Rule Library

Sigma Rules

2 rules found for "Center for Threat Informed Defense (CTID) Summiting the Pyramid Team"

3,707Total

3,116Detection

451Emerging

137Hunting

Filters

Type

Severity

Status

Product

Category

Threat Huntlowtest

Scheduled Task Created - FileCreation

Detects the creation of a scheduled task via file creation.

WindowsFile Event

TA0002 · ExecutionTA0003 · PersistenceTA0004 · Privilege EscalationT1053.005 · Scheduled Task+3

Center for Threat Informed Defense (CTID) Summiting the Pyramid TeamWed Sep 27windows

Threat Huntlowtest

Scheduled Task Created - Registry

Detects the creation of a scheduled task via Registry keys.

WindowsRegistry Event

TA0002 · ExecutionTA0003 · PersistenceTA0004 · Privilege EscalationS0111 · schtasks+3

Center for Threat Informed Defense (CTID) Summiting the Pyramid TeamWed Sep 27windows