https://detectionlint.org/ 2026-04-25T20:39:51.280Z weekly 1 https://detectionlint.org/analyze 2026-04-25T20:39:51.280Z weekly 0.9 https://detectionlint.org/library 2026-04-25T20:39:51.280Z daily 0.8 https://detectionlint.org/changelog 2026-04-25T20:39:51.280Z weekly 0.5 https://detectionlint.org/contact-sales 2026-04-25T20:39:51.280Z monthly 0.5 https://detectionlint.org/login 2026-04-25T20:39:51.280Z yearly 0.3 https://detectionlint.org/terms 2026-04-25T20:39:51.280Z yearly 0.3 https://detectionlint.org/privacy 2026-04-25T20:39:51.280Z yearly 0.3 https://detectionlint.org/refund 2026-04-25T20:39:51.280Z yearly 0.3 https://detectionlint.org/library/yara-l-google_workspace_user_unsuspended-5f2527dd 2026-04-25T16:25:39.698Z monthly 0.6 https://detectionlint.org/library/yara-l-google_workspace_user_ou_changed-e49fe081 2026-04-25T16:25:39.443Z monthly 0.6 https://detectionlint.org/library/yara-l-google_workspace_suspicious_login_and_google_drive_file_shar-4e091b1d 2026-04-25T16:25:39.173Z monthly 0.6 https://detectionlint.org/library/yara-l-google_workspace_suspicious_login_and_google_drive_file_down-0204a73d 2026-04-25T16:25:38.904Z monthly 0.6 https://detectionlint.org/library/yara-l-google_workspace_saml_idp_configuration_change-36203c74 2026-04-25T16:25:38.634Z monthly 0.6 https://detectionlint.org/library/yara-l-google_workspace_password_policy_changed-ec3cdc9a 2026-04-25T16:25:38.380Z monthly 0.6 https://detectionlint.org/library/yara-l-google_workspace_ownership_transferred_on_google_drive-67867c38 2026-04-25T16:25:38.123Z monthly 0.6 https://detectionlint.org/library/yara-l-google_workspace_new_trusted_domain_added-86ad40e8 2026-04-25T16:25:37.857Z monthly 0.6 https://detectionlint.org/library/yara-l-google_workspace_multiple_files_sent_as_email_attachment_fro-3129991b 2026-04-25T16:25:37.568Z monthly 0.6 https://detectionlint.org/library/yara-l-google_workspace_multiple_files_downloaded_from_google_drive-2abf5ea9 2026-04-25T16:25:37.297Z monthly 0.6 https://detectionlint.org/library/yara-l-google_workspace_multiple_files_deleted_from_google_drive-268ffd8b 2026-04-25T16:25:37.033Z monthly 0.6 https://detectionlint.org/library/yara-l-google_workspace_multiple_files_copied_from_google_drive-55dd6af6 2026-04-25T16:25:36.775Z monthly 0.6 https://detectionlint.org/library/yara-l-google_workspace_mfa_disabled-2685179b 2026-04-25T16:25:36.502Z monthly 0.6 https://detectionlint.org/library/yara-l-google_workspace_marketplace_allowlist_configuration-fb061408 2026-04-25T16:25:36.241Z monthly 0.6 https://detectionlint.org/library/yara-l-google_workspace_malicious_file_downloaded-f0ae9fb5 2026-04-25T16:25:35.983Z monthly 0.6 https://detectionlint.org/library/yara-l-google_workspace_file_shared_from_google_drive_to_free_email-83b8bf9a 2026-04-25T16:25:35.707Z monthly 0.6 https://detectionlint.org/library/yara-l-google_workspace_external_user_added_to_group-fe29fb5c 2026-04-25T16:25:35.443Z monthly 0.6 https://detectionlint.org/library/yara-l-google_workspace_encryption_key_files_accessed_by_anonymous_-acf89024 2026-04-25T16:25:35.182Z monthly 0.6 https://detectionlint.org/library/yara-l-google_workspace_custom_admin_role_created-937a801f 2026-04-25T16:25:34.907Z monthly 0.6 https://detectionlint.org/library/yara-l-google_workspace_application_added-d1a48171 2026-04-25T16:25:34.640Z monthly 0.6 https://detectionlint.org/library/yara-l-google_workspace_alerts_aggregated_by_severity-29243013 2026-04-25T16:25:34.365Z monthly 0.6 https://detectionlint.org/library/yara-l-google_workspace_admin_role_assignment-31cf1376 2026-04-25T16:25:34.105Z monthly 0.6 https://detectionlint.org/library/yara-l-gmail_spike_in_undeliverables-4505566a 2026-04-25T16:25:33.839Z monthly 0.6 https://detectionlint.org/library/yara-l-chrome_browser_safe_browsing_user_bypass-68032001 2026-04-25T16:25:33.571Z monthly 0.6 https://detectionlint.org/library/yara-l-whois_recently_created_domain_access-2c22c969 2026-04-25T16:25:33.306Z monthly 0.6 https://detectionlint.org/library/yara-l-whois_expired_domain_executable_downloaded-efaccc6c 2026-04-25T16:25:33.032Z monthly 0.6 https://detectionlint.org/library/yara-l-whois_expired_domain_accessed-9d96381d 2026-04-25T16:25:32.765Z monthly 0.6 https://detectionlint.org/library/yara-l-whois_dns_query_to_typosquatting_domain-c2018fb4 2026-04-25T16:25:32.511Z monthly 0.6 https://detectionlint.org/library/yara-l-vt_relationships_file_executes_file-65342cb4 2026-04-25T16:25:32.252Z monthly 0.6 https://detectionlint.org/library/yara-l-vt_relationships_file_downloaded_from_url-c180ed91 2026-04-25T16:25:31.987Z monthly 0.6 https://detectionlint.org/library/yara-l-vt_relationships_file_downloaded_from_ip-e8e0b4ca 2026-04-25T16:25:31.722Z monthly 0.6 https://detectionlint.org/library/yara-l-vt_relationships_file_contacts_tor_ip-44a9afaf 2026-04-25T16:25:31.465Z monthly 0.6 https://detectionlint.org/library/yara-l-vt_relationships_file_contacts_ip-8f7d45c8 2026-04-25T16:25:31.207Z monthly 0.6 https://detectionlint.org/library/yara-l-vt_relationships_file_contacts_domain-d6a60b17 2026-04-25T16:25:30.953Z monthly 0.6 https://detectionlint.org/library/yara-l-safebrowsing_process_creation_hashes_seen_more_than_7_days-1c6f4771 2026-04-25T16:25:30.695Z monthly 0.6 https://detectionlint.org/library/yara-l-process_launch_vt_enrichment-c4629021 2026-04-25T16:25:30.414Z monthly 0.6 https://detectionlint.org/library/yara-l-network_http_low_prevalence_domain_access-609bcf9a 2026-04-25T16:25:30.148Z monthly 0.6 https://detectionlint.org/library/yara-l-network_connection_first_seen_in_past_day-ab2dc237 2026-04-25T16:25:29.882Z monthly 0.6 https://detectionlint.org/library/yara-l-low_prevalence_hash_on_process_launch_low_prevalence_domain_-56740958 2026-04-25T16:25:29.627Z monthly 0.6 https://detectionlint.org/library/yara-l-ip_target_prevalence-08583bb9 2026-04-25T16:25:29.354Z monthly 0.6 https://detectionlint.org/library/yara-l-ioc_sha256_hash_vt-c4dca926 2026-04-25T16:25:29.080Z monthly 0.6 https://detectionlint.org/library/yara-l-ioc_sha256_hash-0b9a3ffb 2026-04-25T16:25:28.818Z monthly 0.6 https://detectionlint.org/library/yara-l-ioc_ip_target-8fff2647 2026-04-25T16:25:28.530Z monthly 0.6 https://detectionlint.org/library/yara-l-ioc_hash_prevalence-95dbf978 2026-04-25T16:25:28.272Z monthly 0.6 https://detectionlint.org/library/yara-l-ioc_domain_internal_policy-650daf08 2026-04-25T16:25:28.012Z monthly 0.6 https://detectionlint.org/library/yara-l-ioc_domain_c2-213e0734 2026-04-25T16:25:27.743Z monthly 0.6 https://detectionlint.org/library/yara-l-hash_prevalence-079ee828 2026-04-25T16:25:27.469Z monthly 0.6 https://detectionlint.org/library/yara-l-google_safebrowsing_with_prevalence-7c27ce91 2026-04-25T16:25:27.215Z monthly 0.6 https://detectionlint.org/library/yara-l-google_safebrowsing_file_process_creation-dd3729d0 2026-04-25T16:25:26.850Z monthly 0.6 https://detectionlint.org/library/yara-l-google_safebrowsing_file_contacts_tor_exit_node-f28e5027 2026-04-25T16:25:26.565Z monthly 0.6 https://detectionlint.org/library/yara-l-gcti_tor_exit_nodes-4b2b6bf9 2026-04-25T16:25:26.306Z monthly 0.6 https://detectionlint.org/library/yara-l-gcti_remote_access_tools-b0ee7a3b 2026-04-25T16:25:26.033Z monthly 0.6 https://detectionlint.org/library/yara-l-gcti_benign_binaries_contacts_tor_exit_node-8472bce6 2026-04-25T16:25:25.768Z monthly 0.6 https://detectionlint.org/library/yara-l-domain_prevalence-352c016d 2026-04-25T16:25:25.503Z monthly 0.6 https://detectionlint.org/library/yara-l-dns_query_to_recently_created_domain-3fb2636d 2026-04-25T16:25:25.251Z monthly 0.6 https://detectionlint.org/library/yara-l-sap_user_creates_and_uses_new_user-821d38bb 2026-04-25T16:25:24.996Z monthly 0.6 https://detectionlint.org/library/yara-l-sap_system_or_client_configuration_change-4256b2a8 2026-04-25T16:25:24.724Z monthly 0.6 https://detectionlint.org/library/yara-l-sap_suspected_data_exfiltration-501f3313 2026-04-25T16:25:24.464Z monthly 0.6 https://detectionlint.org/library/yara-l-sap_sensitive_tables_direct_access_by_rfc_logon_static_list-6de335bd 2026-04-25T16:25:24.197Z monthly 0.6 https://detectionlint.org/library/yara-l-sap_sensitive_tables_direct_access_by_rfc_logon_data_table-795e810f 2026-04-25T16:25:23.931Z monthly 0.6 https://detectionlint.org/library/yara-l-sap_sensitive_role_authorization_modification-49b2955c 2026-04-25T16:25:23.673Z monthly 0.6 https://detectionlint.org/library/yara-l-sap_sensitive_role_assignment_correlation-25319abe 2026-04-25T16:25:23.405Z monthly 0.6 https://detectionlint.org/library/yara-l-sap_sensitive_rfc_function_module_execution-d813c388 2026-04-25T16:25:23.146Z monthly 0.6 https://detectionlint.org/library/yara-l-sap_security_audit_log_user_created_deleted_or_unlocked-bb1a5191 2026-04-25T16:25:22.887Z monthly 0.6 https://detectionlint.org/library/yara-l-sap_security_audit_log_configuration_change-115986d7 2026-04-25T16:25:22.617Z monthly 0.6 https://detectionlint.org/library/yara-l-sap_multiple_password_changes-fcb7b314 2026-04-25T16:25:22.346Z monthly 0.6 https://detectionlint.org/library/yara-l-sap_multi_terminal_logon-5f5704d4 2026-04-25T16:25:22.083Z monthly 0.6 https://detectionlint.org/library/yara-l-sap_impossible_travel-c7bc7743 2026-04-25T16:25:21.817Z monthly 0.6 https://detectionlint.org/library/yara-l-sap_hanadb_user_admin_actions-077d6f49 2026-04-25T16:25:21.555Z monthly 0.6 https://detectionlint.org/library/yara-l-sap_hanadb_deactivation_of_audit_trail-fcce5a48 2026-04-25T16:25:21.295Z monthly 0.6 https://detectionlint.org/library/yara-l-sap_hanadb_audit_trail_policy_changes-967dc0a5 2026-04-25T16:25:21.038Z monthly 0.6 https://detectionlint.org/library/yara-l-sap_hanadb_assign_admin_authorizations-a737ef88 2026-04-25T16:25:20.768Z monthly 0.6 https://detectionlint.org/library/yara-l-sap_gateway_ufo_table_access-34f663f9 2026-04-25T16:25:20.512Z monthly 0.6 https://detectionlint.org/library/yara-l-sap_gateway_acl_bypass_attempt-faec0d60 2026-04-25T16:25:20.256Z monthly 0.6 https://detectionlint.org/library/yara-l-sap_function_module_testing_detected-d6c9a31d 2026-04-25T16:25:19.983Z monthly 0.6 https://detectionlint.org/library/yara-l-sap_execution_of_sensitive_abap_program-5f0556f9 2026-04-25T16:25:19.714Z monthly 0.6 https://detectionlint.org/library/yara-l-sap_deactivation_of_security_audit_log-0ea0543c 2026-04-25T16:25:19.458Z monthly 0.6 https://detectionlint.org/library/yara-l-sap_data_changed_during_debugging-555e3157 2026-04-25T16:25:19.163Z monthly 0.6 https://detectionlint.org/library/yara-l-sap_critical_role_assigned_to_new_user-c2a05d9c 2026-04-25T16:25:18.904Z monthly 0.6 https://detectionlint.org/library/yara-l-sap_critical_authorization_value_changed-23367b7a 2026-04-25T16:25:18.636Z monthly 0.6 https://detectionlint.org/library/yara-l-sap_critial_role_assigned_to_new_user-dfec0795 2026-04-25T16:25:18.381Z monthly 0.6 https://detectionlint.org/library/yara-l-sap_change_documents_sensitive_role_assignment-b09b28b5 2026-04-25T16:25:18.125Z monthly 0.6 https://detectionlint.org/library/yara-l-sap_change_documents_sensitive_profile_assignment_data_table-d6ebf92d 2026-04-25T16:25:17.872Z monthly 0.6 https://detectionlint.org/library/yara-l-sap_change_documents_sensitive_profile_assignment-e7c6e6bc 2026-04-25T16:25:17.612Z monthly 0.6 https://detectionlint.org/library/yara-l-sap_brute_force_rfc_logon-5bec4d09 2026-04-25T16:25:17.355Z monthly 0.6 https://detectionlint.org/library/yara-l-sap_break_glass_account_login-1442b45a 2026-04-25T16:25:17.051Z monthly 0.6 https://detectionlint.org/library/yara-l-onelogin_user_logins_from_multiple_countries-858397f8 2026-04-25T16:25:16.790Z monthly 0.6 https://detectionlint.org/library/yara-l-onelogin_user_authentication_factor_removed-932f2c37 2026-04-25T16:25:16.513Z monthly 0.6 https://detectionlint.org/library/yara-l-onelogin_super_user_privileges_assigned-1d80ff74 2026-04-25T16:25:16.226Z monthly 0.6 https://detectionlint.org/library/yara-l-onelogin_otp_brute_force_attack-a4a471c4 2026-04-25T16:25:15.946Z monthly 0.6 https://detectionlint.org/library/yara-l-onelogin_multiple_users_login_failures_from_the_same_ip-87d46093 2026-04-25T16:25:15.692Z monthly 0.6 https://detectionlint.org/library/yara-l-onelogin_multiple_users_assumed-b46a32cf 2026-04-25T16:25:15.404Z monthly 0.6 https://detectionlint.org/library/yara-l-onelogin_application_password_revealed-cd499055 2026-04-25T16:25:15.146Z monthly 0.6 https://detectionlint.org/library/yara-l-okta_user_suspicious_activity_reported-9157ae2c 2026-04-25T16:25:14.883Z monthly 0.6 https://detectionlint.org/library/yara-l-okta_user_rejected_multiple_push_notifications-86ea2b39 2026-04-25T16:25:14.620Z monthly 0.6 https://detectionlint.org/library/yara-l-okta_user_password_and_mfa_factor_reset_or_deactivated-5d37951a 2026-04-25T16:25:14.350Z monthly 0.6 https://detectionlint.org/library/yara-l-okta_user_logins_from_multiple_cities-111aea79 2026-04-25T16:25:14.090Z monthly 0.6 https://detectionlint.org/library/yara-l-okta_user_login_out_of_hours-6b108723 2026-04-25T16:25:13.831Z monthly 0.6 https://detectionlint.org/library/yara-l-okta_user_failed_number_challenge_during_push_notification-a2528a58 2026-04-25T16:25:13.569Z monthly 0.6 https://detectionlint.org/library/yara-l-okta_user_account_lockout-58d691d8 2026-04-25T16:25:13.317Z monthly 0.6 https://detectionlint.org/library/yara-l-okta_threatinsight_targeted_brute_force_attack-7838becc 2026-04-25T16:25:13.051Z monthly 0.6 https://detectionlint.org/library/yara-l-okta_threatinsight_suspected_password_spray_attack-c2c35056 2026-04-25T16:25:12.776Z monthly 0.6 https://detectionlint.org/library/yara-l-okta_threatinsight_suspected_brute_force_attack-1206546e 2026-04-25T16:25:12.515Z monthly 0.6 https://detectionlint.org/library/yara-l-okta_threatinsight_login_failure_with_high_unknown_users-a5d13628 2026-04-25T16:25:12.236Z monthly 0.6 https://detectionlint.org/library/yara-l-okta_suspicious_use_of_a_session_cookie-7cc8e5b0 2026-04-25T16:25:11.884Z monthly 0.6 https://detectionlint.org/library/yara-l-okta_successful_high_risk_user_logins-f8ac3b3f 2026-04-25T16:25:11.611Z monthly 0.6 https://detectionlint.org/library/yara-l-okta_phishing_detection_with_fastpass_origin_check-4fb90592 2026-04-25T16:25:11.344Z monthly 0.6 https://detectionlint.org/library/yara-l-okta_new_api_token_created-626397d5 2026-04-25T16:25:11.072Z monthly 0.6 https://detectionlint.org/library/yara-l-okta_multiple_users_logins_with_invalid_credentials_from_the-8b28a31f 