Rule Library

Sigma Rules

2 rules found for "Natalia Shornikova"

3,707Total

3,116Detection

451Emerging

137Hunting

Filters

Type

Severity

Status

Product

Category

Threat Huntmediumtest

Potential Credential Dumping Attempt Via PowerShell

Detects a PowerShell process requesting access to "lsass.exe", which can be indicative of potential credential dumping attempts

WindowsProcess Access

TA0006 · Credential AccessT1003.001 · LSASS Memorydetection.threat-hunting

oscd.community+1Tue Oct 06windows

Threat Huntlowtest

Unusually Long PowerShell CommandLine

Detects unusually long PowerShell command lines with a length of 1000 characters or more

WindowsProcess Creation

TA0002 · ExecutionT1059.001 · PowerShelldetection.threat-hunting

oscd.community+1Tue Oct 06windows