MA

Matt Anderson

First rule: Sun Jan 01 2017 01:00:00 GMT+0100 (Central European Standard Time)

Share profile card

0rules authored

9sole author

10co-authored

Top Log Sources

windows / process_creation

windows / file_event

windows / security

Rule Types

11 emerging threat

7 threat hunting

By Severity

critical

2

high

8

medium

8

low

0

informational

1

By Status

stable

0

test

10

experimental

9

deprecated

0

unsupported

0

0

Total Rules

0

Stable Rules

0

High / Critical

0

Log Source Types

Recent RulesAll rules →

Devcon Execution Disabling VMware VMCI Device

Fri Jan 02 2026 01:00:00 GMT+0100 (Central European Standard Time)

PUA - Kernel Driver Utility (KDU) Execution

Fri Jan 02 2026 01:00:00 GMT+0100 (Central European Standard Time)

Delete Defender Scan ShellEx Context Menu Registry Key

Fri Jul 11 2025 02:00:00 GMT+0200 (Central European Summer Time)

mediumDetection

PowerShell Defender Threat Severity Default Action Set to 'Allow' or 'NoAction'

Fri Jul 11 2025 02:00:00 GMT+0200 (Central European Summer Time)

Windows Defender Threat Severity Default Action Modified

Fri Jul 11 2025 02:00:00 GMT+0200 (Central European Summer Time)

Windows Defender Context Menu Removed

Wed Jul 09 2025 02:00:00 GMT+0200 (Central European Summer Time)

Browse all 19 rules by Matt Anderson

Filter the full rule library to see only their contributions