Index of /github/opensearch-project/security-analytics/src/main/resources/rules/windows/file_event/
../
file_event_win_access_susp_unattend_xml.yml 05-Aug-2023 01:06 789
file_event_win_advanced_ip_scanner.yml 05-Aug-2023 01:06 1127
file_event_win_anydesk_artefact.yml 05-Aug-2023 01:06 1263
file_event_win_apt_unidentified_nov_18.yml 05-Aug-2023 01:06 755
file_event_win_crackmapexec_patterns.yml 05-Aug-2023 01:06 1566
file_event_win_creation_new_shim_database.yml 05-Aug-2023 01:06 984
file_event_win_creation_scr_binary_file.yml 05-Aug-2023 01:06 910
file_event_win_creation_system_file.yml 05-Aug-2023 01:06 1949
file_event_win_creation_unquoted_service_path.yml 05-Aug-2023 01:06 838
file_event_win_cred_dump_tools_dropped_files.yml 05-Aug-2023 01:06 1329
file_event_win_csharp_compile_artefact.yml 05-Aug-2023 01:06 773
file_event_win_cve_2021_1675_printspooler.yml 05-Aug-2023 01:06 868
file_event_win_cve_2021_26858_msexchange.yml 05-Aug-2023 01:06 1046
file_event_win_cve_2021_31979_cve_2021_33771_ex..> 05-Aug-2023 01:06 1617
file_event_win_cve_2021_41379_msi_lpe.yml 05-Aug-2023 01:06 930
file_event_win_cve_2021_44077_poc_default_files..> 05-Aug-2023 01:06 832
file_event_win_cve_2022_24527_lpe.yml 05-Aug-2023 01:06 855
file_event_win_detect_powerup_dllhijacking.yml 05-Aug-2023 01:06 929
file_event_win_ghostpack_safetykatz.yml 05-Aug-2023 01:06 493
file_event_win_gotoopener_artefact.yml 05-Aug-2023 01:06 1202
file_event_win_hack_dumpert.yml 05-Aug-2023 01:06 744
file_event_win_hivenightmare_file_exports.yml 05-Aug-2023 01:06 1175
file_event_win_hktl_nppspy.yml 05-Aug-2023 01:06 733
file_event_win_install_teamviewer_desktop.yml 05-Aug-2023 01:06 606
file_event_win_iso_file_recent.yml 05-Aug-2023 01:06 1280
file_event_win_lsass_dump.yml 05-Aug-2023 01:06 1704
file_event_win_lsass_memory_dump_file_creation.yml 05-Aug-2023 01:06 968
file_event_win_lsass_werfault_dump.yml 05-Aug-2023 01:06 703
file_event_win_macro_file.yml 05-Aug-2023 01:06 1000
file_event_win_mal_adwind.yml 05-Aug-2023 01:06 1003
file_event_win_mal_octopus_scanner.yml 05-Aug-2023 01:06 600
file_event_win_mal_vhd_download.yml 05-Aug-2023 01:06 1368
file_event_win_mimikatz_kirbi_file_creation.yml 05-Aug-2023 01:06 580
file_event_win_mimimaktz_memssp_log_file.yml 05-Aug-2023 01:06 553
file_event_win_moriya_rootkit.yml 05-Aug-2023 01:06 736
file_event_win_new_src_file.yml 05-Aug-2023 01:06 872
file_event_win_notepad_plus_plus_persistence.yml 05-Aug-2023 01:06 1187
file_event_win_ntds_dit.yml 05-Aug-2023 01:06 1466
file_event_win_ntds_exfil_tools.yml 05-Aug-2023 01:06 1161
file_event_win_office_persistence.yml 05-Aug-2023 01:06 849
file_event_win_outlook_c2_macro_creation.yml 05-Aug-2023 01:06 860
file_event_win_outlook_newform.yml 05-Aug-2023 01:06 667
file_event_win_pcre_net_temp_file.yml 05-Aug-2023 01:06 703
file_event_win_pingback_backdoor.yml 05-Aug-2023 01:06 744
file_event_win_powershell_exploit_scripts.yml 05-Aug-2023 01:06 7293
file_event_win_powershell_startup_shortcuts.yml 05-Aug-2023 01:06 1520
file_event_win_quarkspw_filedump.yml 05-Aug-2023 01:06 631
