Rule Library

Sigma Rules

2 rules found for "Microsoft Defender ATP"

3,707Total

3,116Detection

451Emerging

137Hunting

Filters

Type

Severity

Status

Product

Category

Emerging Threathighstable

TropicTrooper Campaign November 2018

Detects TropicTrooper activity, an actor who targeted high-profile organizations in the energy and food and beverage sectors in Asia

WindowsProcess Creation

TA0002 · ExecutionT1059.001 · PowerShelldetection.emerging-threats

@41thexplorer+1Tue Nov 122018

Emerging Threathightest

UNC2452 Process Creation Patterns

Detects a specific process creation patterns as seen used by UNC2452 and provided by Microsoft as Microsoft Defender ATP queries

WindowsProcess Creation

TA0002 · ExecutionT1059.001 · PowerShelldetection.emerging-threats

Florian Roth (Nextron Systems)Fri Jan 222020