New Deployed Rules
SentinelOne EDR 1. User Deleted 2. User Logged In to Management Console Process Creation 3. Use of Remote.exe 4. Use of Pcalua For Execution 5. Process Memory Dump Via Dotnet-Dump 6. Detect Virtualbox Driver Installation OR Starting Of VMs 7. Suspicious VBoxDrvInst.exe Parameters 8. Uninstall Crowdstrike Falcon Sensor 9. Suspicious Download Via Certutil.EXE […]
