thomaspatzke Merge pull request #186 from megan201296/patch-15
Update sysmon_cmstp_com_object_access.yml
Latest commit 732de34 Oct 18, 2018
Permalink
..
Failed to load latest commit information.
sysmon_ads_executable.yml Further ATT&CK tagging Jul 19, 2018
sysmon_attrib_hiding_files.yml Escaped * where required Aug 10, 2018
sysmon_bitsadmin_download.yml ATT&CK software tag is added to Bitsadmin Download rule Jul 20, 2018
sysmon_bypass_squiblytwo.yml Further ATT&CK tagging Jul 19, 2018
sysmon_cmdkey_recon.yml style: changed title casing and minor fixes Sep 4, 2018
sysmon_cmstp_com_object_access.yml Update sysmon_cmstp_com_object_access.yml Oct 10, 2018
sysmon_cmstp_execution.yml Further ATT&CK tagging Jul 19, 2018
sysmon_dhcp_calloutdll.yml Cleaning up empty list items Jan 27, 2018
sysmon_dns_serverlevelplugindll.yml Simplified rule conditions with new condition constructs Mar 6, 2018
sysmon_exploit_cve_2015_1641.yml Rule: CVE-2015-1641 Feb 22, 2018
sysmon_exploit_cve_2017_0261.yml Lowered severity of rule - prone to false positives Feb 22, 2018
sysmon_exploit_cve_2017_11882.yml Cleaning up empty list items Jan 27, 2018
sysmon_exploit_cve_2017_8759.yml Fixed file names "vuln" > "exploit" Feb 22, 2018
sysmon_ghostpack_safetykatz.yml Cosmetics Jul 25, 2018
sysmon_lethalhta.yml style: renamed rule files to all lower case Sep 8, 2018
sysmon_mal_namedpipes.yml Remove duplicate value Oct 8, 2018
sysmon_malware_backconnect_ports.yml Fixed spelling mistake Jul 9, 2018
sysmon_malware_script_dropper.yml Added field names to first rules Sep 12, 2017
sysmon_malware_verclsid_shellcode.yml Fixed typoes Jul 10, 2018
sysmon_mimikatz_detection_lsass.yml ATT&CK tagging QA Sep 20, 2018
sysmon_mimikatz_inmemory_detection.yml added a few mitre attack tags to windows sysmon rules Jul 27, 2018
sysmon_mshta_spawn_shell.yml ATT&CK tagging of MSHTA Spawning Windows Shell Jul 20, 2018
sysmon_office_macro_cmd.yml Change All "str" references to be "list"to mach schema update Jan 27, 2018
sysmon_office_shell.yml added additional binaries and attack tactics/techniques Jul 23, 2018
sysmon_outlook_shell.yml Rule: Outlook spawning shells to detect Turla like C&C via Outlook Mar 10, 2018
sysmon_password_dumper_lsass.yml ATT&CK tagging Jul 17, 2018
sysmon_plugx_susp_exe_locations.yml Cleaning up empty list items Jan 27, 2018
sysmon_powershell_amsi_bypass.yml Add MITRE ATT&CK Tagging Oct 10, 2018
sysmon_powershell_dll_execution.yml style: renamed rule files to all lower case Sep 8, 2018
sysmon_powershell_download.yml added a few mitre attack tags to windows sysmon rules Jul 27, 2018
sysmon_powershell_exploit_scripts.yml Add ATT&CK Matrix tags Aug 22, 2018
sysmon_powershell_network_connection.yml Update sysmon_powershell_network_connection.yml Oct 10, 2018
sysmon_powershell_suspicious_parameter_variation.yml Add MITRE ATT&CK tagging Aug 22, 2018
sysmon_powersploit_schtasks.yml Update sysmon_powersploit_schtasks.yml Oct 10, 2018
sysmon_quarkspw_filedump.yml Various rule fixes Mar 27, 2018
sysmon_rundll32_net_connections.yml added a few mitre attack tags to windows sysmon rules Jul 27, 2018
sysmon_sdbinst_shim_persistence.yml Fixed tag and date Aug 7, 2018
sysmon_shell_spawn_susp_program.yml fix: fixed date in rule Oct 10, 2018
