Rule Library

Sigma Rules

1 rule found for "Justin C."

3,707Total

3,116Detection

451Emerging

137Hunting

Filters

Type

Severity

Status

Product

Category

Detectionhightest

Suspicious Spool Service Child Process

Detects suspicious print spool service (spoolsv.exe) child processes.

WindowsProcess Creation

TA0002 · ExecutionT1203 · Exploitation for Client ExecutionTA0004 · Privilege EscalationT1068 · Exploitation for Privilege Escalation

Justin C.+1Sun Jul 11windows