2026-04-25T16:25:10.820Z monthly 0.6 https://detectionlint.org/library/yara-l-okta_multiple_failed_requests_to_access_applications-c9eb0cca 2026-04-25T16:25:10.564Z monthly 0.6 https://detectionlint.org/library/yara-l-okta_mismatch_between_source_and_response_for_verify_push_re-bfe344b8 2026-04-25T16:25:10.292Z monthly 0.6 https://detectionlint.org/library/yara-l-okta_mfa_brute_force_attack-9b1b14da 2026-04-25T16:25:10.026Z monthly 0.6 https://detectionlint.org/library/yara-l-suspicious_asn_watchlist-d0fbd6da 2026-04-25T16:25:09.761Z monthly 0.6 https://detectionlint.org/library/yara-l-suspicious_asn-12b0daec 2026-04-25T16:25:09.510Z monthly 0.6 https://detectionlint.org/library/yara-l-network_traffic_to_specific_country-97168044 2026-04-25T16:25:09.194Z monthly 0.6 https://detectionlint.org/library/yara-l-high_risk_user_download_executable_from_macro-31a9b06b 2026-04-25T16:25:08.924Z monthly 0.6 https://detectionlint.org/library/yara-l-wmic_ntds_dit_t1003_003_cisa_report-ffe6434b 2026-04-25T16:25:08.658Z monthly 0.6 https://detectionlint.org/library/yara-l-windows_event_log_cleared-a165133a 2026-04-25T16:25:08.384Z monthly 0.6 https://detectionlint.org/library/yara-l-win_susp_or_malicious_service_created-ffca062a 2026-04-25T16:25:08.117Z monthly 0.6 https://detectionlint.org/library/yara-l-win_short_term_account_use-4d89523f 2026-04-25T16:25:07.849Z monthly 0.6 https://detectionlint.org/library/yara-l-win_repeatedauthfailure_thensuccess_t1110_001_user_asset_ent-9be431cb 2026-04-25T16:25:07.572Z monthly 0.6 https://detectionlint.org/library/yara-l-win_repeatedauthfailure_thensuccess_t1110_001-d761894f 2026-04-25T16:25:07.315Z monthly 0.6 https://detectionlint.org/library/yara-l-win_pua_detection_of_uncommon_rmm-61585711 2026-04-25T16:25:07.060Z monthly 0.6 https://detectionlint.org/library/yara-l-whoami_execution-4c5c06a4 2026-04-25T16:25:06.796Z monthly 0.6 https://detectionlint.org/library/yara-l-wdigest_enable_uselogoncredential-9f004ac2 2026-04-25T16:25:06.540Z monthly 0.6 https://detectionlint.org/library/yara-l-suspicious_unusual_location_lnk_file-4faf7b25 2026-04-25T16:25:06.284Z monthly 0.6 https://detectionlint.org/library/yara-l-suspicious_powershell_in_registry_run_keys-05a672d9 2026-04-25T16:25:05.994Z monthly 0.6 https://detectionlint.org/library/yara-l-suspicious_invoke_webrequest_execution-7ff1974f 2026-04-25T16:25:05.702Z monthly 0.6 https://detectionlint.org/library/yara-l-suspicious_file_downloaded_from_file_sharing_website_via_cer-e632114b 2026-04-25T16:25:05.443Z monthly 0.6 https://detectionlint.org/library/yara-l-suspicious_download_via_certutil_exe-08152124 2026-04-25T16:25:05.178Z monthly 0.6 https://detectionlint.org/library/yara-l-suspicious_curl_exe_download-68fc8044 2026-04-25T16:25:04.910Z monthly 0.6 https://detectionlint.org/library/yara-l-suspicious_certreq_command_to_download-18b2dd3e 2026-04-25T16:25:04.648Z monthly 0.6 https://detectionlint.org/library/yara-l-shimcache_flush-c4fae00e 2026-04-25T16:25:04.397Z monthly 0.6 https://detectionlint.org/library/yara-l-session_manager_autorun_keys_modification-1c304579 2026-04-25T16:25:04.114Z monthly 0.6 https://detectionlint.org/library/yara-l-rw_windows_password_spray_t1110_003-4ce8b48a 2026-04-25T16:25:03.841Z monthly 0.6 https://detectionlint.org/library/yara-l-rw_utilities_associated_with_ntdsdit_t1003_003-36cf45a2 2026-04-25T16:25:03.567Z monthly 0.6 https://detectionlint.org/library/yara-l-rw_mimikatz_t1003-fc0f154f 2026-04-25T16:25:03.294Z monthly 0.6 https://detectionlint.org/library/yara-l-restrictedadminmode_registry_value_tampering-b1245713 2026-04-25T16:25:03.023Z monthly 0.6 https://detectionlint.org/library/yara-l-renamed_createdump_utility_execution-93a61059 2026-04-25T16:25:02.769Z monthly 0.6 https://detectionlint.org/library/yara-l-reg_add_suspicious_paths-a3ba1349 2026-04-25T16:25:02.495Z monthly 0.6 https://detectionlint.org/library/yara-l-recon_suspicious_commands_cisa_report-15655f14 2026-04-25T16:25:02.225Z monthly 0.6 https://detectionlint.org/library/yara-l-recon_successful_logon_enumeration_powershell_t1033_cisa_rep-f389319b 2026-04-25T16:25:01.946Z monthly 0.6 https://detectionlint.org/library/yara-l-recon_environment_enumeration_system_cisa_report-11e952c9 2026-04-25T16:25:01.688Z monthly 0.6 https://detectionlint.org/library/yara-l-recon_environment_enumeration_network_cisa_report-0f078d23 2026-04-25T16:25:01.430Z monthly 0.6 https://detectionlint.org/library/yara-l-recon_environment_enumeration_active_directory_cisa_report-f54c251c 2026-04-25T16:25:01.161Z monthly 0.6 https://detectionlint.org/library/yara-l-recon_credential_theft_cisa_report-a22540be 2026-04-25T16:25:00.894Z monthly 0.6 https://detectionlint.org/library/yara-l-rdp_sensitive_settings_changed_to_zero-f084feb3 2026-04-25T16:25:00.635Z monthly 0.6 https://detectionlint.org/library/yara-l-rdp_sensitive_settings_changed-2b95b24e 2026-04-25T16:25:00.371Z monthly 0.6 https://detectionlint.org/library/yara-l-pua_nimgrab_execution-402bc04f 2026-04-25T16:25:00.109Z monthly 0.6 https://detectionlint.org/library/yara-l-process_memory_dump_via_rdrleakdiag-98d1d842 2026-04-25T16:24:59.845Z monthly 0.6 https://detectionlint.org/library/yara-l-process_memory_dump_via_comsvcs_dll-a8c04f4a 2026-04-25T16:24:59.581Z monthly 0.6 https://detectionlint.org/library/yara-l-printbrm_zip_creation_or_extraction-26af21f8 2026-04-25T16:24:59.317Z monthly 0.6 https://detectionlint.org/library/yara-l-powershell_web_download-481ec00c 2026-04-25T16:24:59.049Z monthly 0.6 https://detectionlint.org/library/yara-l-powershell_downloadfile-e5e0c865 2026-04-25T16:24:58.785Z monthly 0.6 https://detectionlint.org/library/yara-l-potential_tampering_with_rdp_related_registry_keys_via_reg_e-e79650f8 2026-04-25T16:24:58.516Z monthly 0.6 https://detectionlint.org/library/yara-l-potential_suspicious_activity_using_secedit-93a8cdd3 2026-04-25T16:24:58.244Z monthly 0.6 https://detectionlint.org/library/yara-l-potential_remote_powershell_session_initiated-844a5013 2026-04-25T16:24:57.986Z monthly 0.6 https://detectionlint.org/library/yara-l-potential_lsass_process_dump_via_procdump-22c35ae8 2026-04-25T16:24:57.729Z monthly 0.6 https://detectionlint.org/library/yara-l-potential_credential_dumping_activity_via_lsass-7673036c 2026-04-25T16:24:57.463Z monthly 0.6 https://detectionlint.org/library/yara-l-potential_cred_dumping_via_lsass_silentprocessexit_technique-10770467 2026-04-25T16:24:57.190Z monthly 0.6 https://detectionlint.org/library/yara-l-port_proxy_forwarding_t1090_cisa_report-65d283ba 2026-04-25T16:24:56.910Z monthly 0.6 https://detectionlint.org/library/yara-l-new_user_created_via_net_exe-ef06a824 2026-04-25T16:24:56.560Z monthly 0.6 https://detectionlint.org/library/yara-l-new_run_key_pointing_to_suspicious_folder-ce3762bf 2026-04-25T16:24:56.303Z monthly 0.6 https://detectionlint.org/library/yara-l-modify_user_shell_folders_startup_value-59b7352e 2026-04-25T16:24:56.040Z monthly 0.6 https://detectionlint.org/library/yara-l-mitre_attack_t1570_suspicious_command_psexec-98b26d0e 2026-04-25T16:24:55.765Z monthly 0.6 https://detectionlint.org/library/yara-l-mitre_attack_t1140_encoded_powershell_command-20751aa7 2026-04-25T16:24:55.502Z monthly 0.6 https://detectionlint.org/library/yara-l-mitre_attack_t1053_005_windows_creation_of_scheduled_task-2eb44b84 2026-04-25T16:24:55.193Z monthly 0.6 https://detectionlint.org/library/yara-l-mitre_attack_t1021_002_windows_admin_share_with_user_entity-062a1dd5 2026-04-25T16:24:54.922Z monthly 0.6 https://detectionlint.org/library/yara-l-mitre_attack_t1021_002_windows_admin_share_with_user_enrichm-8729a6fb 2026-04-25T16:24:54.653Z monthly 0.6 https://detectionlint.org/library/yara-l-mitre_attack_t1021_002_windows_admin_share_with_asset_entity-f7c66a46 2026-04-25T16:24:54.381Z monthly 0.6 https://detectionlint.org/library/yara-l-mitre_attack_t1021_002_windows_admin_share_basic-2f63c00d 2026-04-25T16:24:54.118Z monthly 0.6 https://detectionlint.org/library/yara-l-lsass_process_memory_dump_file_creation_taskmgr-46c041c1 2026-04-25T16:24:53.857Z monthly 0.6 https://detectionlint.org/library/yara-l-lsass_process_memory_dump_file_creation-621831b6 2026-04-25T16:24:53.595Z monthly 0.6 https://detectionlint.org/library/yara-l-lsass_memory_dump_comsvcs_dll-8840a6b3 2026-04-25T16:24:53.330Z monthly 0.6 https://detectionlint.org/library/yara-l-lsass_memory_access_by_tool_dump_keyword_name-3959a39e 2026-04-25T16:24:53.050Z monthly 0.6 https://detectionlint.org/library/yara-l-lsass_dump_keyword_command_line-ff126f24 2026-04-25T16:24:52.790Z monthly 0.6 https://detectionlint.org/library/yara-l-local_accounts_discovery-f0ba16ec 2026-04-25T16:24:52.535Z monthly 0.6 https://detectionlint.org/library/yara-l-impacket_wmiexec_cisa_report-f58e8a17 2026-04-25T16:24:52.259Z monthly 0.6 https://detectionlint.org/library/yara-l-hacktool_winpeas_execution_patterns-9e37bc97 2026-04-25T16:24:52.000Z monthly 0.6 https://detectionlint.org/library/yara-l-hacktool_sharp_successor_execution-b2446827 2026-04-25T16:24:51.736Z monthly 0.6 https://detectionlint.org/library/yara-l-hacktool_purpleknight_execution-b781af29 2026-04-25T16:24:51.441Z monthly 0.6 https://detectionlint.org/library/yara-l-hacktool_mimikatz_execution-57a9fe46 2026-04-25T16:24:51.175Z monthly 0.6 https://detectionlint.org/library/yara-l-hacktool_ironsharp_pack_execution-03185caf 2026-04-25T16:24:50.906Z monthly 0.6 https://detectionlint.org/library/yara-l-hacktool_generic_process_access-3e19f1fd 2026-04-25T16:24:50.628Z monthly 0.6 https://detectionlint.org/library/yara-l-hacktool_dumpert_process_dumper_exec-9584b4a4 2026-04-25T16:24:50.365Z monthly 0.6 https://detectionlint.org/library/yara-l-hacktool_dumpert_process_dumper_default_file-77737483 2026-04-25T16:24:50.076Z monthly 0.6 https://detectionlint.org/library/yara-l-finger_exe_execution-bda51f0b 2026-04-25T16:24:49.804Z monthly 0.6 https://detectionlint.org/library/yara-l-file_download_via_windows_defender_mpcmdrun_exe-082b7635 2026-04-25T16:24:49.545Z monthly 0.6 https://detectionlint.org/library/yara-l-file_download_using_notepad_plus_plus_gup_utility-0873d603 2026-04-25T16:24:49.272Z monthly 0.6 https://detectionlint.org/library/yara-l-disable_internal_tools_or_feature_in_registry-fa691f8e 2026-04-25T16:24:49.006Z monthly 0.6 https://detectionlint.org/library/yara-l-direct_autorun_keys_modification-46b6bd66 2026-04-25T16:24:48.735Z monthly 0.6 https://detectionlint.org/library/yara-l-default_rdp_port_changed_to_non_standard_port-f6422ac9 2026-04-25T16:24:48.462Z monthly 0.6 https://detectionlint.org/library/yara-l-currentversion_autorun_keys_modification-766d3e7c 2026-04-25T16:24:48.189Z monthly 0.6 https://detectionlint.org/library/yara-l-currentcontrolset_autorun_keys_modification-02120ec2 2026-04-25T16:24:47.918Z monthly 0.6 https://detectionlint.org/library/yara-l-credential_dumping_attempt_via_werfault-da97afb5 2026-04-25T16:24:47.651Z monthly 0.6 https://detectionlint.org/library/yara-l-cred_dump_tools_dropped_files-4be79e9c 2026-04-25T16:24:47.377Z monthly 0.6 https://detectionlint.org/library/yara-l-create_dump_process_dump-48c108c3 2026-04-25T16:24:47.099Z monthly 0.6 https://detectionlint.org/library/yara-l-copy_from_or_to_admin_share_or_sysvol_folder-946ddcae 2026-04-25T16:24:46.840Z monthly 0.6 https://detectionlint.org/library/yara-l-convertto_securestring_cmdlet_usage_via_commandline-a2a878f2 2026-04-25T16:24:46.581Z monthly 0.6 https://detectionlint.org/library/yara-l-blackbyte_ransomware_registry-cb6b4f17 2026-04-25T16:24:46.311Z monthly 0.6 https://detectionlint.org/library/yara-l-base64_encoded_powershell_command_detected-9d5911d5 2026-04-25T16:24:46.054Z monthly 0.6 https://detectionlint.org/library/yara-l-ttp_windows_webserver_process_potential_webshell_execution-3b46bdc1 2026-04-25T16:24:45.778Z monthly 0.6 https://detectionlint.org/library/yara-l-ttp_windows_w3wp_launching_encoded_powershell-80649656 2026-04-25T16:24:45.512Z monthly 0.6 https://detectionlint.org/library/yara-l-ttp_windows_suspicious_filewrites_to_sharepoint_layouts-be580445 2026-04-25T16:24:45.233Z monthly 0.6 https://detectionlint.org/library/yara-l-ttp_windows_sharepoint_cve_2025_53770_webshell_succeeded-785e74ee 2026-04-25T16:24:44.969Z monthly 0.6 https://detectionlint.org/library/yara-l-ttp_windows_sharepoint_cve_2025_53770_webshell_attempted-7b6deb82 2026-04-25T16:24:44.696Z monthly 0.6 https://detectionlint.org/library/yara-l-ttp_sharepoint_cve_2025_49706_exploitation-c599ac23 2026-04-25T16:24:44.431Z monthly 0.6 https://detectionlint.org/library/yara-l-suspicious_entra_id_sign_in_external_call-fea0d86c 2026-04-25T16:24:44.165Z monthly 0.6 https://detectionlint.org/library/yara-l-o365_teams_member_removed-6c37c73b 2026-04-25T16:24:43.877Z monthly 0.6 https://detectionlint.org/library/yara-l-o365_recently_created_entra_id_user_assigned_roles-15866f8b 2026-04-25T16:24:43.609Z monthly 0.6 https://detectionlint.org/library/yara-l-o365_persistent_login_activity_to_azure_adpowershell_app-ae2563ef 2026-04-25T16:24:43.342Z monthly 0.6 https://detectionlint.org/library/yara-l-o365_onedrive_anonymous_link_created_updated-58bdc4d6 2026-04-25T16:24:43.070Z monthly 0.6 https://detectionlint.org/library/yara-l-o365_onedrive_anonymous_link_accessed-83e7708d 2026-04-25T16:24:42.815Z monthly 0.6 https://detectionlint.org/library/yara-l-o365_onedrive_anonymous_filedownload-a8bfdc3f 2026-04-25T16:24:42.555Z monthly 0.6 https://detectionlint.org/library/yara-l-o365_onedrive_anonymous_file_accessed-c8b00b6a 2026-04-25T16:24:42.286Z monthly 0.6 https://detectionlint.org/library/yara-l-o365_mail_access_api-a52a3f50 2026-04-25T16:24:41.998Z monthly 0.6 https://detectionlint.org/library/yara-l-o365_login_activity_to_uncommon_mscloud_apps-7f510dde 2026-04-25T16:24:41.616Z monthly 0.6 https://detectionlint.org/library/yara-l-o365_login_activity_to_azure_ad_powershell_app-f204a0aa 2026-04-25T16:24:41.353Z monthly 0.6 https://detectionlint.org/library/yara-l-o365_logging_enabled-8987ae1a 2026-04-25T16:24:41.081Z monthly 0.6 https://detectionlint.org/library/yara-l-o365_logging_disabled-21851304 2026-04-25T16:24:40.796Z monthly 0.6 https://detectionlint.org/library/yara-l-o365_group_modification_remove_member_success-fc9649ab 2026-04-25T16:24:40.525Z monthly 0.6 https://detectionlint.org/library/yara-l-o365_group_modification_add_member_success_threshold-3218b7b0 