Rule Library

Sigma Rules

3 rules found for "Patrick Bareiss"

3,707Total

3,116Detection

451Emerging

137Hunting

Filters

Type

Severity

Status

Product

Linux Command History Tampering

Detects commands that try to clear or tamper with the Linux command history. This technique is used by threat actors in order to evade defenses and execute commands without them being recorded in files such as "bash_history" or "zsh_history".

Linux

TA0005 · Defense EvasionT1070.003 · Clear Command History

Patrick BareissSun Mar 24linux

Detectionlowtest

Local User Creation

Detects local user creation on Windows servers, which shouldn't happen in an Active Directory environment. Apply this Sigma Use Case on your Windows server logs and not on your DC logs.

Windowssecurity

TA0003 · PersistenceT1136.001 · Local Account

Patrick BareissThu Apr 18windows

Detectionhightest

System File Execution Location Anomaly

Detects the execution of a Windows system binary that is usually located in the system folder from an uncommon location.

WindowsProcess Creation

TA0005 · Defense EvasionT1036 · Masquerading

Florian Roth (Nextron Systems)+4Mon Nov 27windows