Rule Library

Sigma Rules

2 rules found for "Pushkarev Dmitry"

3,707Total

3,116Detection

451Emerging

137Hunting

Filters

Type

Severity

Status

Product

AppLocker Prevented Application or Script from Running

Detects when AppLocker prevents the execution of an Application, DLL, Script, MSI, or Packaged-App from running.

Windowsapplocker

TA0002 · ExecutionT1204.002 · Malicious FileT1059.001 · PowerShellT1059.003 · Windows Command Shell+3

Pushkarev DmitrySun Jun 28windows

Detectionmediumtest

Denied Access To Remote Desktop

This event is generated when an authenticated user who is not allowed to log on remotely attempts to connect to this computer through Remote Desktop. Often, this event can be generated by attackers when searching for available windows servers in the network.

Windowssecurity

TA0008 · Lateral MovementT1021.001 · Remote Desktop Protocol

Pushkarev DmitrySat Jun 27windows