Rule Library
Sigma Rules
2 rules found for "Harjot Singh"
3,707Total
3,116Detection
451Emerging
137Hunting
Threat Huntmediumtest
Mail Forwarding/Redirecting Activity In O365
Detects email forwarding or redirecting activity in O365 Audit logs.
Microsoft 365audit
TA0009 · CollectionT1114.003 · Email Forwarding RuleTA0005 · Defense EvasionT1564.008 · Email Hiding Rules+3
RedCanary Team+1Wed Oct 11cloud
Threat Huntmediumtest
Diskshadow Child Process Spawned
Detects any child process spawning from "Diskshadow.exe". This could be due to executing Diskshadow in interpreter mode or script mode and using the "exec" flag to launch other applications.
WindowsProcess Creation
TA0005 · Defense EvasionT1218 · System Binary Proxy ExecutionTA0002 · Executiondetection.threat-hunting
Harjot SinghFri Sep 15windows