Rule Library
Sigma Rules
2 rules found for "Pushkarev Dmitry"
3,707Total
3,116Detection
451Emerging
137Hunting
Detectionmediumtest
AppLocker Prevented Application or Script from Running
Detects when AppLocker prevents the execution of an Application, DLL, Script, MSI, or Packaged-App from running.
Windowsapplocker
TA0002 · ExecutionT1204.002 · Malicious FileT1059.001 · PowerShellT1059.003 · Windows Command Shell+3
Pushkarev DmitrySun Jun 28windows
Detectionmediumtest
Denied Access To Remote Desktop
This event is generated when an authenticated user who is not allowed to log on remotely attempts to connect to this computer through Remote Desktop. Often, this event can be generated by attackers when searching for available windows servers in the network.
Windowssecurity
TA0008 · Lateral MovementT1021.001 · Remote Desktop Protocol
Pushkarev DmitrySat Jun 27windows