2026-04-25T16:24:40.263Z monthly 0.6 https://detectionlint.org/library/yara-l-o365_group_modification_add_member_success-3285f4fd 2026-04-25T16:24:39.994Z monthly 0.6 https://detectionlint.org/library/yara-l-o365_group_deletion_success-61423497 2026-04-25T16:24:39.716Z monthly 0.6 https://detectionlint.org/library/yara-l-o365_group_creation_success-500d3822 2026-04-25T16:24:39.448Z monthly 0.6 https://detectionlint.org/library/yara-l-o365_group_creation_failure-e53e5339 2026-04-25T16:24:39.183Z monthly 0.6 https://detectionlint.org/library/yara-l-o365_file_download-047bd6e2 2026-04-25T16:24:38.914Z monthly 0.6 https://detectionlint.org/library/yara-l-o365_entra_id_client_secret_add_update_delete_in_app-4e807a6a 2026-04-25T16:24:38.644Z monthly 0.6 https://detectionlint.org/library/yara-l-o365_entra_id_application_creation-df5aa1c4 2026-04-25T16:24:38.375Z monthly 0.6 https://detectionlint.org/library/yara-l-o365_entra_id_app_permissions_threshold_exceeded-5808f2c4 2026-04-25T16:24:38.105Z monthly 0.6 https://detectionlint.org/library/yara-l-o365_entra_id_app_permissions_percent_threshold_exceeded-9640341f 2026-04-25T16:24:37.841Z monthly 0.6 https://detectionlint.org/library/yara-l-o365_entra_id_app_modify_permission_change_on_watchlist-324ae3ec 2026-04-25T16:24:37.571Z monthly 0.6 https://detectionlint.org/library/yara-l-o365_admin_login_activity_to_uncommon_mscloud_apps-89f0baaf 2026-04-25T16:24:37.300Z monthly 0.6 https://detectionlint.org/library/yara-l-o365_add_user_to_admin_role-4c966e19 2026-04-25T16:24:37.031Z monthly 0.6 https://detectionlint.org/library/yara-l-o365_adpowershell_app_login_subsequent_activity-1dbd1558 2026-04-25T16:24:36.760Z monthly 0.6 https://detectionlint.org/library/yara-l-ms_graph_user_endpoint_requests-2310fcc9 2026-04-25T16:24:36.499Z monthly 0.6 https://detectionlint.org/library/yara-l-ms_graph_user_and_group_enumeration-9429e649 2026-04-25T16:24:36.236Z monthly 0.6 https://detectionlint.org/library/yara-l-ms_graph_updatable_groups_enumeration-2c5c85dd 2026-04-25T16:24:35.953Z monthly 0.6 https://detectionlint.org/library/yara-l-ms_graph_security_open_inbox_enumeration-fc58259c 2026-04-25T16:24:35.687Z monthly 0.6 https://detectionlint.org/library/yara-l-ms_graph_search_query-c6ea3838 2026-04-25T16:24:35.423Z monthly 0.6 https://detectionlint.org/library/yara-l-ms_graph_mail_api_requests_top_n_messages-be9d1289 2026-04-25T16:24:35.163Z monthly 0.6 https://detectionlint.org/library/yara-l-ms_graph_groups_endpoint_requests-596b2695 2026-04-25T16:24:34.899Z monthly 0.6 https://detectionlint.org/library/yara-l-ms_graph_group_members_enumeration-b05338bd 2026-04-25T16:24:34.632Z monthly 0.6 https://detectionlint.org/library/yara-l-ms_graph_group_creation_success-9bbf1ee4 2026-04-25T16:24:34.369Z monthly 0.6 https://detectionlint.org/library/yara-l-ms_graph_group_bad_request-0756d919 2026-04-25T16:24:34.103Z monthly 0.6 https://detectionlint.org/library/yara-l-ms_graph_graphrunner_graphrecon_enumeration-76220dd6 2026-04-25T16:24:33.825Z monthly 0.6 https://detectionlint.org/library/yara-l-ms_graph_failed_file_downloads_uniq_docs-e94a386c 2026-04-25T16:24:33.560Z monthly 0.6 https://detectionlint.org/library/yara-l-ms_graph_failed_file_downloads_multiple_attempts-0efcf5e3 2026-04-25T16:24:33.300Z monthly 0.6 https://detectionlint.org/library/yara-l-ms_graph_estimate_access-84f8bf83 2026-04-25T16:24:33.037Z monthly 0.6 https://detectionlint.org/library/yara-l-ms_graph_enumerate_applications-9de0eb70 2026-04-25T16:24:32.773Z monthly 0.6 https://detectionlint.org/library/yara-l-ms_graph_delete_method-5d77bd18 2026-04-25T16:24:32.512Z monthly 0.6 https://detectionlint.org/library/yara-l-ms_graph_authorization_policy-9533e4e2 2026-04-25T16:24:32.236Z monthly 0.6 https://detectionlint.org/library/yara-l-ms_graph_application_endpoint_requests-4adfba3b 2026-04-25T16:24:31.973Z monthly 0.6 https://detectionlint.org/library/yara-l-graphrunner_suspicious_user_agent_strings-a0d0ec4e 2026-04-25T16:24:31.697Z monthly 0.6 https://detectionlint.org/library/yara-l-entra_id_secret_added_to_app-646c8c74 2026-04-25T16:24:31.434Z monthly 0.6 https://detectionlint.org/library/yara-l-entra_id_recently_created_user_assigned_entra_id_roles-5caa9a16 2026-04-25T16:24:31.106Z monthly 0.6 https://detectionlint.org/library/yara-l-entra_id_login_activity_to_uncommon_mscloud_apps-f825ae3b 2026-04-25T16:24:30.833Z monthly 0.6 https://detectionlint.org/library/yara-l-entra_id_login_activity_to_azure_ad_powershell_app-8efe3229 2026-04-25T16:24:30.565Z monthly 0.6 https://detectionlint.org/library/yara-l-entra_id_group_deletion_success-4e31cf5d 2026-04-25T16:24:30.304Z monthly 0.6 https://detectionlint.org/library/yara-l-entra_id_expired_refresh_token_use-fa0d663e 2026-04-25T16:24:30.032Z monthly 0.6 https://detectionlint.org/library/yara-l-entra_id_excessive_permission_change_to_app-68efc4ad 2026-04-25T16:24:29.760Z monthly 0.6 https://detectionlint.org/library/yara-l-entra_id_devicecode_phishing_attack-9fb9f8f8 2026-04-25T16:24:29.496Z monthly 0.6 https://detectionlint.org/library/yara-l-entra_id_conditional_access_policy_modification-09f06a62 2026-04-25T16:24:29.231Z monthly 0.6 https://detectionlint.org/library/yara-l-entra_id_application_restore-721223a5 2026-04-25T16:24:28.966Z monthly 0.6 https://detectionlint.org/library/yara-l-entra_id_application_hard_deletion-089f614a 2026-04-25T16:24:28.704Z monthly 0.6 https://detectionlint.org/library/yara-l-entra_id_application_deletion-39ba52dc 2026-04-25T16:24:28.440Z monthly 0.6 https://detectionlint.org/library/yara-l-entra_id_application_creation-52308681 2026-04-25T16:24:28.155Z monthly 0.6 https://detectionlint.org/library/yara-l-entra_id_admin_login_activity_to_uncommon_mscloud_apps-d7648723 2026-04-25T16:24:27.900Z monthly 0.6 https://detectionlint.org/library/yara-l-entra_id_add_user_to_admin_role-3409dce4 2026-04-25T16:24:27.636Z monthly 0.6 https://detectionlint.org/library/yara-l-entra_id_add_user_outside_pim-0d5677bf 2026-04-25T16:24:27.364Z monthly 0.6 https://detectionlint.org/library/yara-l-adfs_dkm_key_access-a1ad80df 2026-04-25T16:24:27.101Z monthly 0.6 https://detectionlint.org/library/yara-l-adfs_db_suspicious_named_pipe_connection-9606cf57 2026-04-25T16:24:26.814Z monthly 0.6 https://detectionlint.org/library/yara-l-github_user_unblocked_from_accessing_organization_repositori-95ce9515 2026-04-25T16:24:26.464Z monthly 0.6 https://detectionlint.org/library/yara-l-github_user_blocked_from_accessing_organization_repositories-7f2419cc 2026-04-25T16:24:26.190Z monthly 0.6 https://detectionlint.org/library/yara-l-github_two_factor_authentication_requirement_disabled-f05b0fef 2026-04-25T16:24:25.906Z monthly 0.6 https://detectionlint.org/library/yara-l-github_sso_configuration_modified-1931687c 2026-04-25T16:24:25.587Z monthly 0.6 https://detectionlint.org/library/yara-l-github_secret_scanning_disabled_or_bypassed-7d2fa8fa 2026-04-25T16:24:25.329Z monthly 0.6 https://detectionlint.org/library/yara-l-github_secret_scanning_alert-16489b45 2026-04-25T16:24:25.085Z monthly 0.6 https://detectionlint.org/library/yara-l-github_repository_visibility_changed_to_public-fcec10b7 2026-04-25T16:24:24.826Z monthly 0.6 https://detectionlint.org/library/yara-l-github_repository_deploy_key_created_or_modified-4c8c6764 2026-04-25T16:24:24.577Z monthly 0.6 https://detectionlint.org/library/yara-l-github_repository_branch_protection_rules_disabled-a4bdf93d 2026-04-25T16:24:24.309Z monthly 0.6 https://detectionlint.org/library/yara-l-github_repository_archived_or_deleted-b311d7c4 2026-04-25T16:24:24.048Z monthly 0.6 https://detectionlint.org/library/yara-l-github_personal_access_token_created_from_tor_ip_address-63d668a4 2026-04-25T16:24:23.774Z monthly 0.6 https://detectionlint.org/library/yara-l-github_personal_access_token_auto_approve_policy_modified-4faa26ea 2026-04-25T16:24:23.514Z monthly 0.6 https://detectionlint.org/library/yara-l-github_outgoing_repository_transfer_initiated-4de23f58 2026-04-25T16:24:23.251Z monthly 0.6 https://detectionlint.org/library/yara-l-github_outgoing_organization_transfer_initiated-1b688ad5 2026-04-25T16:24:22.987Z monthly 0.6 https://detectionlint.org/library/yara-l-github_organization_removed_from_enterprise-07226f71 2026-04-25T16:24:22.722Z monthly 0.6 https://detectionlint.org/library/yara-l-github_oauth_application_access_restrictions_disabled-104307eb 2026-04-25T16:24:22.450Z monthly 0.6 https://detectionlint.org/library/yara-l-github_invitation_sent_to_non_company_email_domain-5a9d122f 2026-04-25T16:24:22.175Z monthly 0.6 https://detectionlint.org/library/yara-l-github_high_number_of_non_public_github_repositories_downloa-bd87377b 2026-04-25T16:24:21.915Z monthly 0.6 https://detectionlint.org/library/yara-l-github_high_number_of_non_public_github_repositories_cloned-976464e3 2026-04-25T16:24:21.642Z monthly 0.6 https://detectionlint.org/library/yara-l-github_enterprise_or_organization_recovery_codes_activity-d6b9fa18 2026-04-25T16:24:21.370Z monthly 0.6 https://detectionlint.org/library/yara-l-github_enterprise_deleted-b86725df 2026-04-25T16:24:21.079Z monthly 0.6 https://detectionlint.org/library/yara-l-github_enterprise_audit_log_stream_modified-1883aa8d 2026-04-25T16:24:20.810Z monthly 0.6 https://detectionlint.org/library/yara-l-github_enterprise_audit_log_stream_destroyed-7c731ef8 2026-04-25T16:24:20.543Z monthly 0.6 https://detectionlint.org/library/yara-l-github_dependabot_vulnerability_alerts_disabled-60d80122 2026-04-25T16:24:20.249Z monthly 0.6 https://detectionlint.org/library/yara-l-github_application_installed-438d0d37 2026-04-25T16:24:19.987Z monthly 0.6 https://detectionlint.org/library/yara-l-github_access_granted_to_personal_access_token_followed_by_h-495a41dd 2026-04-25T16:24:19.712Z monthly 0.6 https://detectionlint.org/library/yara-l-google_cloud_service_account_key_created_or_uploaded-439d1138 2026-04-25T16:24:19.454Z monthly 0.6 https://detectionlint.org/library/yara-l-gcp_workload_identity_pool_disabled_or_deleted-38d1cf93 2026-04-25T16:24:19.194Z monthly 0.6 https://detectionlint.org/library/yara-l-gcp_unauthorized_gke_pod_token_endpoint_usage-fd4878d0 2026-04-25T16:24:18.920Z monthly 0.6 https://detectionlint.org/library/yara-l-gcp_successful_api_from_tor_exit_node-84e02581 2026-04-25T16:24:18.650Z monthly 0.6 https://detectionlint.org/library/yara-l-gcp_storage_bucket_opened_to_public-d0450851 2026-04-25T16:24:18.379Z monthly 0.6 https://detectionlint.org/library/yara-l-gcp_service_api_key_retrieved-a39b8dca 2026-04-25T16:24:18.132Z monthly 0.6 https://detectionlint.org/library/yara-l-gcp_service_account_key_used_from_multiple_countries-82834f5f 2026-04-25T16:24:17.859Z monthly 0.6 https://detectionlint.org/library/yara-l-gcp_security_command_center_service_disabled-7979015c 2026-04-25T16:24:17.585Z monthly 0.6 https://detectionlint.org/library/yara-l-gcp_multiple_service_apis_disabled-00cd2795 2026-04-25T16:24:17.343Z monthly 0.6 https://detectionlint.org/library/yara-l-gcp_multiple_secrets_deleted-1e5dff68 2026-04-25T16:24:17.073Z monthly 0.6 https://detectionlint.org/library/yara-l-gcp_multiple_kms_keys_disabled_or_destroyed-4a292d5d 2026-04-25T16:24:16.807Z monthly 0.6 https://detectionlint.org/library/yara-l-gcp_multiple_hmac_keys_deleted-5e70c433 2026-04-25T16:24:16.538Z monthly 0.6 https://detectionlint.org/library/yara-l-gcp_kms_decryption_by_unexpected_service_account-f958ddf8 2026-04-25T16:24:16.271Z monthly 0.6 https://detectionlint.org/library/yara-l-gcp_identity_low_and_medium_severity_alert_escalation-e2e3f70f 2026-04-25T16:24:16.002Z monthly 0.6 https://detectionlint.org/library/yara-l-gcp_iam_organization_policy_updated_or_deleted-bf65c62e 2026-04-25T16:24:15.729Z monthly 0.6 https://detectionlint.org/library/yara-l-gcp_gce_image_open_to_public-7bee7d2a 2026-04-25T16:24:15.467Z monthly 0.6 https://detectionlint.org/library/yara-l-gcp_free_gmail_domains_added_to_iam_policy-cc60b6e2 2026-04-25T16:24:15.198Z monthly 0.6 https://detectionlint.org/library/yara-l-gcp_firewall_rule_opened_to_world-a18cd9d9 2026-04-25T16:24:14.935Z monthly 0.6 https://detectionlint.org/library/yara-l-gcp_exempt_principals_from_audit_log-d3375e97 2026-04-25T16:24:14.665Z monthly 0.6 https://detectionlint.org/library/yara-l-gcp_excessive_permission_denied_events-f5d2bd39 2026-04-25T16:24:14.395Z monthly 0.6 https://detectionlint.org/library/yara-l-gcp_cloud_audit_logging_removed_from_all_services-37affcfd 2026-04-25T16:24:14.122Z monthly 0.6 https://detectionlint.org/library/yara-l-gcp_bigquery_results_downloaded_from_multiple_tables-93dbcb08 2026-04-25T16:24:13.845Z monthly 0.6 https://detectionlint.org/library/yara-l-gcp_bigquery_datasets_opened_to_public-3f633878 2026-04-25T16:24:13.571Z monthly 0.6 https://detectionlint.org/library/yara-l-gcp_admin_privileged_roles_added_to_service_accounts-695daaa2 2026-04-25T16:24:13.296Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_guardduty_tor_network_activity_detected-103160b8 2026-04-25T16:24:13.033Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_guardduty_penetration_testing_activity_detected-3cee033c 2026-04-25T16:24:12.763Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_guardduty_malicious_or_suspicious_file_executed-f8d8fbe9 2026-04-25T16:24:12.488Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_guardduty_dga_domain_activity_detected-d671be7a 2026-04-25T16:24:12.220Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_guardduty_denial_of_service_activity_detected-3dddf4dc 2026-04-25T16:24:11.946Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_guardduty_crypto_currency_activity_detected-4271ffec 2026-04-25T16:24:11.590Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_guardduty_command_and_control_activity_detected-b7717e2a 2026-04-25T16:24:10.646Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_guardduty_brute_force_activity_detected-348001b7 2026-04-25T16:24:10.373Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_guardduty_black_hole_traffic_detected-d1efe208 2026-04-25T16:24:10.106Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_user_creates_permanent_access_key-3aabe339 2026-04-25T16:24:09.843Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_unusual_number_of_failed_authentications_from_the_same_i-b7309c90 2026-04-25T16:24:09.567Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_successful_login_after_multiple_failed_attempts-af4fd3cb 