file_event_win_rclone_exec_file.yml 05-Aug-2023 01:06 676
file_event_win_redmimicry_winnti_filedrop.yml 05-Aug-2023 01:06 569
file_event_win_sam_dump.yml 05-Aug-2023 01:06 1542
file_event_win_screenconnect_artefact.yml 05-Aug-2023 01:06 1205
file_event_win_script_creation_by_office_using_..> 05-Aug-2023 01:06 1920
file_event_win_startup_folder_file_write.yml 05-Aug-2023 01:06 789
file_event_win_susp_adsi_cache_usage.yml 05-Aug-2023 01:06 1613
file_event_win_susp_clr_logs.yml 05-Aug-2023 01:06 1445
file_event_win_susp_colorcpl.yml 05-Aug-2023 01:06 673
file_event_win_susp_creation_by_mobsync.yml 05-Aug-2023 01:06 761
file_event_win_susp_default_gpo_dir_write.yml 05-Aug-2023 01:06 698
file_event_win_susp_desktop_ini.yml 05-Aug-2023 01:06 924
file_event_win_susp_desktop_txt.yml 05-Aug-2023 01:06 661
file_event_win_susp_desktopimgdownldr_file.yml 05-Aug-2023 01:06 1080
file_event_win_susp_diagcab.yml 05-Aug-2023 01:06 614
file_event_win_susp_dropper.yml 05-Aug-2023 01:06 1516
file_event_win_susp_exchange_aspx_write.yml 05-Aug-2023 01:06 790
file_event_win_susp_get_variable.yml 05-Aug-2023 01:06 1012
file_event_win_susp_ntds_dit.yml 05-Aug-2023 01:06 740
file_event_win_susp_pfx_file_creation.yml 05-Aug-2023 01:06 807
file_event_win_susp_powershell_profile_create.yml 05-Aug-2023 01:06 795
file_event_win_susp_procexplorer_driver_created..> 05-Aug-2023 01:06 1233
file_event_win_susp_system_interactive_powershe..> 05-Aug-2023 01:06 852
file_event_win_susp_task_write.yml 05-Aug-2023 01:06 724
file_event_win_susp_teamviewer_remote_session.yml 05-Aug-2023 01:06 766
file_event_win_susp_winword_startup.yml 05-Aug-2023 01:06 1082
file_event_win_tool_psexec.yml 05-Aug-2023 01:06 860
file_event_win_tsclient_filewrite_startup.yml 05-Aug-2023 01:06 585
file_event_win_uac_bypass_consent_comctl32.yml 05-Aug-2023 01:06 664
file_event_win_uac_bypass_dotnet_profiler.yml 05-Aug-2023 01:06 670
file_event_win_uac_bypass_eventvwr.yml 05-Aug-2023 01:06 898
file_event_win_uac_bypass_idiagnostic_profile.yml 05-Aug-2023 01:06 769
file_event_win_uac_bypass_ieinstal.yml 05-Aug-2023 01:06 731
file_event_win_uac_bypass_msconfig_gui.yml 05-Aug-2023 01:06 655
file_event_win_uac_bypass_ntfs_reparse_point.yml 05-Aug-2023 01:06 700
file_event_win_uac_bypass_winsat.yml 05-Aug-2023 01:06 742
file_event_win_uac_bypass_wmp.yml 05-Aug-2023 01:06 812
file_event_win_webshell_creation_detect.yml 05-Aug-2023 01:06 1394
file_event_win_werfault_dll_hijacking.yml 05-Aug-2023 01:06 799
file_event_win_win_cscript_wscript_dropper.yml 05-Aug-2023 01:06 918
file_event_win_win_shell_write_susp_directory.yml 05-Aug-2023 01:06 1449
file_event_win_winrm_awl_bypass.yml 05-Aug-2023 01:06 1022
file_event_win_winword_cve_2021_40444.yml 05-Aug-2023 01:06 1170
file_event_win_wmi_persistence_script_event_con..> 05-Aug-2023 01:06 614
file_event_win_wmiprvse_wbemcomn_dll_hijack.yml 05-Aug-2023 01:06 826
file_event_win_word_template_creation.yml 05-Aug-2023 01:06 1130
file_event_win_writing_local_admin_share.yml 05-Aug-2023 01:06 745