Rule Library
Sigma Rules
2 rules found for "Tim Shelton"
3,707Total
3,116Detection
451Emerging
137Hunting
Threat Huntlowtest
Scheduled Task Deletion
Detects scheduled task deletion events. Scheduled tasks are likely to be deleted if not used for persistence. Malicious Software often creates tasks directly under the root node e.g. \TASKNAME
Windowssecurity
TA0002 · ExecutionTA0004 · Privilege EscalationTA0003 · Persistence2013-08-001 · CAR 2013-08-001+2
David Strassegger+1Fri Jan 22windows
Threat Huntmediumtest
Potentially Suspicious PowerShell Child Processes
Detects potentially suspicious child processes spawned by PowerShell. Use this rule to hunt for potential anomalies initiating from PowerShell scripts and commands.
WindowsProcess Creation
TA0002 · ExecutionT1059.001 · PowerShelldetection.threat-hunting
Florian Roth (Nextron Systems)+1Tue Apr 26windows