2026-04-25T16:24:09.306Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_successful_console_authentication_from_multiple_ips-352e8da3 2026-04-25T16:24:09.040Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_successful_api_from_tor_exit_node-fee1a1e1 2026-04-25T16:24:08.780Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_ses_service_modification-ee27776d 2026-04-25T16:24:08.516Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_security_group_open_to_world-55eea89f 2026-04-25T16:24:08.237Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_saml_identity_provider_changes-5e140045 2026-04-25T16:24:07.974Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_s3_public_access_block_removed-ea27ff23 2026-04-25T16:24:07.699Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_s3_made_public_by_acl-44b54bd3 2026-04-25T16:24:07.430Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_rds_snapshot_shared_publicly-88f8066d 2026-04-25T16:24:07.160Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_privilege_escalation_using_iam_login_profile-8ac0d669 2026-04-25T16:24:06.883Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_privilege_escalation_using_iam_access_key-fc54d367 2026-04-25T16:24:06.623Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_password_policy_change-d04c1a48 2026-04-25T16:24:06.355Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_new_mfa_method_registered_for_user-c0799bf1 2026-04-25T16:24:06.069Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_multi_factor_authentication_disabled-3574c807 2026-04-25T16:24:05.798Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_lateral_movement_using_iam_session_token-24164ee2 2026-04-25T16:24:05.552Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_lambda_update_function_code-9f8b62c5 2026-04-25T16:24:05.267Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_kms_key_disabled_or_scheduled_for_deletion-c295b917 2026-04-25T16:24:04.991Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_iam_compromised_key_quarantine_policy_attached-7db84627 2026-04-25T16:24:04.717Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_iam_administrator_access_policy_attached-7d60be6f 2026-04-25T16:24:04.449Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_iam_activity_from_ec2_instance-561a2211 2026-04-25T16:24:04.186Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_iam_activity_by_s3_browser_utility-89239078 2026-04-25T16:24:03.911Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_iam_access_denied_discovery_events-c09b23e9 2026-04-25T16:24:03.649Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_iam_access_analyzer_deleted-7c7aeb0c 2026-04-25T16:24:03.378Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_high_number_of_unknown_user_authentication_attempts-c2a02c2b 2026-04-25T16:24:03.116Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_guardduty_trusted_or_threat_ip_lists_tampered-645eda77 2026-04-25T16:24:02.842Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_guardduty_publishing_destination_deleted-c5f65e92 2026-04-25T16:24:02.586Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_guardduty_disabled-e6fdf993 2026-04-25T16:24:02.330Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_excessive_successful_discovery_events-e2ef6d1a 2026-04-25T16:24:02.078Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_enable_disable_region-2fda06ac 2026-04-25T16:24:01.811Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_ec2_user_data_modified-8b591481 2026-04-25T16:24:01.551Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_ec2_high_number_of_api_calls-2ff16f65 2026-04-25T16:24:01.291Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_ec2_get_windows_admin_password-2c139be6 2026-04-25T16:24:01.029Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_ec2_ami_or_snapshot_shared_publicly-524bd054 2026-04-25T16:24:00.750Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_delete_vpc_flow_logs-0e0768c0 2026-04-25T16:24:00.484Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_delete_cloudwatch_log_group-2fc0dea0 2026-04-25T16:24:00.219Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_console_login_without_mfa-56168da0 2026-04-25T16:23:59.958Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_config_service_modified-8f29a738 2026-04-25T16:23:59.694Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_cloudtrail_logging_tampered-1966e041 2026-04-25T16:23:59.434Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_cloudfront_insecure_ssl_policy-8327b22b 2026-04-25T16:23:59.132Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_backup_plan_deleted-5e0d9247 2026-04-25T16:23:58.784Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_api_gateway_get_keys-21d6076b 2026-04-25T16:23:58.495Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_api_call_outside_of_organization-cc378742 2026-04-25T16:23:58.231Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_alb_insecure_ssl_policy-70d7e581 2026-04-25T16:23:57.955Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_account_leaving_or_removed_from_organization-eaa9803f 2026-04-25T16:23:57.658Z monthly 0.6 https://detectionlint.org/library/yara-l-logins_from_terminated_employees-6ca1909d 2026-04-25T16:23:57.390Z monthly 0.6 https://detectionlint.org/library/yara-l-geoip_user_login_from_multiple_states_or_countries-da8c271e 2026-04-25T16:23:57.110Z monthly 0.6 https://detectionlint.org/library/spl-zscaler-virus-download-threat-blocked-172e10ca 2026-04-25T16:23:54.962Z monthly 0.6 https://detectionlint.org/library/spl-zscaler-scam-destinations-threat-blocked-ae53e93a 2026-04-25T16:23:54.686Z monthly 0.6 https://detectionlint.org/library/spl-zscaler-privacy-risk-destinations-threat-blocked-d27e4ae2 2026-04-25T16:23:54.418Z monthly 0.6 https://detectionlint.org/library/spl-zscaler-potentially-abused-file-download-f9bf96e3 2026-04-25T16:23:54.134Z monthly 0.6 https://detectionlint.org/library/spl-zscaler-phishing-activity-threat-blocked-9f01c309 2026-04-25T16:23:53.874Z monthly 0.6 https://detectionlint.org/library/spl-zscaler-malware-activity-threat-blocked-1b718b63 2026-04-25T16:23:53.612Z monthly 0.6 https://detectionlint.org/library/spl-zscaler-legal-liability-threat-blocked-741698c8 2026-04-25T16:23:53.352Z monthly 0.6 https://detectionlint.org/library/spl-zscaler-exploit-threat-blocked-8987a12e 2026-04-25T16:23:53.080Z monthly 0.6 https://detectionlint.org/library/spl-zscaler-employment-search-web-activity-3e7d7fb2 2026-04-25T16:23:52.811Z monthly 0.6 https://detectionlint.org/library/spl-zscaler-cryptominer-downloaded-threat-blocked-acb9fdaa 2026-04-25T16:23:52.525Z monthly 0.6 https://detectionlint.org/library/spl-zscaler-behavior-analysis-threat-blocked-98558eea 2026-04-25T16:23:52.267Z monthly 0.6 https://detectionlint.org/library/spl-zscaler-adware-activities-threat-blocked-206f65cb 2026-04-25T16:23:52.006Z monthly 0.6 https://detectionlint.org/library/spl-ws-ftp-remote-code-execution-5319f2f4 2026-04-25T16:23:51.737Z monthly 0.6 https://detectionlint.org/library/spl-wordpress-bricks-builder-plugin-rce-4b4725d4 2026-04-25T16:23:51.462Z monthly 0.6 https://detectionlint.org/library/spl-windows-sharepoint-toolpane-endpoint-exploitation-attempt-1fdcce2d 2026-04-25T16:23:51.194Z monthly 0.6 https://detectionlint.org/library/spl-windows-sharepoint-spinstall0-get-request-48c2bb26 2026-04-25T16:23:50.927Z monthly 0.6 https://detectionlint.org/library/spl-windows-iis-server-pswa-console-access-67159a53 2026-04-25T16:23:50.659Z monthly 0.6 https://detectionlint.org/library/spl-windows-exchange-autodiscover-ssrf-abuse-78febde6 2026-04-25T16:23:50.382Z monthly 0.6 https://detectionlint.org/library/spl-web-spring-cloud-function-functionrouter-f23bb9ce 2026-04-25T16:23:50.115Z monthly 0.6 https://detectionlint.org/library/spl-web-spring4shell-http-request-class-module-f19d3fb9 2026-04-25T16:23:49.845Z monthly 0.6 https://detectionlint.org/library/spl-web-remote-shellservlet-access-099b23d0 2026-04-25T16:23:49.571Z monthly 0.6 https://detectionlint.org/library/spl-web-jsp-request-via-url-4c76d8a2 2026-04-25T16:23:49.311Z monthly 0.6 https://detectionlint.org/library/spl-vmware-workspace-one-freemarker-server-side-template-injecti-bd7b8a2a 2026-04-25T16:23:49.050Z monthly 0.6 https://detectionlint.org/library/spl-vmware-server-side-template-injection-hunt-4398293e 2026-04-25T16:23:48.779Z monthly 0.6 https://detectionlint.org/library/spl-vmware-aria-operations-exploit-attempt-24156dac 2026-04-25T16:23:48.519Z monthly 0.6 https://detectionlint.org/library/spl-unusually-long-content-type-length-f7e5b737 2026-04-25T16:23:48.255Z monthly 0.6 https://detectionlint.org/library/spl-tomcat-session-file-upload-attempt-1f3ab908 2026-04-25T16:23:47.985Z monthly 0.6 https://detectionlint.org/library/spl-tomcat-session-deserialization-attempt-bfcec211 2026-04-25T16:23:47.717Z monthly 0.6 https://detectionlint.org/library/spl-supernova-webshell-098fde2d 2026-04-25T16:23:47.445Z monthly 0.6 https://detectionlint.org/library/spl-sql-injection-with-long-urls-d1d322d7 2026-04-25T16:23:47.177Z monthly 0.6 https://detectionlint.org/library/spl-spring4shell-payload-url-request-8b6a3005 2026-04-25T16:23:46.909Z monthly 0.6 https://detectionlint.org/library/spl-sap-netweaver-visual-composer-exploitation-attempt-71a0e574 2026-04-25T16:23:46.648Z monthly 0.6 https://detectionlint.org/library/spl-proxyshell-proxynotshell-behavior-detected-55aee1d8 2026-04-25T16:23:46.394Z monthly 0.6 https://detectionlint.org/library/spl-plain-http-post-exfiltrated-data-7c63327e 2026-04-25T16:23:46.122Z monthly 0.6 https://detectionlint.org/library/spl-papercut-ng-remote-web-access-attempt-646da8e4 2026-04-25T16:23:45.830Z monthly 0.6 https://detectionlint.org/library/spl-nginx-connectwise-screenconnect-authentication-bypass-5748f883 2026-04-25T16:23:45.556Z monthly 0.6 https://detectionlint.org/library/spl-multiple-archive-files-http-post-traffic-73db49da 2026-04-25T16:23:45.267Z monthly 0.6 https://detectionlint.org/library/spl-monitor-web-traffic-for-brand-abuse-c48c6fe9 2026-04-25T16:23:44.988Z monthly 0.6 https://detectionlint.org/library/spl-microsoft-sharepoint-server-elevation-of-privilege-d92a4a7c 2026-04-25T16:23:44.700Z monthly 0.6 https://detectionlint.org/library/spl-log4shell-jndi-payload-injection-with-outbound-connection-40b715c0 2026-04-25T16:23:44.428Z monthly 0.6 https://detectionlint.org/library/spl-log4shell-jndi-payload-injection-attempt-87138573 2026-04-25T16:23:44.161Z monthly 0.6 https://detectionlint.org/library/spl-juniper-networks-remote-code-execution-exploit-detection-df6c3394 2026-04-25T16:23:43.907Z monthly 0.6 https://detectionlint.org/library/spl-jetbrains-teamcity-rce-attempt-562c397e 2026-04-25T16:23:43.572Z monthly 0.6 https://detectionlint.org/library/spl-jetbrains-teamcity-limited-auth-bypass-suricata-cve-2024-271-a99f37d7 2026-04-25T16:23:43.315Z monthly 0.6 https://detectionlint.org/library/spl-jetbrains-teamcity-authentication-bypass-suricata-cve-2024-2-4eaea415 2026-04-25T16:23:43.050Z monthly 0.6 https://detectionlint.org/library/spl-jetbrains-teamcity-authentication-bypass-cve-2024-27198-fca4b574 2026-04-25T16:23:42.767Z monthly 0.6 https://detectionlint.org/library/spl-jenkins-arbitrary-file-read-cve-2024-23897-cb872a3d 2026-04-25T16:23:42.497Z monthly 0.6 https://detectionlint.org/library/spl-java-class-file-download-by-java-user-agent-6e1bac41 2026-04-25T16:23:42.226Z monthly 0.6 https://detectionlint.org/library/spl-ivanti-epmm-remote-unauthenticated-api-access-cve-2023-35082-d16de817 2026-04-25T16:23:41.958Z monthly 0.6 https://detectionlint.org/library/spl-ivanti-epmm-remote-unauthenticated-api-access-cve-2023-35078-bd3a16ee 2026-04-25T16:23:41.703Z monthly 0.6 https://detectionlint.org/library/spl-ivanti-epm-sql-injection-remote-code-execution-e0348794 2026-04-25T16:23:41.450Z monthly 0.6 https://detectionlint.org/library/spl-ivanti-connect-secure-system-information-access-via-auth-byp-93f2be53 2026-04-25T16:23:41.175Z monthly 0.6 https://detectionlint.org/library/spl-ivanti-connect-secure-ssrf-in-saml-component-b1a71d11 2026-04-25T16:23:40.905Z monthly 0.6 https://detectionlint.org/library/spl-ivanti-connect-secure-command-injection-attempts-693af5c5 2026-04-25T16:23:40.640Z monthly 0.6 https://detectionlint.org/library/spl-hunting-for-log4shell-a42ecf96 2026-04-25T16:23:40.377Z monthly 0.6 https://detectionlint.org/library/spl-http-scripting-tool-user-agent-cb0da45e 2026-04-25T16:23:40.109Z monthly 0.6 https://detectionlint.org/library/spl-http-request-to-reserved-name-on-iis-server-640bed8a 2026-04-25T16:23:39.832Z monthly 0.6 https://detectionlint.org/library/spl-http-rapid-post-with-mixed-status-codes-a6a5c5fa 2026-04-25T16:23:39.567Z monthly 0.6 https://detectionlint.org/library/spl-http-possible-request-smuggling-035e93b3 2026-04-25T16:23:39.301Z monthly 0.6 https://detectionlint.org/library/spl-http-duplicated-header-3840d2e9 2026-04-25T16:23:39.042Z monthly 0.6 https://detectionlint.org/library/spl-high-volume-of-bytes-out-to-url-9b95a183 2026-04-25T16:23:38.777Z monthly 0.6 https://detectionlint.org/library/spl-fortinet-appliance-auth-bypass-cd1c6adf 2026-04-25T16:23:38.499Z monthly 0.6 https://detectionlint.org/library/spl-f5-tmui-authentication-bypass-bc964b1b 2026-04-25T16:23:38.225Z monthly 0.6 https://detectionlint.org/library/spl-exploit-public-facing-fortinet-fortinac-cve-2022-39952-93bb1bbf 2026-04-25T16:23:37.966Z monthly 0.6 https://detectionlint.org/library/spl-exploit-public-facing-application-via-apache-commons-text-04c36a73 2026-04-25T16:23:37.701Z monthly 0.6 https://detectionlint.org/library/spl-detect-web-access-to-decommissioned-s3-bucket-c9c9564b 2026-04-25T16:23:37.431Z monthly 0.6 https://detectionlint.org/library/spl-detect-remote-access-software-usage-url-981dcb5a 2026-04-25T16:23:37.157Z monthly 0.6 https://detectionlint.org/library/spl-detect-malicious-requests-to-exploit-jboss-servers-a0514c1e 2026-04-25T16:23:36.896Z monthly 0.6 https://detectionlint.org/library/spl-detect-f5-tmui-rce-cve-2020-5902-e426d1eb 2026-04-25T16:23:36.629Z monthly 0.6 https://detectionlint.org/library/spl-detect-attackers-scanning-for-vulnerable-jboss-servers-4469ba0b 2026-04-25T16:23:36.372Z monthly 0.6 https://detectionlint.org/library/spl-crushftp-max-simultaneous-users-from-ip-4d6408bf 2026-04-25T16:23:36.079Z monthly 0.6 https://detectionlint.org/library/spl-crushftp-authentication-bypass-exploitation-68ddad83 