:21 +02:00

sysmon_cred_dump_tools_dropped_files.yml

Changed category names and remove sysmon log source

2020-06-24 17:41:21 +02:00

sysmon_ghostpack_safetykatz.yml

Changed category names and remove sysmon log source

2020-06-24 17:41:21 +02:00

sysmon_hack_dumpert.yml

Fixes for rules in the sysmon file_event category

2020-07-03 16:22:29 -04:00

sysmon_lsass_memory_dump_file_creation.yml

Changed category names and remove sysmon log source

2020-06-24 17:41:21 +02:00

sysmon_office_persistence.yml

refactor: sysmon rule cleanup > generlization

2020-07-01 10:58:39 +02:00

sysmon_powershell_exploit_scripts.yml

Changed category names and remove sysmon log source

2020-06-24 17:41:21 +02:00

sysmon_quarkspw_filedump.yml

Changed category names and remove sysmon log source

2020-06-24 17:41:21 +02:00

sysmon_redmimicry_winnti_filedrop.yml

fix: renamed files and lien break change

2020-07-01 09:48:48 +02:00

sysmon_susp_adsi_cache_usage.yml

Changed category names and remove sysmon log source

2020-06-24 17:41:21 +02:00

sysmon_susp_desktop_ini.yml

Changed category names and remove sysmon log source

2020-06-24 17:41:21 +02:00

sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml

Changed category names and remove sysmon log source

2020-06-24 17:41:21 +02:00

sysmon_tsclient_filewrite_startup.yml

Fixes for rules in the sysmon file_event category

2020-07-03 16:22:29 -04:00

sysmon_webshell_creation_detect.yml

Changed category names and remove sysmon log source

2020-06-24 17:41:21 +02:00

sysmon_wmi_persistence_script_event_consumer_write.yml

Fixes for rules in the sysmon file_event category

2020-07-03 16:22:29 -04:00

win_susp_desktopimgdownldr_file.yml

docs: more references

2020-07-03 13:19:44 +02:00