Rule Library
Sigma Rules
8 rules found for "Jakob Weinzettl"
3,707Total
3,116Detection
451Emerging
137Hunting
Detectionmediumtest
Remove Immutable File Attribute - Auditd
Detects removing immutable file attribute.
Linuxauditd
TA0005 · Defense Evasionattack.t1222.002
Jakob Weinzettl+1Mon Sep 23linux
Detectionlowstable
Overwriting the File with Dev Zero or Null
Detects overwriting (effectively wiping/deleting) of a file.
Linuxauditd
TA0040 · ImpactT1485 · Data Destruction
Jakob Weinzettl+1Wed Oct 23linux
Detectionlowtest
File or Folder Permissions Change
Detects file and folder permission changes.
Linuxauditd
TA0005 · Defense Evasionattack.t1222.002
Jakob Weinzettl+1Mon Sep 23linux
Detectionlowtest
Service Reload or Start - Linux
Detects the start, reload or restart of a service.
Linuxauditd
TA0004 · Privilege EscalationTA0003 · PersistenceT1543.002 · Systemd Service
Jakob Weinzettl+2Mon Sep 23linux
Detectionlowtest
Stop Windows Service Via Net.EXE
Detects the stopping of a Windows service via the "net" utility.
WindowsProcess Creation
TA0040 · ImpactT1489 · Service Stop
Jakob Weinzettl+2Sun Mar 05windows
Detectionlowtest
Stop Windows Service Via PowerShell Stop-Service
Detects the stopping of a Windows service via the PowerShell Cmdlet "Stop-Service"
WindowsProcess Creation
TA0040 · ImpactT1489 · Service Stop
Jakob Weinzettl+2Sun Mar 05windows
Detectionlowtest
Stop Windows Service Via Sc.EXE
Detects the stopping of a Windows service via the "sc.exe" utility
WindowsProcess Creation
TA0040 · ImpactT1489 · Service Stop
Jakob Weinzettl+2Sun Mar 05windows
Threat Huntmediumtest
File or Folder Permissions Modifications
Detects a file or folder's permissions being modified or tampered with.
WindowsProcess Creation
TA0005 · Defense Evasionattack.t1222.001detection.threat-hunting
Jakob Weinzettl+2Wed Oct 23windows