John Lambert 7ce5b3515b Create win_susp_powershell_hidden_b64_cmd.yml ...

Look in process creation events for powershell commands with base64 encoded content containing suspicious keywords. Require hidden flag to reduce FP.

2018-09-07 20:23:11 -07:00

..

builtin

Create win_susp_powershell_hidden_b64_cmd.yml

2018-09-07 20:23:11 -07:00

malware

fix: Bugfix in Adwind rule

2018-08-15 12:33:03 +02:00

other

Tagged windows powershell, other and malware rules.

2018-07-24 10:56:41 +02:00

powershell

Added quotation marks

2018-07-26 18:10:21 +02:00

sysmon

style: changed title casing and minor fixes

2018-09-04 16:15:41 +02:00