Suspicious Browser Launch - Githubissues

SigmaHQ / sigma

Main Sigma Rule Repository

Other

7.84k stars 2.12k forks source link

Suspicious Browser Launch #4840

Closed skaynum closed 1 month ago

skaynum commented 1 month ago

Summary of the Pull Request

Add rules to detect:

Suspicious browser launch by document processors or readers.
Uncommon file creation by MySQL daemon

Changelog

new: Uncommon File Creation By Mysql Daemon Process new: Potential Suspicious Browser Launch From Document Reader Process

Example Log Event

Relevant Links: https://app.any.run/tasks/69c5abaa-92ad-45ba-8c53-c11e23e05d04 https://app.any.run/tasks/64043a79-165f-4052-bcba-e6e49f847ec1/

Fixed Issues

N/A

SigmaHQ Rule Creation Conventions

If your PR adds new rules, please consider following and applying these conventions