security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
dev-v1.6.6
sigma-rules/hunting/windows/docs
T
History
Eric Forte 94c73e3ad7 [FR] Minor Typo Fixes (#5784)
2026-03-06 16:12:45 -06:00
..
createremotethread_by_source_process_with_low_occurrence.md
detect_dll_hijack_via_masquerading_as_microsoft_native_libraries.md
detect_masquerading_attempts_as_native_windows_binaries.md
detect_rare_dll_sideload_by_occurrence.md
detect_rare_lsass_process_access_attempts.md
[FR] Minor Typo Fixes (#5784)
2026-03-06 16:12:45 -06:00
domain_names_queried_via_lolbins_and_with_low_occurrence_frequency.md
[FR] Minor Typo Fixes (#5784)
2026-03-06 16:12:45 -06:00
drivers_load_with_low_occurrence_frequency.md
excessive_rdp_network_activity_by_source_host_and_user.md
excessive_smb_network_activity_by_process_id.md
executable_file_creation_by_an_unusual_microsoft_binary.md
[FR] Minor Typo Fixes (#5784)
2026-03-06 16:12:45 -06:00
execution_via_network_logon_by_occurrence_frequency_by_top_source_ip.md
execution_via_remote_services_by_client_address.md
execution_via_startup_with_low_occurrence_frequency.md
execution_via_windows_management_instrumentation_by_occurrence_frequency_by_unique_agent.md
execution_via_windows_scheduled_task_with_low_occurrence_frequency.md
execution_via_windows_services_with_low_occurrence_frequency.md
high_count_of_network_connection_over_extended_period_by_process.md
libraries_loaded_by_svchost_with_low_occurrence_frequency.md
microsoft_office_child_processes_with_low_occurrence_frequency.md
network_discovery_via_sensitive_ports_by_unusual_process.md
pe_file_transfer_via_smb_admin_shares_by_agent.md
persistence_via_run_key_with_low_occurrence_frequency.md
persistence_via_startup_with_low_occurrence_frequency.md
potential_exfiltration_by_process_total_egress_bytes.md
rundll32_execution_aggregated_by_cmdline.md
scheduled_task_creation_by_action_via_registry.md
scheduled_tasks_creation_for_unique_hosts_by_task_command.md
suspicious_base64_encoded_powershell_commands.md
suspicious_dns_txt_record_lookups_by_process.md
unique_windows_services_creation_by_servicefilename.md
windows_command_and_scripting_interpreter_from_unusual_parent.md
windows_logon_activity_by_source_ip.md