Jonhnathan
47 lines
1.7 KiB
YAML
47 lines
1.7 KiB
YAML
project: 'detection rules'
|
|
cross_links:
|
|
- docs-content
|
|
exclude:
|
|
- '_*.md'
|
|
- 'readme.md'
|
|
|
|
extensions:
|
|
- detection-rules
|
|
|
|
toc:
|
|
- file: index.md
|
|
detection_rules: ['../rules', '../rules_building_block']
|
|
- folder: audit_policies/windows
|
|
children:
|
|
- file: readme.md
|
|
- file: audit_authorization_policy_change.md
|
|
- file: audit_computer_account_management.md
|
|
- file: audit_detailed_file_share.md
|
|
- file: audit_directory_service_access.md
|
|
- file: audit_directory_service_changes.md
|
|
- file: audit_filtering_platform_connection.md
|
|
- file: audit_filtering_platform_packet_drop.md
|
|
- file: audit_handle_manipulation.md
|
|
- file: audit_logon.md
|
|
- file: audit_other_object_access_events.md
|
|
- file: audit_policy_change.md
|
|
- file: audit_process_creation_and_command_line.md
|
|
- file: audit_security_group_management.md
|
|
- file: audit_security_system_extension.md
|
|
- file: audit_sensitive_privilege_use.md
|
|
- file: audit_special_logon.md
|
|
- file: audit_token_right_adjusted_events.md
|
|
- file: audit_user_account_management.md
|
|
- file: audit_powershell_scriptblock.md
|
|
- file: sysmon_eventid1_process_creation.md
|
|
- file: sysmon_eventid2_file_creation_time_changed.md
|
|
- file: sysmon_eventid3_network_connection.md
|
|
- file: sysmon_eventid7_image_loaded.md
|
|
- file: sysmon_eventid8_createremotethread.md
|
|
- file: sysmon_eventid10_process_access.md
|
|
- file: sysmon_eventid11_file_create.md
|
|
- file: sysmon_eventid12_13_14_registry_event.md
|
|
- file: sysmon_eventid17_18_pipe_event.md
|
|
- file: sysmon_eventid19_20_21_wmi_event.md
|
|
- file: sysmon_eventid22_dns_query.md
|
|
- file: sysmon_eventid23_file_delete.md |