sysmon_stickykey_like_backdoor.yml Fixed tag Jul 24, 2018
sysmon_susp_certutil_command.yml Include cases in which certutil.exe is used Sep 23, 2018
sysmon_susp_cmd_http_appdata.yml Change "reference" to "references" to match new schema Jan 27, 2018
sysmon_susp_control_dll_load.yml Change All "str" references to be "list"to mach schema update Jan 27, 2018
sysmon_susp_driver_load.yml Update sysmon_susp_driver_load.yml Jul 13, 2018
sysmon_susp_exec_folder.yml Cleaning up empty list items Jan 27, 2018
sysmon_susp_execution_path.yml Added field names to first rules Sep 12, 2017
sysmon_susp_execution_path_webserver.yml Added field names to first rules Sep 12, 2017
sysmon_susp_image_load.yml user subTee was removed from Twitter Jul 4, 2018
sysmon_susp_mmc_source.yml Update sysmon_susp_mmc_source.yml Jul 13, 2018
sysmon_susp_net_execution.yml added a few mitre attack tags to windows sysmon rules Jul 27, 2018
sysmon_susp_ping_hex_ip.yml Rule: Ping hex IP address Mar 23, 2018
sysmon_susp_powershell_parent_combo.yml Update sysmon_susp_powershell_parent_combo.yml Oct 10, 2018
sysmon_susp_powershell_rundll32.yml Update sysmon_susp_powershell_rundll32.yml Oct 10, 2018
sysmon_susp_prog_location_network_connection.yml Change All "str" references to be "list"to mach schema update Jan 27, 2018
sysmon_susp_recon_activity.yml Added field names to first rules Sep 12, 2017
sysmon_susp_reg_persist_explorer_run.yml rule: Changed Registry persistence Explorer RUN key rule Jul 19, 2018
sysmon_susp_regsvr32_anomalies.yml added a few mitre attack tags to windows sysmon rules Jul 27, 2018
sysmon_susp_run_key_img_folder.yml Rule simplification Sep 28, 2018
sysmon_susp_schtask_creation.yml ATT&CK tagging of Scheduled Task Creation Jul 22, 2018
sysmon_susp_script_execution.yml Massive Title Cleanup Jan 27, 2018
sysmon_susp_svchost.yml added att&ck tactic Aug 7, 2018
sysmon_susp_taskmgr_localsystem.yml Rule: Suspicious taskmgr as LOCAL_SYSTEM Mar 19, 2018
sysmon_susp_taskmgr_parent.yml Several rule updates Mar 19, 2018
sysmon_susp_tscon_localsystem.yml Rules: tscon.exe anomalies Mar 17, 2018
sysmon_susp_tscon_rdp_redirect.yml Improved tscon rule Mar 20, 2018
sysmon_susp_vssadmin_ntds_activity.yml Update att&ck tag Aug 7, 2018
sysmon_susp_wmi_execution.yml Update sysmon_susp_wmi_execution.yml Aug 7, 2018
sysmon_sysinternals_eula_accepted.yml Rule: SysInternals EULA accept improved and renamed Aug 30, 2018
sysmon_system_exe_anomaly.yml added att&ck tactic Aug 7, 2018
sysmon_uac_bypass_eventvwr.yml Fixed tags Aug 7, 2018
sysmon_uac_bypass_sdclt.yml Tag fixes Aug 7, 2018
sysmon_vul_java_remote_debugging.yml fixed typo Jul 16, 2018
sysmon_webshell_detection.yml added att&ck tag Aug 7, 2018
sysmon_webshell_spawn.yml added att&ck tag Aug 7, 2018
sysmon_win_binary_github_com.yml Rule: Improved Github communication rule Aug 30, 2018
sysmon_win_binary_susp_com.yml Rule: Suspicious communication endpoints Aug 30, 2018
sysmon_win_reg_persistence.yaml added att&ck tag Aug 7, 2018
sysmon_wmi_persistence_commandline_event_consumer.yml added a few mitre attack tags to windows sysmon rules Jul 27, 2018
sysmon_wmi_persistence_script_event_consumer_write.yml added a few mitre attack tags to windows sysmon rules Jul 27, 2018
sysmon_workflow_compiler.yml Fixed rule Aug 23, 2018