Security-Experts-Community open-xp-rules issues

Security-Experts-Community / open-xp-rules

Открытый репозиторий с правилами на языке eXtraction and Processing (XP)

Apache License 2.0

20 stars 44 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Детект очистки журнала Security EventId 1102

#286 d3f0x0 closed 1 year ago
3
Детект BlooudHound + доработка нормализации 5145

#285 artemcun closed 1 year ago
2
Детект закрепления с использованием механизма Winlogon Helper DLL

#284 driverenok closed 1 year ago
0
Детект включения процессом привилегии SeDebugPrivilege

#283 driverenok closed 1 year ago
1
Детект на атаку DCShadow

#282 artemcun closed 1 year ago
1
Правило обнаруживает очистку логов Windows

#281 d3f0x0 closed 1 year ago
1
win10_4703_SeDebugPrivilege_enabled.evtx

#278 aw350m33d closed 1 year ago
2
UACME_61_Changepk.evtx

#277 aw350m33d opened 1 year ago
0
System_7045_namedpipe_privesc.evtx

#276 aw350m33d closed 1 year ago
0
Sysmon_UACME_64.evtx

#275 aw350m33d opened 1 year ago
0
Sysmon_UACME_63.evtx

#274 aw350m33d opened 1 year ago
0
Sysmon_uacme_58.evtx

#273 aw350m33d opened 1 year ago
0
Sysmon_UACME_56.evtx

#272 aw350m33d opened 1 year ago
0
Sysmon_UACME_54.evtx

#271 aw350m33d opened 1 year ago
0
Sysmon_UACME_53.evtx

#270 aw350m33d opened 1 year ago
0
Sysmon_UACME_45.evtx

#269 aw350m33d opened 1 year ago
0
Sysmon_UACME_43.evtx

#268 aw350m33d opened 1 year ago
0
Sysmon_UACME_41.evtx

#267 aw350m33d opened 1 year ago
0
Sysmon_UACME_39.evtx

#266 aw350m33d opened 1 year ago
0
Sysmon_UACME_38.evtx

#265 aw350m33d opened 1 year ago
0
Sysmon_UACME_37_FileCreate.evtx

#264 aw350m33d opened 1 year ago
0
Sysmon_UACME_36_FileCreate.evtx

#263 aw350m33d opened 1 year ago
0
Sysmon_UACME_34.evtx

#262 aw350m33d opened 1 year ago
0
Sysmon_UACME_33.evtx

#261 aw350m33d opened 1 year ago
0
Sysmon_UACME_32.evtx

#260 aw350m33d opened 1 year ago
0
Sysmon_UACME_30.evtx

#259 aw350m33d opened 1 year ago
0
Sysmon_UACME_23.evtx

#258 aw350m33d closed 1 year ago
0
Sysmon_UACME_22.evtx

#257 aw350m33d closed 1 year ago
2
sysmon_uacbypass_CDSSync_schtask_hijack_byeintegrity5.evtx

#256 aw350m33d opened 1 year ago
0
sysmon_privesc_psexec_dwell.evtx

#255 aw350m33d opened 1 year ago
0
sysmon_privesc_from_admin_to_system_handle_inheritance.evtx

#254 aw350m33d opened 1 year ago
0
sysmon_1_7_elevate_uacbypass_sysprep.evtx

#253 aw350m33d opened 1 year ago
0
sysmon_1_7_11_sysprep_uacbypass.evtx

#252 aw350m33d opened 1 year ago
0
sysmon_1_7_11_migwiz.evtx

#251 aw350m33d opened 1 year ago
0
sysmon_1_7_11_mcx2prov_uacbypass.evtx

#250 aw350m33d opened 1 year ago
0
sysmon_1_13_UACBypass_AppPath_Control.evtx

#249 aw350m33d opened 1 year ago
0
sysmon_1_13_11_cmstp_ini_uacbypass.evtx

#248 aw350m33d opened 1 year ago
0
sysmon_1_11_exec_as_system_via_schedtask.evtx

#247 aw350m33d opened 1 year ago
0
Sysmon_13_1_UAC_Bypass_EventVwrBypass.evtx

#246 aw350m33d closed 4 months ago
0
Sysmon_13_1_UACBypass_SDCLTBypass.evtx

#245 aw350m33d opened 1 year ago
0
sysmon_13_1_meterpreter_getsystem_NamedPipeImpersonation.evtx

#244 aw350m33d opened 1 year ago
0
sysmon_13_1_compmgmtlauncherUACBypass.evtx

#243 aw350m33d opened 1 year ago
0
sysmon_13_1_12_11_perfmonUACBypass.evtx

#242 aw350m33d closed 4 months ago
0
sysmon_11_7_1_uacbypass_windirectory_mocking.evtx

#241 aw350m33d opened 1 year ago
0
sysmon_11_1_7_uacbypass_cliconfg.evtx

#240 aw350m33d opened 1 year ago
0
sysmon_11_1_15_WScriptBypassUAC.evtx

#239 aw350m33d opened 1 year ago
2
security_4624_4673_token_manip.evtx

#238 aw350m33d opened 1 year ago
0
samaccount_spoofing_CVE-2021-42287_CVE-2021-42278_DC_securitylogs.evtx

#237 aw350m33d closed 1 year ago
0
Runas_4624_4648_Webshell_CreateProcessAsUserA.evtx

#236 aw350m33d closed 1 year ago
0
RogueWinRM.evtx

#235 aw350m33d opened 1 year ago
0

Previous Next