2026-04-25T16:23:35.818Z monthly 0.6 https://detectionlint.org/library/spl-connectwise-screenconnect-authentication-bypass-d530df8e 2026-04-25T16:23:35.558Z monthly 0.6 https://detectionlint.org/library/spl-confluence-unauthenticated-remote-code-execution-cve-2022-26-5804fdfb 2026-04-25T16:23:35.294Z monthly 0.6 https://detectionlint.org/library/spl-confluence-pre-auth-rce-via-ognl-injection-cve-2023-22527-4d211192 2026-04-25T16:23:35.045Z monthly 0.6 https://detectionlint.org/library/spl-confluence-data-center-and-server-privilege-escalation-60dff18d 2026-04-25T16:23:34.759Z monthly 0.6 https://detectionlint.org/library/spl-confluence-cve-2023-22515-trigger-vulnerability-8ffe8ef3 2026-04-25T16:23:34.495Z monthly 0.6 https://detectionlint.org/library/spl-citrix-sharefile-exploitation-cve-2023-24489-072a5b2b 2026-04-25T16:23:34.217Z monthly 0.6 https://detectionlint.org/library/spl-citrix-adc-exploitation-cve-2023-3519-a7c0cd32 2026-04-25T16:23:33.967Z monthly 0.6 https://detectionlint.org/library/spl-citrix-adc-and-gateway-unauthorized-data-disclosure-65276453 2026-04-25T16:23:33.697Z monthly 0.6 https://detectionlint.org/library/spl-citrix-adc-and-gateway-citrixbleed-2-memory-disclosure-de559d86 2026-04-25T16:23:33.438Z monthly 0.6 https://detectionlint.org/library/spl-cisco-ios-xe-implant-access-eaa0e4e3 2026-04-25T16:23:33.165Z monthly 0.6 https://detectionlint.org/library/spl-adobe-coldfusion-unauthenticated-arbitrary-file-read-67e0d2fd 2026-04-25T16:23:32.894Z monthly 0.6 https://detectionlint.org/library/spl-adobe-coldfusion-access-control-bypass-397b6013 2026-04-25T16:23:32.627Z monthly 0.6 https://detectionlint.org/library/spl-access-to-vulnerable-ivanti-connect-secure-bookmark-endpoint-3f387a6d 2026-04-25T16:23:32.364Z monthly 0.6 https://detectionlint.org/library/spl-zoom-rare-video-devices-db35638f 2026-04-25T16:23:32.108Z monthly 0.6 https://detectionlint.org/library/spl-zoom-rare-input-devices-971fad5d 2026-04-25T16:23:31.837Z monthly 0.6 https://detectionlint.org/library/spl-zoom-rare-audio-devices-2f3a828d 2026-04-25T16:23:31.559Z monthly 0.6 https://detectionlint.org/library/spl-zoom-high-video-latency-edf7e731 2026-04-25T16:23:31.304Z monthly 0.6 https://detectionlint.org/library/spl-suspicious-java-classes-d0bd0601 2026-04-25T16:23:31.029Z monthly 0.6 https://detectionlint.org/library/spl-suspicious-email-attachment-extensions-e6b7ffc4 2026-04-25T16:23:30.764Z monthly 0.6 https://detectionlint.org/library/spl-splunk-appdynamics-secure-application-alerts-2deef738 2026-04-25T16:23:30.495Z monthly 0.6 https://detectionlint.org/library/spl-pingid-new-mfa-method-registered-for-user-dcc7192d 2026-04-25T16:23:30.230Z monthly 0.6 https://detectionlint.org/library/spl-pingid-new-mfa-method-after-credential-reset-a0bfc760 2026-04-25T16:23:29.974Z monthly 0.6 https://detectionlint.org/library/spl-pingid-multiple-failed-mfa-requests-for-user-6443caa0 2026-04-25T16:23:29.718Z monthly 0.6 https://detectionlint.org/library/spl-pingid-mismatch-auth-source-and-verification-response-a4d4f4b1 2026-04-25T16:23:29.456Z monthly 0.6 https://detectionlint.org/library/spl-ollama-suspicious-prompt-injection-jailbreak-e0ce37b0 2026-04-25T16:23:29.190Z monthly 0.6 https://detectionlint.org/library/spl-ollama-possible-rce-via-model-loading-dc8751ce 2026-04-25T16:23:28.936Z monthly 0.6 https://detectionlint.org/library/spl-ollama-possible-model-exfiltration-data-leakage-07c73ad7 2026-04-25T16:23:28.667Z monthly 0.6 https://detectionlint.org/library/spl-ollama-possible-memory-exhaustion-resource-abuse-d4c9d4da 2026-04-25T16:23:28.309Z monthly 0.6 https://detectionlint.org/library/spl-ollama-possible-api-endpoint-scan-reconnaissance-8b2d01c5 2026-04-25T16:23:28.048Z monthly 0.6 https://detectionlint.org/library/spl-ollama-excessive-api-requests-d1fbca08 2026-04-25T16:23:27.764Z monthly 0.6 https://detectionlint.org/library/spl-ollama-abnormal-service-crash-availability-attack-5d56c419 2026-04-25T16:23:27.497Z monthly 0.6 https://detectionlint.org/library/spl-ollama-abnormal-network-connectivity-7009121d 2026-04-25T16:23:27.222Z monthly 0.6 https://detectionlint.org/library/spl-okta-user-logins-from-multiple-cities-929a7017 2026-04-25T16:23:26.958Z monthly 0.6 https://detectionlint.org/library/spl-okta-unauthorized-access-to-application-378e2004 2026-04-25T16:23:26.690Z monthly 0.6 https://detectionlint.org/library/spl-okta-threatinsight-threat-detected-e215b296 2026-04-25T16:23:26.405Z monthly 0.6 https://detectionlint.org/library/spl-okta-suspicious-use-of-a-session-cookie-333019cb 2026-04-25T16:23:26.142Z monthly 0.6 https://detectionlint.org/library/spl-okta-suspicious-activity-reported-0b8c89f5 2026-04-25T16:23:25.858Z monthly 0.6 https://detectionlint.org/library/spl-okta-successful-single-factor-authentication-eac76d3e 2026-04-25T16:23:25.587Z monthly 0.6 https://detectionlint.org/library/spl-okta-risk-threshold-exceeded-79e5b574 2026-04-25T16:23:25.325Z monthly 0.6 https://detectionlint.org/library/spl-okta-phishing-detection-with-fastpass-origin-check-a27e15b7 2026-04-25T16:23:25.065Z monthly 0.6 https://detectionlint.org/library/spl-okta-new-device-enrolled-on-account-e39d9b8c 2026-04-25T16:23:24.797Z monthly 0.6 https://detectionlint.org/library/spl-okta-new-api-token-created-d9e486e4 2026-04-25T16:23:24.542Z monthly 0.6 https://detectionlint.org/library/spl-okta-multiple-users-failing-to-authenticate-from-ip-91186490 2026-04-25T16:23:24.283Z monthly 0.6 https://detectionlint.org/library/spl-okta-multiple-failed-requests-to-access-applications-5b094b21 2026-04-25T16:23:24.003Z monthly 0.6 https://detectionlint.org/library/spl-okta-multiple-failed-mfa-requests-for-user-e6da1e7b 2026-04-25T16:23:23.737Z monthly 0.6 https://detectionlint.org/library/spl-okta-multiple-accounts-locked-out-8c4af470 2026-04-25T16:23:23.434Z monthly 0.6 https://detectionlint.org/library/spl-okta-multi-factor-authentication-disabled-41a278e9 2026-04-25T16:23:23.181Z monthly 0.6 https://detectionlint.org/library/spl-okta-mismatch-between-source-and-response-for-verify-push-re-88399771 2026-04-25T16:23:22.916Z monthly 0.6 https://detectionlint.org/library/spl-okta-mfa-exhaustion-hunt-0f7996ea 2026-04-25T16:23:22.651Z monthly 0.6 https://detectionlint.org/library/spl-okta-idp-lifecycle-modifications-144c22a3 2026-04-25T16:23:22.391Z monthly 0.6 https://detectionlint.org/library/spl-okta-authentication-failed-during-mfa-challenge-cad2a142 2026-04-25T16:23:22.135Z monthly 0.6 https://detectionlint.org/library/spl-no-windows-updates-in-a-time-frame-6df52d92 2026-04-25T16:23:21.869Z monthly 0.6 https://detectionlint.org/library/spl-monitor-email-for-brand-abuse-6cc79050 2026-04-25T16:23:21.609Z monthly 0.6 https://detectionlint.org/library/spl-mcp-sensitive-system-file-search-f6f8ce96 2026-04-25T16:23:21.350Z monthly 0.6 https://detectionlint.org/library/spl-mcp-prompt-injection-a8eb2ffe 2026-04-25T16:23:21.089Z monthly 0.6 https://detectionlint.org/library/spl-mcp-postgres-suspicious-query-7f68431f 2026-04-25T16:23:20.836Z monthly 0.6 https://detectionlint.org/library/spl-mcp-github-suspicious-operation-a7a503d1 2026-04-25T16:23:20.576Z monthly 0.6 https://detectionlint.org/library/spl-mcp-filesystem-server-suspicious-extension-write-0dd82a4e 2026-04-25T16:23:20.323Z monthly 0.6 https://detectionlint.org/library/spl-m365-copilot-session-origin-anomalies-0be29754 2026-04-25T16:23:20.050Z monthly 0.6 https://detectionlint.org/library/spl-m365-copilot-non-compliant-devices-accessing-m365-copilot-e47e5166 2026-04-25T16:23:19.786Z monthly 0.6 https://detectionlint.org/library/spl-m365-copilot-jailbreak-attempts-2f1d6e58 2026-04-25T16:23:19.529Z monthly 0.6 https://detectionlint.org/library/spl-m365-copilot-information-extraction-jailbreak-attack-22ba693d 2026-04-25T16:23:19.239Z monthly 0.6 https://detectionlint.org/library/spl-m365-copilot-impersonation-jailbreak-attack-682266c2 2026-04-25T16:23:18.980Z monthly 0.6 https://detectionlint.org/library/spl-m365-copilot-failed-authentication-patterns-4c8a5075 2026-04-25T16:23:18.717Z monthly 0.6 https://detectionlint.org/library/spl-m365-copilot-application-usage-pattern-anomalies-e4365ad3 2026-04-25T16:23:18.455Z monthly 0.6 https://detectionlint.org/library/spl-m365-copilot-agentic-jailbreak-attack-d9813d67 2026-04-25T16:23:18.197Z monthly 0.6 https://detectionlint.org/library/spl-ivanti-vtm-new-account-creation-e913d1dc 2026-04-25T16:23:17.935Z monthly 0.6 https://detectionlint.org/library/spl-esxi-vm-exported-via-remote-tool-c821eccf 2026-04-25T16:23:17.678Z monthly 0.6 https://detectionlint.org/library/spl-esxi-vm-discovery-7840e70d 2026-04-25T16:23:17.425Z monthly 0.6 https://detectionlint.org/library/spl-esxi-vib-acceptance-level-tampering-0742b45b 2026-04-25T16:23:17.159Z monthly 0.6 https://detectionlint.org/library/spl-esxi-user-granted-admin-role-5aaa6175 2026-04-25T16:23:16.901Z monthly 0.6 https://detectionlint.org/library/spl-esxi-system-information-discovery-516fa76b 2026-04-25T16:23:16.633Z monthly 0.6 https://detectionlint.org/library/spl-esxi-system-clock-manipulation-58588151 2026-04-25T16:23:16.371Z monthly 0.6 https://detectionlint.org/library/spl-esxi-syslog-config-change-ed4f9ff6 2026-04-25T16:23:16.119Z monthly 0.6 https://detectionlint.org/library/spl-esxi-ssh-enabled-77056640 2026-04-25T16:23:15.864Z monthly 0.6 https://detectionlint.org/library/spl-esxi-ssh-brute-force-7d4d9fb2 2026-04-25T16:23:15.573Z monthly 0.6 https://detectionlint.org/library/spl-esxi-shell-access-enabled-51064240 2026-04-25T16:23:15.308Z monthly 0.6 https://detectionlint.org/library/spl-esxi-shared-or-stolen-root-account-f0a55128 2026-04-25T16:23:15.039Z monthly 0.6 https://detectionlint.org/library/spl-esxi-sensitive-files-accessed-dedd7aa6 2026-04-25T16:23:14.766Z monthly 0.6 https://detectionlint.org/library/spl-esxi-reverse-shell-patterns-6d11540f 2026-04-25T16:23:14.484Z monthly 0.6 https://detectionlint.org/library/spl-esxi-malicious-vib-forced-install-d0706490 2026-04-25T16:23:14.225Z monthly 0.6 https://detectionlint.org/library/spl-esxi-loghost-config-tampering-cb05e4f2 2026-04-25T16:23:13.962Z monthly 0.6 https://detectionlint.org/library/spl-esxi-lockdown-mode-disabled-908a244e 2026-04-25T16:23:13.674Z monthly 0.6 https://detectionlint.org/library/spl-esxi-firewall-disabled-46243598 2026-04-25T16:23:13.411Z monthly 0.6 https://detectionlint.org/library/spl-esxi-external-root-login-activity-6ccf167f 2026-04-25T16:23:13.067Z monthly 0.6 https://detectionlint.org/library/spl-esxi-encryption-settings-modified-be8ea4c5 2026-04-25T16:23:12.800Z monthly 0.6 https://detectionlint.org/library/spl-esxi-download-errors-f81f7726 2026-04-25T16:23:12.553Z monthly 0.6 https://detectionlint.org/library/spl-esxi-bulk-vm-termination-40c570aa 2026-04-25T16:23:12.288Z monthly 0.6 https://detectionlint.org/library/spl-esxi-audit-tampering-a6a4c2c1 2026-04-25T16:23:12.027Z monthly 0.6 https://detectionlint.org/library/spl-esxi-account-modified-b931f87a 2026-04-25T16:23:11.759Z monthly 0.6 https://detectionlint.org/library/spl-email-servers-sending-high-volume-traffic-to-hosts-5df8988f 2026-04-25T16:23:11.495Z monthly 0.6 https://detectionlint.org/library/spl-email-files-written-outside-of-the-outlook-directory-65fb1452 2026-04-25T16:23:11.239Z monthly 0.6 https://detectionlint.org/library/spl-email-attachments-with-lots-of-spaces-341a6b64 2026-04-25T16:23:10.972Z monthly 0.6 https://detectionlint.org/library/spl-detect-password-spray-attempts-90a45d6e 2026-04-25T16:23:10.688Z monthly 0.6 https://detectionlint.org/library/spl-detect-new-login-attempts-to-routers-95a5f29f 2026-04-25T16:23:10.422Z monthly 0.6 https://detectionlint.org/library/spl-detect-html-help-spawn-child-process-29e70239 2026-04-25T16:23:10.162Z monthly 0.6 https://detectionlint.org/library/spl-detect-distributed-password-spray-attempts-d712d2fe 2026-04-25T16:23:09.903Z monthly 0.6 https://detectionlint.org/library/spl-crushftp-server-side-template-injection-79e91f6f 2026-04-25T16:23:09.641Z monthly 0.6 https://detectionlint.org/library/spl-cisco-duo-set-user-status-to-bypass-2fa-7e259dc0 2026-04-25T16:23:09.376Z monthly 0.6 https://detectionlint.org/library/spl-cisco-duo-policy-skip-2fa-for-other-countries-909491e3 2026-04-25T16:23:09.109Z monthly 0.6 https://detectionlint.org/library/spl-cisco-duo-policy-deny-access-da35c171 2026-04-25T16:23:08.854Z monthly 0.6 https://detectionlint.org/library/spl-cisco-duo-policy-bypass-2fa-f1d848bb 2026-04-25T16:23:08.574Z monthly 0.6 https://detectionlint.org/library/spl-cisco-duo-policy-allow-tampered-devices-3224059a 2026-04-25T16:23:08.320Z monthly 0.6 https://detectionlint.org/library/spl-cisco-duo-policy-allow-old-java-7981a566 2026-04-25T16:23:08.059Z monthly 0.6 https://detectionlint.org/library/spl-cisco-duo-policy-allow-old-flash-eb65c3b7 2026-04-25T16:23:07.805Z monthly 0.6 https://detectionlint.org/library/spl-cisco-duo-policy-allow-network-bypass-2fa-86de6f09 2026-04-25T16:23:07.549Z monthly 0.6 https://detectionlint.org/library/spl-cisco-duo-policy-allow-devices-without-screen-lock-633d1a31 2026-04-25T16:23:07.275Z monthly 0.6 https://detectionlint.org/library/spl-cisco-duo-bypass-code-generation-0b8d0acb 2026-04-25T16:23:07.007Z monthly 0.6 https://detectionlint.org/library/spl-cisco-duo-bulk-policy-deletion-3b39c5d6 2026-04-25T16:23:06.752Z monthly 0.6 https://detectionlint.org/library/spl-cisco-duo-admin-login-unusual-os-8e05bb01 2026-04-25T16:23:06.492Z monthly 0.6 https://detectionlint.org/library/spl-cisco-duo-admin-login-unusual-country-561d4ba7 2026-04-25T16:23:06.220Z monthly 0.6 https://detectionlint.org/library/spl-cisco-duo-admin-login-unusual-browser-aed6d4d7 2026-04-25T16:23:05.940Z monthly 0.6 https://detectionlint.org/library/spl-cisco-asa---user-privilege-level-change-5f7d41c6 2026-04-25T16:23:05.623Z monthly 0.6 https://detectionlint.org/library/spl-cisco-asa---user-account-lockout-threshold-exceeded-9195e056 2026-04-25T16:23:05.360Z monthly 0.6 https://detectionlint.org/library/spl-cisco-asa---user-account-deleted-from-local-database-2f753adf 2026-04-25T16:23:05.096Z monthly 0.6 https://detectionlint.org/library/spl-cisco-asa---reconnaissance-command-activity-e283e43e 2026-04-25T16:23:04.835Z monthly 0.6 https://detectionlint.org/library/spl-cisco-asa---packet-capture-activity-cfa97f66 2026-04-25T16:23:04.565Z monthly 0.6 https://detectionlint.org/library/spl-cisco-asa---new-local-user-account-created-77a71efc 