SW

Sander Wiebing

First rule: Sat Aug 25 2018 02:00:00 GMT+0200 (Central European Summer Time)

Commits on SigmaHQ Pull Requests

Share profile card

0rules authored

1sole author

12co-authored

Top Log Sources

windows / process_creation

windows / create_stream_hash

windows / file_event

Rule Types

By Severity

critical

0

high

7

medium

4

low

2

informational

0

By Status

stable

0

test

12

experimental

1

deprecated

0

unsupported

0

0

Total Rules

0

Stable Rules

0

High / Critical

0

Log Source Types

Recent RulesAll rules →

Files With System Process Name In Unsuspected Locations

Tue May 26 2020 02:00:00 GMT+0200 (Central European Summer Time)

mediumDetection

New RUN Key Pointing to Suspicious Folder

Sat Aug 25 2018 02:00:00 GMT+0200 (Central European Summer Time)

Exports Critical Registry Keys To a File

Mon Oct 12 2020 02:00:00 GMT+0200 (Central European Summer Time)

Exports Registry Key To a File

Wed Oct 07 2020 02:00:00 GMT+0200 (Central European Summer Time)

Imports Registry Key From a File

Wed Oct 07 2020 02:00:00 GMT+0200 (Central European Summer Time)

mediumDetection

Imports Registry Key From an ADS

Mon Oct 12 2020 02:00:00 GMT+0200 (Central European Summer Time)

Browse all 13 rules by Sander Wiebing

Filter the full rule library to see only their contributions