Contact us

Category: Rules

Sign up for our newsletter
Rules

New Deployed Rules

Process CreationSuspicious Execution Location Of Wermgr.EXEPotential CVE-2023-36874 Exploitation – Fake Wermgr ExecutionNetwork Reconnaissance ActivityNode Process ExecutionsNslookup PowerShell Download Cradle – Process CreationSuspicious Usage Of Active

Read More »
Rules

New Deployed Rules

Account ManagementOutgoing Logon with New CredentialsRottenPotato Like Attack PatternScanner PoC for CVE-2019-0708 RDP RCE Vuln File EventWebDAV Temporary Local File CreationSCR File Write Event Image

Read More »
Rules

New Deployed Rules

Process CreationMMC20 Lateral Movement Process CreationMMC Spawning Windows Shell Process CreationPotential Arbitrary Command Execution Using Msdt.EXE Process CreationSuspicious MSDT Parent Process Process CreationRemotely Hosted HTA

Read More »
Rules

New Deployed Rules

Account ManagementExternal Remote RDP Logon from Public IPKrbRelayUp Attack Pattern File EventSuspicious Get-Variable.exe CreationFile Creation In Suspicious Directory By Msdt.EXENTDS Exfiltration Filename Patterns Groups MonitoringA

Read More »
Rules

New Deployed Rules

Acount Management   1. Admin User Remote Logon    2. External Remote SMB Logon from Public IP AWS   3. AWS:Glue Development Endpoint Activity Big IP@F5   4. User

Read More »
Rules

New Deployed Rules

SentinelOne EDR    1. User Deleted 2. User Logged In to Management Console Process Creation    3. Use of Remote.exe 4. Use of Pcalua For

Read More »
Rules

New Deployed Rules

NTFS:   1. Volume Shadow Copy Mount PowerShell Script   2. Code Executed Via Office Add-in XLL File   3. Potential Invoke-Mimikatz PowerShell Script   4. Tamper Windows Defender

Read More »
Rules

New Deployed Rules

MSMQ:    1. MSMQ Corrupted Packet Encountered Network Share Object:    2. Protected Storage Service Access   3. Possible Impacket SecretDump Remote Activity Process Access:  

Read More »
Rules

New Deployed Rules

Process Creation:    1. Suspicious Execution of InstallUtil Without Log   2. Suspicious Execution of InstallUtil To Download   3. Potential PowerShell Execution Via DLL   4. Suspicious

Read More »
Rules

New Deployed Rules

Process Creation Suspicious Ping-Copy Command Combination LSASS Process Reconnaissance Via Findstr.EXE Firewall Rule Update Via Netsh.EXE Scheduled Task Executing Payload from Registry Potentially Suspicious Call

Read More »
Rules

New Rules Deployed

Windows/Network Connection: Suspicious Epmap ConnectionSuspicious Dropbox API UsageSuspicious Outbound Kerberos ConnectionSuspicious Program Location with Network Connections Windows/System or Application/Service Control Manager: Tap Driver InstallationInvoke-Obfuscation COMPRESS

Read More »
Rules

New Rules Deployed

Windows/Network Connection: Communication To Ngrok.Io Communication To Ngrok Tunneling Service Notepad Making Network Connection RDP Over Reverse SSH Tunnel RDP to HTTP or HTTPS Target

Read More »
Rules

New Rules Deployed

Windows/Network Connection: Windows/System or Application/Service Control Manager: Drive Load: Azure/Azure Active Directory: Windows/Image Load: Windows/Files: Fortigate@Fortinet: Windows/Process Creation: Windows/PowerShell: 365 Defender: Web Cache: Pulse Connect

Read More »
Rules

Deployed Rules Of The Week

DNS Trace Log Microsoft Windows@Process Creation Microsoft Windows@System Errors Web Cache Web Server Sysmon@Create Remote Thread Sysmon@Files Sysmon@Image Load Sysmon@Registry

Read More »

Follow us:

Facebook-f Linkedin-in Twitter

Site map

Get in Touch:

[email protected]o

+972-523-429108

Hanofar 2, Raanana, israel

Contact Us >

Time to market

One-day SIEM integration

Learn more