2026-04-25T16:23:04.297Z monthly 0.6 https://detectionlint.org/library/spl-cisco-asa---logging-message-suppression-ff2d484e 2026-04-25T16:23:04.032Z monthly 0.6 https://detectionlint.org/library/spl-cisco-asa---logging-filters-configuration-tampering-754b82c8 2026-04-25T16:23:03.759Z monthly 0.6 https://detectionlint.org/library/spl-cisco-asa---logging-disabled-via-cli-098429d1 2026-04-25T16:23:03.489Z monthly 0.6 https://detectionlint.org/library/spl-cisco-asa---device-file-copy-to-remote-location-cbb73ba6 2026-04-25T16:23:03.217Z monthly 0.6 https://detectionlint.org/library/spl-cisco-asa---device-file-copy-activity-c54b4390 2026-04-25T16:23:02.942Z monthly 0.6 https://detectionlint.org/library/spl-cisco-asa---core-syslog-message-volume-drop-9cda4a7c 2026-04-25T16:23:02.677Z monthly 0.6 https://detectionlint.org/library/spl-cisco-asa---aaa-policy-tampering-f8966df4 2026-04-25T16:23:02.407Z monthly 0.6 https://detectionlint.org/library/spl-cisco-ai-defense-security-alerts-by-application-name-7b54a026 2026-04-25T16:23:02.141Z monthly 0.6 https://detectionlint.org/library/spl-risk-rule-for-dev-sec-ops-by-repository-5d41fe3a 2026-04-25T16:23:01.864Z monthly 0.6 https://detectionlint.org/library/spl-okta-non-standard-vpn-usage-b25944c3 2026-04-25T16:23:01.595Z monthly 0.6 https://detectionlint.org/library/spl-o365-zap-activity-detection-e20d5d39 2026-04-25T16:23:01.337Z monthly 0.6 https://detectionlint.org/library/spl-o365-user-consent-denied-for-oauth-application-c3b0a2f4 2026-04-25T16:23:01.074Z monthly 0.6 https://detectionlint.org/library/spl-o365-user-consent-blocked-for-risky-application-75ae78d8 2026-04-25T16:23:00.806Z monthly 0.6 https://detectionlint.org/library/spl-o365-threat-intelligence-suspicious-file-detected-3fc34fb5 2026-04-25T16:23:00.550Z monthly 0.6 https://detectionlint.org/library/spl-o365-threat-intelligence-suspicious-email-delivered-90842925 2026-04-25T16:23:00.259Z monthly 0.6 https://detectionlint.org/library/spl-o365-tenant-wide-admin-consent-granted-317f9500 2026-04-25T16:22:59.997Z monthly 0.6 https://detectionlint.org/library/spl-o365-sharepoint-suspicious-search-behavior-81a31177 2026-04-25T16:22:59.706Z monthly 0.6 https://detectionlint.org/library/spl-o365-sharepoint-malware-detection-72b94d0b 2026-04-25T16:22:59.441Z monthly 0.6 https://detectionlint.org/library/spl-o365-sharepoint-allowed-domains-policy-changed-bbd2a01f 2026-04-25T16:22:59.175Z monthly 0.6 https://detectionlint.org/library/spl-o365-service-principal-privilege-escalation-076c68b0 2026-04-25T16:22:58.885Z monthly 0.6 https://detectionlint.org/library/spl-o365-service-principal-new-client-credentials-688b488e 2026-04-25T16:22:58.628Z monthly 0.6 https://detectionlint.org/library/spl-o365-security-and-compliance-alert-triggered-179b47e8 2026-04-25T16:22:58.362Z monthly 0.6 https://detectionlint.org/library/spl-o365-safe-links-detection-cbbe87a6 2026-04-25T16:22:58.009Z monthly 0.6 https://detectionlint.org/library/spl-o365-pst-export-alert-e5458ee9 2026-04-25T16:22:57.747Z monthly 0.6 https://detectionlint.org/library/spl-o365-privileged-role-assigned-to-service-principal-0af646f0 2026-04-25T16:22:57.484Z monthly 0.6 https://detectionlint.org/library/spl-o365-privileged-role-assigned-2e8d8186 2026-04-25T16:22:57.182Z monthly 0.6 https://detectionlint.org/library/spl-o365-privileged-graph-api-permission-assigned-88ca26f8 2026-04-25T16:22:56.878Z monthly 0.6 https://detectionlint.org/library/spl-o365-oauth-app-mailbox-access-via-graph-api-fa56bc7d 2026-04-25T16:22:56.604Z monthly 0.6 https://detectionlint.org/library/spl-o365-oauth-app-mailbox-access-via-ews-8a42975a 2026-04-25T16:22:56.320Z monthly 0.6 https://detectionlint.org/library/spl-o365-new-mfa-method-registered-aa39c850 2026-04-25T16:22:56.065Z monthly 0.6 https://detectionlint.org/library/spl-o365-new-forwarding-mailflow-rule-created-a2966e4f 2026-04-25T16:22:55.808Z monthly 0.6 https://detectionlint.org/library/spl-o365-new-federated-domain-added-629450e5 2026-04-25T16:22:55.529Z monthly 0.6 https://detectionlint.org/library/spl-o365-new-email-forwarding-rule-enabled-9fbabae7 2026-04-25T16:22:55.264Z monthly 0.6 https://detectionlint.org/library/spl-o365-new-email-forwarding-rule-created-6efa78c1 2026-04-25T16:22:55.001Z monthly 0.6 https://detectionlint.org/library/spl-o365-multiple-users-failing-to-authenticate-from-ip-c5533567 2026-04-25T16:22:54.737Z monthly 0.6 https://detectionlint.org/library/spl-o365-multiple-service-principals-created-by-user-a07f877f 2026-04-25T16:22:54.463Z monthly 0.6 https://detectionlint.org/library/spl-o365-multiple-service-principals-created-by-sp-59abf0e6 2026-04-25T16:22:54.204Z monthly 0.6 https://detectionlint.org/library/spl-o365-multiple-os-vendors-authenticating-from-user-10eba4d7 2026-04-25T16:22:53.927Z monthly 0.6 https://detectionlint.org/library/spl-o365-multiple-mailboxes-accessed-via-api-624f8aa8 2026-04-25T16:22:53.655Z monthly 0.6 https://detectionlint.org/library/spl-o365-multiple-failed-mfa-requests-for-user-9fb2ca21 2026-04-25T16:22:53.365Z monthly 0.6 https://detectionlint.org/library/spl-o365-multiple-appids-and-useragents-authentication-spike-d9766aa4 2026-04-25T16:22:53.105Z monthly 0.6 https://detectionlint.org/library/spl-o365-multi-source-failed-authentications-spike-7f8dd473 2026-04-25T16:22:52.835Z monthly 0.6 https://detectionlint.org/library/spl-o365-mailbox-read-access-granted-to-application-a780ae6c 2026-04-25T16:22:52.582Z monthly 0.6 https://detectionlint.org/library/spl-o365-mailbox-inbox-folder-shared-with-all-users-75464c5a 2026-04-25T16:22:52.306Z monthly 0.6 https://detectionlint.org/library/spl-o365-mailbox-folder-read-permission-granted-a86d53d0 2026-04-25T16:22:52.050Z monthly 0.6 https://detectionlint.org/library/spl-o365-mailbox-folder-read-permission-assigned-23e64164 2026-04-25T16:22:51.784Z monthly 0.6 https://detectionlint.org/library/spl-o365-mailbox-email-forwarding-enabled-6f566c02 2026-04-25T16:22:51.525Z monthly 0.6 https://detectionlint.org/library/spl-o365-mail-permissioned-application-consent-granted-by-user-a2bec3d0 2026-04-25T16:22:51.245Z monthly 0.6 https://detectionlint.org/library/spl-o365-high-privilege-role-granted-4c203f94 2026-04-25T16:22:50.979Z monthly 0.6 https://detectionlint.org/library/spl-o365-high-number-of-failed-authentications-for-user-e66e7ae5 2026-04-25T16:22:50.705Z monthly 0.6 https://detectionlint.org/library/spl-o365-fullaccessasapp-permission-assigned-3102b8d0 2026-04-25T16:22:50.449Z monthly 0.6 https://detectionlint.org/library/spl-o365-file-permissioned-application-consent-granted-by-user-f3711902 2026-04-25T16:22:50.187Z monthly 0.6 https://detectionlint.org/library/spl-o365-external-identity-policy-changed-2caf200d 2026-04-25T16:22:49.924Z monthly 0.6 https://detectionlint.org/library/spl-o365-external-guest-user-invited-f3427568 2026-04-25T16:22:49.666Z monthly 0.6 https://detectionlint.org/library/spl-o365-exfiltration-via-file-sync-download-a209b4e8 2026-04-25T16:22:49.401Z monthly 0.6 https://detectionlint.org/library/spl-o365-exfiltration-via-file-download-9cb1ce8f 2026-04-25T16:22:49.131Z monthly 0.6 https://detectionlint.org/library/spl-o365-exfiltration-via-file-access-500303e2 2026-04-25T16:22:48.874Z monthly 0.6 https://detectionlint.org/library/spl-o365-excessive-sso-logon-errors-7fd53b29 2026-04-25T16:22:48.594Z monthly 0.6 https://detectionlint.org/library/spl-o365-excessive-authentication-failures-alert-62d05fb7 2026-04-25T16:22:48.340Z monthly 0.6 https://detectionlint.org/library/spl-o365-email-transport-rule-changed-60446e59 2026-04-25T16:22:48.078Z monthly 0.6 https://detectionlint.org/library/spl-o365-email-suspicious-search-behavior-9668ff3a 2026-04-25T16:22:47.809Z monthly 0.6 https://detectionlint.org/library/spl-o365-email-suspicious-behavior-alert-40b491f4 2026-04-25T16:22:47.553Z monthly 0.6 https://detectionlint.org/library/spl-o365-email-send-attachments-excessive-volume-fbdcb72c 2026-04-25T16:22:47.280Z monthly 0.6 https://detectionlint.org/library/spl-o365-email-send-and-hard-delete-suspicious-behavior-3141137a 2026-04-25T16:22:47.020Z monthly 0.6 https://detectionlint.org/library/spl-o365-email-send-and-hard-delete-exfiltration-behavior-e039773d 2026-04-25T16:22:46.756Z monthly 0.6 https://detectionlint.org/library/spl-o365-email-security-feature-changed-30a6fc4a 2026-04-25T16:22:46.485Z monthly 0.6 https://detectionlint.org/library/spl-o365-email-reported-by-user-found-malicious-53809616 2026-04-25T16:22:46.221Z monthly 0.6 https://detectionlint.org/library/spl-o365-email-reported-by-admin-found-malicious-4c7498d6 2026-04-25T16:22:45.962Z monthly 0.6 https://detectionlint.org/library/spl-o365-email-receive-and-hard-delete-takeover-behavior-7e925037 2026-04-25T16:22:45.706Z monthly 0.6 https://detectionlint.org/library/spl-o365-email-password-and-payroll-compromise-behavior-d8cb2671 2026-04-25T16:22:45.438Z monthly 0.6 https://detectionlint.org/library/spl-o365-email-new-inbox-rule-created-b445c5b4 2026-04-25T16:22:45.159Z monthly 0.6 https://detectionlint.org/library/spl-o365-email-hard-delete-excessive-volume-2d6aef5b 2026-04-25T16:22:44.888Z monthly 0.6 https://detectionlint.org/library/spl-o365-email-access-by-security-administrator-04a0b49a 2026-04-25T16:22:44.624Z monthly 0.6 https://detectionlint.org/library/spl-o365-elevated-mailbox-permission-assigned-90c649e8 2026-04-25T16:22:44.349Z monthly 0.6 https://detectionlint.org/library/spl-o365-dlp-rule-triggered-e7e64e59 2026-04-25T16:22:44.083Z monthly 0.6 https://detectionlint.org/library/spl-o365-disable-mfa-20436a54 2026-04-25T16:22:43.813Z monthly 0.6 https://detectionlint.org/library/spl-o365-cross-tenant-access-change-64603557 2026-04-25T16:22:43.549Z monthly 0.6 https://detectionlint.org/library/spl-o365-concurrent-sessions-from-different-ips-39710532 2026-04-25T16:22:43.288Z monthly 0.6 https://detectionlint.org/library/spl-o365-compliance-content-search-started-46370677 2026-04-25T16:22:43.011Z monthly 0.6 https://detectionlint.org/library/spl-o365-compliance-content-search-exported-9928f9c2 2026-04-25T16:22:42.661Z monthly 0.6 https://detectionlint.org/library/spl-o365-bypass-mfa-via-trusted-ip-6c62671a 2026-04-25T16:22:42.398Z monthly 0.6 https://detectionlint.org/library/spl-o365-block-user-consent-for-risky-apps-disabled-36870198 2026-04-25T16:22:42.110Z monthly 0.6 https://detectionlint.org/library/spl-o365-bec-email-hiding-rule-created-ba4eca39 2026-04-25T16:22:41.827Z monthly 0.6 https://detectionlint.org/library/spl-o365-applicationimpersonation-role-assigned-515e80c1 2026-04-25T16:22:41.566Z monthly 0.6 https://detectionlint.org/library/spl-o365-application-registration-owner-added-98fdfd66 2026-04-25T16:22:41.311Z monthly 0.6 https://detectionlint.org/library/spl-o365-application-available-to-other-tenants-a15fe726 2026-04-25T16:22:41.042Z monthly 0.6 https://detectionlint.org/library/spl-o365-advanced-audit-disabled-a510ed82 2026-04-25T16:22:40.787Z monthly 0.6 https://detectionlint.org/library/spl-o365-admin-consent-bypassed-by-service-principal-2e256e07 2026-04-25T16:22:40.525Z monthly 0.6 https://detectionlint.org/library/spl-o365-added-service-principal-5a2f303e 2026-04-25T16:22:40.265Z monthly 0.6 https://detectionlint.org/library/spl-o365-add-app-role-assignment-grant-user-0a6d99a1 2026-04-25T16:22:39.995Z monthly 0.6 https://detectionlint.org/library/spl-microsoft-intune-mobile-apps-3c4804d4 2026-04-25T16:22:39.730Z monthly 0.6 https://detectionlint.org/library/spl-microsoft-intune-manual-device-management-ac36f976 2026-04-25T16:22:39.457Z monthly 0.6 https://detectionlint.org/library/spl-microsoft-intune-devicemanagementconfigurationpolicies-31a9c583 2026-04-25T16:22:39.184Z monthly 0.6 https://detectionlint.org/library/spl-microsoft-intune-device-health-scripts-e1fed3d3 2026-04-25T16:22:38.925Z monthly 0.6 https://detectionlint.org/library/spl-microsoft-intune-bulk-wipe-f8b09d1d 2026-04-25T16:22:38.647Z monthly 0.6 https://detectionlint.org/library/spl-kubernetes-unauthorized-access-12388a25 2026-04-25T16:22:38.370Z monthly 0.6 https://detectionlint.org/library/spl-kubernetes-suspicious-image-pulling-0b28d470 2026-04-25T16:22:38.095Z monthly 0.6 https://detectionlint.org/library/spl-kubernetes-shell-running-on-worker-node-with-cpu-activity-3665e397 2026-04-25T16:22:37.806Z monthly 0.6 https://detectionlint.org/library/spl-kubernetes-shell-running-on-worker-node-aeadc6d7 2026-04-25T16:22:37.545Z monthly 0.6 https://detectionlint.org/library/spl-kubernetes-scanning-by-unauthenticated-ip-address-a0cc818b 2026-04-25T16:22:37.280Z monthly 0.6 https://detectionlint.org/library/spl-kubernetes-scanner-image-pulling-9c3413d3 2026-04-25T16:22:37.023Z monthly 0.6 https://detectionlint.org/library/spl-kubernetes-process-with-resource-ratio-anomalies-091bd32e 2026-04-25T16:22:36.758Z monthly 0.6 https://detectionlint.org/library/spl-kubernetes-process-with-anomalous-resource-utilisation-ace00a53 2026-04-25T16:22:36.496Z monthly 0.6 https://detectionlint.org/library/spl-kubernetes-process-running-from-new-path-3b4ca961 2026-04-25T16:22:36.208Z monthly 0.6 https://detectionlint.org/library/spl-kubernetes-previously-unseen-process-fd382d32 2026-04-25T16:22:35.954Z monthly 0.6 https://detectionlint.org/library/spl-kubernetes-previously-unseen-container-image-name-5dbe77f6 2026-04-25T16:22:35.683Z monthly 0.6 https://detectionlint.org/library/spl-kubernetes-pod-with-host-network-attachment-0372b1fb 2026-04-25T16:22:35.414Z monthly 0.6 https://detectionlint.org/library/spl-kubernetes-pod-created-in-default-namespace-a23aeda8 2026-04-25T16:22:35.152Z monthly 0.6 https://detectionlint.org/library/spl-kubernetes-node-port-creation-49aec782 2026-04-25T16:22:34.890Z monthly 0.6 https://detectionlint.org/library/spl-kubernetes-nginx-ingress-rfi-d60c3ccf 2026-04-25T16:22:34.615Z monthly 0.6 https://detectionlint.org/library/spl-kubernetes-nginx-ingress-lfi-9919c93d 2026-04-25T16:22:34.347Z monthly 0.6 https://detectionlint.org/library/spl-kubernetes-newly-seen-udp-edge-277e1f9a 2026-04-25T16:22:34.071Z monthly 0.6 https://detectionlint.org/library/spl-kubernetes-newly-seen-tcp-edge-fc2d12fd 2026-04-25T16:22:33.802Z monthly 0.6 https://detectionlint.org/library/spl-kubernetes-falco-shell-spawned-f5f2dc2e 2026-04-25T16:22:33.522Z monthly 0.6 https://detectionlint.org/library/spl-kubernetes-daemonset-deployed-f662a91d 2026-04-25T16:22:33.265Z monthly 0.6 