Rule Library

Sigma Rules

2 rules found for "Tim Shelton"

3,707Total

3,116Detection

451Emerging

137Hunting

Filters

Type

Severity

Status

Product

Scheduled Task Deletion

Detects scheduled task deletion events. Scheduled tasks are likely to be deleted if not used for persistence. Malicious Software often creates tasks directly under the root node e.g. \TASKNAME

Windowssecurity

TA0002 · ExecutionTA0004 · Privilege EscalationTA0003 · Persistence2013-08-001 · CAR 2013-08-001+2

David Strassegger+1Fri Jan 22windows

Threat Huntmediumtest

Potentially Suspicious PowerShell Child Processes

Detects potentially suspicious child processes spawned by PowerShell. Use this rule to hunt for potential anomalies initiating from PowerShell scripts and commands.

WindowsProcess Creation

TA0002 · ExecutionT1059.001 · PowerShelldetection.threat-hunting

Florian Roth (Nextron Systems)+1Tue Apr 26windows