Rule Library

Sigma Rules

5 rules found for "Alexandr Yampolskyi"

3,707Total

3,116Detection

451Emerging

137Hunting

Filters

Type

Severity

Status

Product

Category

Detectionlowstable

Cleartext Protocol Usage

Ensure that all account usernames and authentication credentials are transmitted across networks using encrypted channels. Ensure that an encryption is used for all sensitive information in transit. Ensure that an encrypted channels is used for all administrative account access.

TA0006 · Credential Access

Alexandr Yampolskyi+2Tue Mar 26network

Detectionlowstable

A Member Was Added to a Security-Enabled Global Group

Detects activity when a member is added to a security-enabled global group

Windowssecurity

TA0004 · Privilege EscalationTA0003 · PersistenceT1098 · Account Manipulation

Alexandr Yampolskyi+1Wed Apr 26windows

Detectionlowstable

A Member Was Removed From a Security-Enabled Global Group

Detects activity when a member is removed from a security-enabled global group

Windowssecurity

TA0004 · Privilege EscalationTA0003 · PersistenceT1098 · Account Manipulation

Alexandr Yampolskyi+1Wed Apr 26windows

Detectionlowstable

A Security-Enabled Global Group Was Deleted

Detects activity when a security-enabled global group is deleted

Windowssecurity

TA0004 · Privilege EscalationTA0003 · PersistenceT1098 · Account Manipulation

Alexandr Yampolskyi+1Wed Apr 26windows

Detectioninformationalstable

Locked Workstation

Detects locked workstation session events that occur automatically after a standard period of inactivity.

Windowssecurity

TA0040 · Impact

Alexandr Yampolskyi+1Tue Mar 26windows