https://detectionlint.org/library/spl-kubernetes-cron-job-creation-4d5cfc89 2026-04-25T16:22:32.999Z monthly 0.6 https://detectionlint.org/library/spl-kubernetes-create-or-update-privileged-pod-8b871269 2026-04-25T16:22:32.726Z monthly 0.6 https://detectionlint.org/library/spl-kubernetes-aws-detect-suspicious-kubectl-calls-5ef609ee 2026-04-25T16:22:32.461Z monthly 0.6 https://detectionlint.org/library/spl-kubernetes-anomalous-traffic-on-network-edge-6a454c67 2026-04-25T16:22:32.191Z monthly 0.6 https://detectionlint.org/library/spl-kubernetes-anomalous-outbound-network-activity-from-process-f83693a9 2026-04-25T16:22:31.916Z monthly 0.6 https://detectionlint.org/library/spl-kubernetes-anomalous-inbound-to-outbound-network-io-ratio-95c82dae 2026-04-25T16:22:31.643Z monthly 0.6 https://detectionlint.org/library/spl-kubernetes-anomalous-inbound-outbound-network-io-fa06db0e 2026-04-25T16:22:31.360Z monthly 0.6 https://detectionlint.org/library/spl-kubernetes-anomalous-inbound-network-activity-from-process-5d60af6e 2026-04-25T16:22:31.087Z monthly 0.6 https://detectionlint.org/library/spl-kubernetes-access-scanning-fd6027ad 2026-04-25T16:22:30.808Z monthly 0.6 https://detectionlint.org/library/spl-kubernetes-abuse-of-secret-by-unusual-user-name-ef414412 2026-04-25T16:22:30.545Z monthly 0.6 https://detectionlint.org/library/spl-kubernetes-abuse-of-secret-by-unusual-user-group-d14ef68d 2026-04-25T16:22:30.277Z monthly 0.6 https://detectionlint.org/library/spl-kubernetes-abuse-of-secret-by-unusual-user-agent-22e3087e 2026-04-25T16:22:30.014Z monthly 0.6 https://detectionlint.org/library/spl-kubernetes-abuse-of-secret-by-unusual-location-3ed69ed2 2026-04-25T16:22:29.747Z monthly 0.6 https://detectionlint.org/library/spl-high-number-of-login-failures-from-a-single-source-27dc79cf 2026-04-25T16:22:29.486Z monthly 0.6 https://detectionlint.org/library/spl-gsuite-suspicious-shared-file-name-8675f28f 2026-04-25T16:22:29.221Z monthly 0.6 https://detectionlint.org/library/spl-gsuite-suspicious-calendar-invite-72bd7c85 2026-04-25T16:22:28.957Z monthly 0.6 https://detectionlint.org/library/spl-gsuite-outbound-email-with-attachment-to-external-domain-07d820b1 2026-04-25T16:22:28.670Z monthly 0.6 https://detectionlint.org/library/spl-gsuite-email-with-known-abuse-web-service-link-2bba0ca0 2026-04-25T16:22:28.402Z monthly 0.6 https://detectionlint.org/library/spl-gsuite-email-suspicious-subject-with-attachment-629f1d85 2026-04-25T16:22:28.118Z monthly 0.6 https://detectionlint.org/library/spl-gsuite-email-suspicious-attachment-12112db1 2026-04-25T16:22:27.853Z monthly 0.6 https://detectionlint.org/library/spl-gsuite-drive-share-in-external-email-cc965dbb 2026-04-25T16:22:27.484Z monthly 0.6 https://detectionlint.org/library/spl-github-organizations-repository-deleted-f3d741d5 2026-04-25T16:22:27.202Z monthly 0.6 https://detectionlint.org/library/spl-github-organizations-repository-archived-487dac5a 2026-04-25T16:22:26.924Z monthly 0.6 https://detectionlint.org/library/spl-github-organizations-disable-dependabot-77d6b0f8 2026-04-25T16:22:26.632Z monthly 0.6 https://detectionlint.org/library/spl-github-organizations-disable-classic-branch-protection-rule-753ec180 2026-04-25T16:22:26.346Z monthly 0.6 https://detectionlint.org/library/spl-github-organizations-disable-2fa-requirement-62f2528b 2026-04-25T16:22:26.074Z monthly 0.6 https://detectionlint.org/library/spl-github-organizations-delete-branch-ruleset-de3eb294 2026-04-25T16:22:25.804Z monthly 0.6 https://detectionlint.org/library/spl-github-enterprise-repository-deleted-908843af 2026-04-25T16:22:25.535Z monthly 0.6 https://detectionlint.org/library/spl-github-enterprise-repository-archived-268247f1 2026-04-25T16:22:25.264Z monthly 0.6 https://detectionlint.org/library/spl-github-enterprise-remove-organization-b3ca25df 2026-04-25T16:22:24.985Z monthly 0.6 https://detectionlint.org/library/spl-github-enterprise-register-self-hosted-runner-64193b68 2026-04-25T16:22:24.722Z monthly 0.6 https://detectionlint.org/library/spl-github-enterprise-pause-audit-log-event-stream-a0fa0f5a 2026-04-25T16:22:24.438Z monthly 0.6 https://detectionlint.org/library/spl-github-enterprise-modify-audit-log-event-stream-bafc8810 2026-04-25T16:22:24.165Z monthly 0.6 https://detectionlint.org/library/spl-github-enterprise-disable-ip-allow-list-25d5fa1f 2026-04-25T16:22:23.890Z monthly 0.6 https://detectionlint.org/library/spl-github-enterprise-disable-dependabot-bd831113 2026-04-25T16:22:23.603Z monthly 0.6 https://detectionlint.org/library/spl-github-enterprise-disable-classic-branch-protection-rule-bf713934 2026-04-25T16:22:23.331Z monthly 0.6 https://detectionlint.org/library/spl-github-enterprise-disable-audit-log-event-stream-e397a2bb 2026-04-25T16:22:23.057Z monthly 0.6 https://detectionlint.org/library/spl-github-enterprise-disable-2fa-requirement-87fe8c23 2026-04-25T16:22:22.786Z monthly 0.6 https://detectionlint.org/library/spl-github-enterprise-delete-branch-ruleset-d0d762ea 2026-04-25T16:22:22.502Z monthly 0.6 https://detectionlint.org/library/spl-geographic-improbable-location-ffedca2b 2026-04-25T16:22:22.232Z monthly 0.6 https://detectionlint.org/library/spl-gdrive-suspicious-file-sharing-20755b83 2026-04-25T16:22:21.955Z monthly 0.6 https://detectionlint.org/library/spl-gcp-unusual-number-of-failed-authentications-from-ip-574963de 2026-04-25T16:22:21.676Z monthly 0.6 https://detectionlint.org/library/spl-gcp-successful-single-factor-authentication-ab220d01 2026-04-25T16:22:21.394Z monthly 0.6 https://detectionlint.org/library/spl-gcp-multiple-users-failing-to-authenticate-from-ip-6c8d0efa 2026-04-25T16:22:21.128Z monthly 0.6 https://detectionlint.org/library/spl-gcp-multiple-failed-mfa-requests-for-user-3d2bac18 2026-04-25T16:22:20.871Z monthly 0.6 https://detectionlint.org/library/spl-gcp-multi-factor-authentication-disabled-a152ed7e 2026-04-25T16:22:20.608Z monthly 0.6 https://detectionlint.org/library/spl-gcp-kubernetes-cluster-pod-scan-detection-7f499f66 2026-04-25T16:22:20.333Z monthly 0.6 https://detectionlint.org/library/spl-gcp-detect-gcploit-framework-7b725afb 2026-04-25T16:22:20.043Z monthly 0.6 https://detectionlint.org/library/spl-gcp-authentication-failed-during-mfa-challenge-b77bcf76 2026-04-25T16:22:19.777Z monthly 0.6 https://detectionlint.org/library/spl-detect-spike-in-s3-bucket-deletion-864f980c 2026-04-25T16:22:19.515Z monthly 0.6 https://detectionlint.org/library/spl-detect-spike-in-blocked-outbound-traffic-from-your-aws-03ce3e00 2026-04-25T16:22:19.250Z monthly 0.6 https://detectionlint.org/library/spl-detect-spike-in-aws-security-hub-alerts-for-user-2a125b5c 2026-04-25T16:22:18.985Z monthly 0.6 https://detectionlint.org/library/spl-detect-spike-in-aws-security-hub-alerts-for-ec2-instance-3beee454 2026-04-25T16:22:18.688Z monthly 0.6 https://detectionlint.org/library/spl-detect-s3-access-from-a-new-ip-a5b564b9 2026-04-25T16:22:18.416Z monthly 0.6 https://detectionlint.org/library/spl-detect-new-open-s3-buckets-over-aws-cli-5274e7c2 2026-04-25T16:22:18.141Z monthly 0.6 https://detectionlint.org/library/spl-detect-new-open-s3-buckets-da9ced0a 2026-04-25T16:22:17.872Z monthly 0.6 https://detectionlint.org/library/spl-detect-new-open-gcp-storage-buckets-9de5376d 2026-04-25T16:22:17.559Z monthly 0.6 https://detectionlint.org/library/spl-detect-gcp-storage-access-from-a-new-ip-7a3bb137 2026-04-25T16:22:17.279Z monthly 0.6 https://detectionlint.org/library/spl-detect-aws-console-login-by-user-from-new-region-125cf276 2026-04-25T16:22:17.005Z monthly 0.6 https://detectionlint.org/library/spl-detect-aws-console-login-by-user-from-new-country-9486d589 2026-04-25T16:22:16.721Z monthly 0.6 https://detectionlint.org/library/spl-detect-aws-console-login-by-user-from-new-city-1b02c1bd 2026-04-25T16:22:16.460Z monthly 0.6 https://detectionlint.org/library/spl-detect-aws-console-login-by-new-user-d77d7eb9 2026-04-25T16:22:16.189Z monthly 0.6 https://detectionlint.org/library/spl-cloud-security-groups-modifications-by-user-27bb7ad7 2026-04-25T16:22:15.922Z monthly 0.6 https://detectionlint.org/library/spl-cloud-provisioning-activity-from-previously-unseen-region-cf083369 2026-04-25T16:22:15.640Z monthly 0.6 https://detectionlint.org/library/spl-cloud-provisioning-activity-from-previously-unseen-ip-addres-f310d8df 2026-04-25T16:22:15.372Z monthly 0.6 https://detectionlint.org/library/spl-cloud-provisioning-activity-from-previously-unseen-country-fd72ac17 2026-04-25T16:22:15.085Z monthly 0.6 https://detectionlint.org/library/spl-cloud-provisioning-activity-from-previously-unseen-city-44f68bdb 2026-04-25T16:22:14.808Z monthly 0.6 https://detectionlint.org/library/spl-cloud-instance-modified-by-previously-unseen-user-b483201e 2026-04-25T16:22:14.528Z monthly 0.6 https://detectionlint.org/library/spl-cloud-compute-instance-created-with-previously-unseen-instan-bf98a8fe 2026-04-25T16:22:14.255Z monthly 0.6 https://detectionlint.org/library/spl-cloud-compute-instance-created-with-previously-unseen-image-938bc75b 2026-04-25T16:22:13.967Z monthly 0.6 https://detectionlint.org/library/spl-cloud-compute-instance-created-in-previously-unused-region-cec053ab 2026-04-25T16:22:13.684Z monthly 0.6 https://detectionlint.org/library/spl-cloud-compute-instance-created-by-previously-unseen-user-986dd0b3 2026-04-25T16:22:13.400Z monthly 0.6 https://detectionlint.org/library/spl-cloud-api-calls-from-previously-unseen-user-roles-476fb9f3 2026-04-25T16:22:13.121Z monthly 0.6 https://detectionlint.org/library/spl-circle-ci-disable-security-step-c7660378 2026-04-25T16:22:12.857Z monthly 0.6 https://detectionlint.org/library/spl-circle-ci-disable-security-job-7bcb59d7 2026-04-25T16:22:12.498Z monthly 0.6 https://detectionlint.org/library/spl-azure-runbook-webhook-created-f2e138a9 2026-04-25T16:22:12.227Z monthly 0.6 https://detectionlint.org/library/spl-azure-automation-runbook-created-8732ba7b 2026-04-25T16:22:11.945Z monthly 0.6 https://detectionlint.org/library/spl-azure-automation-account-created-14f6ce26 2026-04-25T16:22:11.669Z monthly 0.6 https://detectionlint.org/library/spl-azure-ad-user-immutableid-attribute-updated-66d56ade 2026-04-25T16:22:11.394Z monthly 0.6 https://detectionlint.org/library/spl-azure-ad-user-enabled-and-password-reset-781e6362 2026-04-25T16:22:11.100Z monthly 0.6 https://detectionlint.org/library/spl-azure-ad-user-consent-denied-for-oauth-application-437078e4 2026-04-25T16:22:10.830Z monthly 0.6 https://detectionlint.org/library/spl-azure-ad-user-consent-blocked-for-risky-application-3ed5cc9c 2026-04-25T16:22:10.563Z monthly 0.6 https://detectionlint.org/library/spl-azure-ad-unusual-number-of-failed-authentications-from-ip-6d3df3f6 2026-04-25T16:22:10.290Z monthly 0.6 https://detectionlint.org/library/spl-azure-ad-tenant-wide-admin-consent-granted-63450704 2026-04-25T16:22:10.006Z monthly 0.6 https://detectionlint.org/library/spl-azure-ad-successful-single-factor-authentication-3cc1fbe6 2026-04-25T16:22:09.709Z monthly 0.6 https://detectionlint.org/library/spl-azure-ad-successful-powershell-authentication-7540b9ca 2026-04-25T16:22:09.394Z monthly 0.6 https://detectionlint.org/library/spl-azure-ad-successful-authentication-from-different-ips-e491dc12 2026-04-25T16:22:09.119Z monthly 0.6 https://detectionlint.org/library/spl-azure-ad-service-principal-privilege-escalation-13470a00 2026-04-25T16:22:08.843Z monthly 0.6 https://detectionlint.org/library/spl-azure-ad-service-principal-owner-added-7808e0cd 2026-04-25T16:22:08.579Z monthly 0.6 https://detectionlint.org/library/spl-azure-ad-service-principal-new-client-credentials-edd806db 2026-04-25T16:22:08.314Z monthly 0.6 https://detectionlint.org/library/spl-azure-ad-service-principal-enumeration-a79d91b1 2026-04-25T16:22:08.033Z monthly 0.6 https://detectionlint.org/library/spl-azure-ad-service-principal-created-9ebff8eb 2026-04-25T16:22:07.751Z monthly 0.6 https://detectionlint.org/library/spl-azure-ad-service-principal-authentication-d71348eb 2026-04-25T16:22:07.479Z monthly 0.6 https://detectionlint.org/library/spl-azure-ad-privileged-role-assigned-to-service-principal-95b2ee95 2026-04-25T16:22:07.206Z monthly 0.6 https://detectionlint.org/library/spl-azure-ad-privileged-role-assigned-f4f8bebb 2026-04-25T16:22:06.946Z monthly 0.6 https://detectionlint.org/library/spl-azure-ad-privileged-graph-api-permission-assigned-dcdf077f 2026-04-25T16:22:06.675Z monthly 0.6 https://detectionlint.org/library/spl-azure-ad-privileged-authentication-administrator-role-assign-fa74f8b1 2026-04-25T16:22:06.397Z monthly 0.6 https://detectionlint.org/library/spl-azure-ad-pim-role-assignment-activated-57cd3807 2026-04-25T16:22:06.124Z monthly 0.6 https://detectionlint.org/library/spl-azure-ad-pim-role-assigned-23f8798b 2026-04-25T16:22:05.828Z monthly 0.6 https://detectionlint.org/library/spl-azure-ad-oauth-application-consent-granted-by-user-d4cd5499 2026-04-25T16:22:05.566Z monthly 0.6 https://detectionlint.org/library/spl-azure-ad-new-mfa-method-registered-for-user-3b4c79b7 2026-04-25T16:22:05.253Z monthly 0.6 https://detectionlint.org/library/spl-azure-ad-new-mfa-method-registered-7abdff91 2026-04-25T16:22:04.983Z monthly 0.6 https://detectionlint.org/library/spl-azure-ad-new-federated-domain-added-14717e04 2026-04-25T16:22:04.698Z monthly 0.6 https://detectionlint.org/library/spl-azure-ad-new-custom-domain-added-970f3c99 2026-04-25T16:22:04.415Z monthly 0.6 https://detectionlint.org/library/spl-azure-ad-multiple-users-failing-to-authenticate-from-ip-819433ca 2026-04-25T16:22:04.150Z monthly 0.6 https://detectionlint.org/library/spl-azure-ad-multiple-service-principals-created-by-user-4bddc9b3 2026-04-25T16:22:03.869Z monthly 0.6 https://detectionlint.org/library/spl-azure-ad-multiple-service-principals-created-by-sp-97e667b0 2026-04-25T16:22:03.599Z monthly 0.6 https://detectionlint.org/library/spl-azure-ad-multiple-failed-mfa-requests-for-user-7ff96e9a 2026-04-25T16:22:03.339Z monthly 0.6 https://detectionlint.org/library/spl-azure-ad-multiple-denied-mfa-requests-for-user-da16e256 2026-04-25T16:22:03.068Z monthly 0.6 https://detectionlint.org/library/spl-azure-ad-multiple-appids-and-useragents-authentication-spike-692166eb 2026-04-25T16:22:02.800Z monthly 0.6 https://detectionlint.org/library/spl-azure-ad-multi-source-failed-authentications-spike-57587390 2026-04-25T16:22:02.514Z monthly 0.6 https://detectionlint.org/library/spl-azure-ad-multi-factor-authentication-disabled-abcfd052 2026-04-25T16:22:02.246Z monthly 0.6 https://detectionlint.org/library/spl-azure-ad-high-number-of-failed-authentications-from-ip-d3933bba 2026-04-25T16:22:01.945Z monthly 0.6 https://detectionlint.org/library/spl-azure-ad-high-number-of-failed-authentications-for-user-473bcebb 2026-04-25T16:22:01.684Z monthly 0.6 https://detectionlint.org/library/spl-azure-ad-global-administrator-role-assigned-148e3dda 2026-04-25T16:22:01.382Z monthly 0.6 https://detectionlint.org/library/spl-azure-ad-fullaccessasapp-permission-assigned-6ad33065 2026-04-25T16:22:01.108Z monthly 0.6 https://detectionlint.org/library/spl-azure-ad-external-guest-user-invited-5f75494c 2026-04-25T16:22:00.837Z monthly 0.6 https://detectionlint.org/library/spl-azure-ad-device-code-authentication-0f9280a0 2026-04-25T16:22:00.575Z monthly 0.6 https://detectionlint.org/library/spl-azure-ad-concurrent-sessions-from-different-ips-97ac0727 2026-04-25T16:22:00.293Z monthly 0.6 https://detectionlint.org/library/spl-azure-ad-block-user-consent-for-risky-apps-disabled-740876a3 2026-04-25T16:22:00.018Z monthly 0.6 https://detectionlint.org/library/spl-azure-ad-azurehound-useragent-detected-9e55cabd 2026-04-25T16:21:59.734Z monthly 0.6 https://detectionlint.org/library/spl-azure-ad-authentication-failed-during-mfa-challenge-b4833643 2026-04-25T16:21:59.464Z monthly 0.6 https://detectionlint.org/library/spl-azure-ad-application-administrator-role-assigned-b2337dc7 2026-04-25T16:21:59.189Z monthly 0.6 https://detectionlint.org/library/spl-azure-ad-admin-consent-bypassed-by-service-principal-fc0ab9a1 2026-04-25T16:21:58.929Z monthly 0.6 https://detectionlint.org/library/spl-azure-active-directory-high-risk-sign-in-16674ab6 2026-04-25T16:21:58.661Z monthly 0.6 https://detectionlint.org/library/spl-aws-updateloginprofile-089a8c7a 2026-04-25T16:21:58.388Z monthly 0.6 https://detectionlint.org/library/spl-aws-unusual-number-of-failed-authentications-from-ip-9cfb0819 2026-04-25T16:21:58.109Z monthly 0.6 https://detectionlint.org/library/spl-aws-successful-single-factor-authentication-54dc281d 2026-04-25T16:21:57.848Z monthly 0.6 https://detectionlint.org/library/spl-aws-successful-console-authentication-from-multiple-ips-7f883e61 2026-04-25T16:21:57.570Z monthly 0.6 https://detectionlint.org/library/spl-aws-setdefaultpolicyversion-62331366 2026-04-25T16:21:57.214Z monthly 0.6 https://detectionlint.org/library/spl-aws-saml-update-identity-provider-5dbfb64e 2026-04-25T16:21:56.956Z monthly 0.6 https://detectionlint.org/library/spl-aws-s3-exfiltration-behavior-identified-784a1d4a 2026-04-25T16:21:56.684Z monthly 0.6 https://detectionlint.org/library/spl-aws-password-policy-changes-4ae86db7 2026-04-25T16:21:56.406Z monthly 0.6 https://detectionlint.org/library/spl-aws-new-mfa-method-registered-for-user-9c6acd54 2026-04-25T16:21:56.135Z monthly 0.6 https://detectionlint.org/library/spl-aws-network-access-control-list-deleted-8e2e2bd5 2026-04-25T16:21:55.865Z monthly 0.6 https://detectionlint.org/library/spl-aws-network-access-control-list-created-with-all-open-ports-ee6e6bc9 2026-04-25T16:21:55.535Z monthly 0.6 https://detectionlint.org/library/spl-aws-multiple-users-failing-to-authenticate-from-ip-a072e3f4 2026-04-25T16:21:55.255Z monthly 0.6 https://detectionlint.org/library/spl-aws-multiple-failed-mfa-requests-for-user-15c7ae04 2026-04-25T16:21:54.983Z monthly 0.6 https://detectionlint.org/library/spl-aws-multi-factor-authentication-disabled-c473edcb 2026-04-25T16:21:54.716Z monthly 0.6 https://detectionlint.org/library/spl-aws-lambda-updatefunctioncode-df636e46 2026-04-25T16:21:54.466Z monthly 0.6 https://detectionlint.org/library/spl-aws-iam-successful-group-deletion-598405b2 2026-04-25T16:21:54.202Z monthly 0.6 https://detectionlint.org/library/spl-aws-iam-failure-group-deletion-10c1fe36 2026-04-25T16:21:53.943Z monthly 0.6 https://detectionlint.org/library/spl-aws-iam-delete-policy-0bc2d34d 2026-04-25T16:21:53.677Z monthly 0.6 https://detectionlint.org/library/spl-aws-iam-assume-role-policy-brute-force-15046cf7 2026-04-25T16:21:53.422Z monthly 0.6 https://detectionlint.org/library/spl-aws-iam-accessdenied-discovery-events-ff6231f7 2026-04-25T16:21:53.140Z monthly 0.6 https://detectionlint.org/library/spl-aws-high-number-of-failed-authentications-from-ip-a4e23789 2026-04-25T16:21:52.875Z monthly 0.6 https://detectionlint.org/library/spl-aws-high-number-of-failed-authentications-for-user-ea107761 2026-04-25T16:21:52.610Z monthly 0.6 https://detectionlint.org/library/spl-aws-exfiltration-via-ec2-snapshot-ffa0fc2b 2026-04-25T16:21:52.351Z monthly 0.6 https://detectionlint.org/library/spl-aws-exfiltration-via-datasync-task-e1d54ab7 2026-04-25T16:21:52.084Z monthly 0.6 https://detectionlint.org/library/spl-aws-exfiltration-via-bucket-replication-1c1cf6f0 2026-04-25T16:21:51.810Z monthly 0.6 https://detectionlint.org/library/spl-aws-exfiltration-via-batch-service-88fc1d42 2026-04-25T16:21:51.544Z monthly 0.6 https://detectionlint.org/library/spl-aws-exfiltration-via-anomalous-getobject-api-activity-9818a431 2026-04-25T16:21:51.260Z monthly 0.6 https://detectionlint.org/library/spl-aws-excessive-security-scanning-5f8c1a74 2026-04-25T16:21:50.987Z monthly 0.6 https://detectionlint.org/library/spl-aws-ecr-container-upload-unknown-user-7be8d4d2 2026-04-25T16:21:50.693Z monthly 0.6 https://detectionlint.org/library/spl-aws-ecr-container-upload-outside-business-hours-4e6043e1 2026-04-25T16:21:50.418Z monthly 0.6 https://detectionlint.org/library/spl-aws-ecr-container-scanning-findings-medium-fe97e58d 2026-04-25T16:21:50.154Z monthly 0.6 https://detectionlint.org/library/spl-aws-ecr-container-scanning-findings-low-informational-unknow-a5921314 2026-04-25T16:21:49.860Z monthly 0.6 https://detectionlint.org/library/spl-aws-ecr-container-scanning-findings-high-ebdd5d33 2026-04-25T16:21:49.588Z monthly 0.6 https://detectionlint.org/library/spl-aws-ec2-snapshot-shared-externally-325994c6 2026-04-25T16:21:49.321Z monthly 0.6 https://detectionlint.org/library/spl-aws-disable-bucket-versioning-7244f1ab 2026-04-25T16:21:49.045Z monthly 0.6 https://detectionlint.org/library/spl-aws-detect-users-with-kms-keys-performing-encryption-s3-b334c844 2026-04-25T16:21:48.774Z monthly 0.6 https://detectionlint.org/library/spl-aws-detect-users-creating-keys-with-encrypt-policy-without-m-384c816a 2026-04-25T16:21:48.519Z monthly 0.6 https://detectionlint.org/library/spl-aws-defense-evasion-update-cloudtrail-11441c9f 2026-04-25T16:21:48.247Z monthly 0.6 https://detectionlint.org/library/spl-aws-defense-evasion-stop-logging-cloudtrail-dded149e 2026-04-25T16:21:47.975Z monthly 0.6 https://detectionlint.org/library/spl-aws-defense-evasion-putbucketlifecycle-b8da9541 2026-04-25T16:21:47.727Z monthly 0.6 https://detectionlint.org/library/spl-aws-defense-evasion-impair-security-services-79cc7a6e 2026-04-25T16:21:47.466Z monthly 0.6 https://detectionlint.org/library/spl-aws-defense-evasion-delete-cloudwatch-log-group-2e5b24a1 2026-04-25T16:21:47.205Z monthly 0.6 https://detectionlint.org/library/spl-aws-defense-evasion-delete-cloudtrail-1301144e 2026-04-25T16:21:46.947Z monthly 0.6 https://detectionlint.org/library/spl-aws-credential-access-rds-password-reset-49dc6e43 2026-04-25T16:21:46.696Z monthly 0.6 https://detectionlint.org/library/spl-aws-credential-access-getpassworddata-fb498195 2026-04-25T16:21:46.434Z monthly 0.6 https://detectionlint.org/library/spl-aws-credential-access-failed-login-68b70156 2026-04-25T16:21:46.177Z monthly 0.6 https://detectionlint.org/library/spl-aws-createloginprofile-1d6e3ffc 2026-04-25T16:21:45.909Z monthly 0.6 https://detectionlint.org/library/spl-aws-createaccesskey-390d1bdd 2026-04-25T16:21:45.638Z monthly 0.6 https://detectionlint.org/library/spl-aws-create-policy-version-to-allow-all-resources-65267a04 2026-04-25T16:21:45.378Z monthly 0.6 https://detectionlint.org/library/spl-aws-console-login-failed-during-mfa-challenge-297fba25 2026-04-25T16:21:45.106Z monthly 0.6 https://detectionlint.org/library/spl-aws-concurrent-sessions-from-different-ips-d7966944 2026-04-25T16:21:44.833Z monthly 0.6 https://detectionlint.org/library/spl-aws-bedrock-invoke-model-access-denied-52cfd04e 2026-04-25T16:21:44.568Z monthly 0.6 https://detectionlint.org/library/spl-aws-bedrock-high-number-list-foundation-model-failures-054f6bf1 2026-04-25T16:21:44.296Z monthly 0.6 https://detectionlint.org/library/spl-aws-bedrock-delete-model-invocation-logging-configuration-62a93df3 2026-04-25T16:21:44.026Z monthly 0.6 https://detectionlint.org/library/spl-aws-bedrock-delete-knowledge-base-4a8bba79 2026-04-25T16:21:43.758Z monthly 0.6 https://detectionlint.org/library/spl-aws-bedrock-delete-guardrails-b3cad214 2026-04-25T16:21:43.493Z monthly 0.6 https://detectionlint.org/library/spl-aws-ami-attribute-modification-for-exfiltration-148584bb 2026-04-25T16:21:43.191Z monthly 0.6 https://detectionlint.org/library/spl-asl-aws-updateloginprofile-6e16ac85 2026-04-25T16:21:42.935Z monthly 0.6 https://detectionlint.org/library/spl-asl-aws-saml-update-identity-provider-26fff05f 2026-04-25T16:21:42.669Z monthly 0.6 https://detectionlint.org/library/spl-asl-aws-new-mfa-method-registered-for-user-5174ef4d 2026-04-25T16:21:42.389Z monthly 0.6 https://detectionlint.org/library/spl-asl-aws-network-access-control-list-deleted-056fac7f 2026-04-25T16:21:42.029Z monthly 0.6 https://detectionlint.org/library/spl-asl-aws-network-access-control-list-created-with-all-open-po-c1558dcf 2026-04-25T16:21:41.756Z monthly 0.6 https://detectionlint.org/library/spl-asl-aws-multi-factor-authentication-disabled-c456c4bd 2026-04-25T16:21:41.489Z monthly 0.6 https://detectionlint.org/library/spl-asl-aws-iam-successful-group-deletion-d954d88c 2026-04-25T16:21:41.218Z monthly 0.6 https://detectionlint.org/library/spl-asl-aws-iam-failure-group-deletion-05fcc2cd 2026-04-25T16:21:40.947Z monthly 0.6 https://detectionlint.org/library/spl-asl-aws-iam-delete-policy-eb7583b9 2026-04-25T16:21:40.665Z monthly 0.6 https://detectionlint.org/library/spl-asl-aws-iam-assume-role-policy-brute-force-5c029978 2026-04-25T16:21:40.396Z monthly 0.6 https://detectionlint.org/library/spl-asl-aws-iam-accessdenied-discovery-events-c6b1068f 2026-04-25T16:21:40.131Z monthly 0.6 https://detectionlint.org/library/spl-asl-aws-ecr-container-upload-unknown-user-71a8fd85 2026-04-25T16:21:39.830Z monthly 0.6 https://detectionlint.org/library/spl-asl-aws-ecr-container-upload-outside-business-hours-196f1cac 2026-04-25T16:21:39.551Z monthly 0.6 https://detectionlint.org/library/spl-asl-aws-ec2-snapshot-shared-externally-39381ecb 2026-04-25T16:21:39.280Z monthly 0.6 https://detectionlint.org/library/spl-asl-aws-disable-bucket-versioning-365abb15 2026-04-25T16:21:39.022Z monthly 0.6 https://detectionlint.org/library/spl-asl-aws-detect-users-creating-keys-with-encrypt-policy-witho-22483e2e 2026-04-25T16:21:38.747Z monthly 0.6 https://detectionlint.org/library/spl-asl-aws-defense-evasion-update-cloudtrail-d110cac2 2026-04-25T16:21:38.475Z monthly 0.6 https://detectionlint.org/library/spl-asl-aws-defense-evasion-stop-logging-cloudtrail-c7bce5cc 2026-04-25T16:21:38.197Z monthly 0.6 https://detectionlint.org/library/spl-asl-aws-defense-evasion-putbucketlifecycle-a546477f 2026-04-25T16:21:37.936Z monthly 0.6 https://detectionlint.org/library/spl-asl-aws-defense-evasion-impair-security-services-fe6c28f7 2026-04-25T16:21:37.671Z monthly 0.6 https://detectionlint.org/library/spl-asl-aws-defense-evasion-delete-cloudwatch-log-group-9de16b31 2026-04-25T16:21:37.402Z monthly 0.6 https://detectionlint.org/library/spl-asl-aws-defense-evasion-delete-cloudtrail-bf86443f 2026-04-25T16:21:37.131Z monthly 0.6 https://detectionlint.org/library/spl-asl-aws-credential-access-rds-password-reset-2096a5ea 2026-04-25T16:21:36.863Z monthly 0.6 https://detectionlint.org/library/spl-asl-aws-credential-access-getpassworddata-656467cb 2026-04-25T16:21:36.600Z monthly 0.6 https://detectionlint.org/library/spl-asl-aws-create-policy-version-to-allow-all-resources-5dc81f32 2026-04-25T16:21:36.348Z monthly 0.6 https://detectionlint.org/library/spl-asl-aws-create-access-key-049a018e 2026-04-25T16:21:36.091Z monthly 0.6 https://detectionlint.org/library/spl-asl-aws-concurrent-sessions-from-different-ips-db1822a1 2026-04-25T16:21:35.812Z monthly 0.6 https://detectionlint.org/library/spl-amazon-eks-kubernetes-pod-scan-detection-6daf12e2 2026-04-25T16:21:35.529Z monthly 0.6 https://detectionlint.org/library/spl-amazon-eks-kubernetes-cluster-scan-detection-bbcc19c2 2026-04-25T16:21:35.258Z monthly 0.6 https://detectionlint.org/library/spl-zeek-x509-certificate-with-punycode-706387a5 2026-04-25T16:21:34.993Z monthly 0.6 https://detectionlint.org/library/spl-windows-spearphishing-attachment-connect-to-none-ms-office-d-9885740c 2026-04-25T16:21:34.716Z monthly 0.6 https://detectionlint.org/library/spl-windows-remote-desktop-network-bruteforce-attempt-0522640c 2026-04-25T16:21:34.451Z monthly 0.6 https://detectionlint.org/library/spl-windows-multi-hop-proxy-tor-website-query-3a0a6570 2026-04-25T16:21:34.176Z monthly 0.6 https://detectionlint.org/library/spl-windows-gather-victim-network-info-through-ip-check-web-serv-ca4fb0b3 2026-04-25T16:21:33.905Z monthly 0.6 https://detectionlint.org/library/spl-windows-dns-query-request-by-telegram-bot-api-d43e7a09 2026-04-25T16:21:33.634Z monthly 0.6 https://detectionlint.org/library/spl-windows-ad-rogue-domain-controller-network-activity-ef081f5a 2026-04-25T16:21:33.372Z monthly 0.6 https://detectionlint.org/library/spl-windows-ad-replication-service-traffic-d4462d98 2026-04-25T16:21:33.112Z monthly 0.6 https://detectionlint.org/library/spl-windows-abused-web-services-2209ab2d 2026-04-25T16:21:32.828Z monthly 0.6 https://detectionlint.org/library/spl-wermgr-process-connecting-to-ip-check-web-services-d3e11250 2026-04-25T16:21:32.545Z monthly 0.6 https://detectionlint.org/library/spl-tor-traffic-f00676f2 2026-04-25T16:21:32.284Z monthly 0.6 https://detectionlint.org/library/spl-suspicious-process-with-discord-dns-query-8394ac42 2026-04-25T16:21:32.008Z monthly 0.6 https://detectionlint.org/library/spl-suspicious-process-dns-query-known-abuse-web-services-fb901447 2026-04-25T16:21:31.744Z monthly 0.6 https://detectionlint.org/library/spl-ssl-certificates-with-punycode-f0993358 2026-04-25T16:21:31.487Z monthly 0.6 https://detectionlint.org/library/spl-smb-traffic-spike-d8ab428c 2026-04-25T16:21:31.227Z monthly 0.6 https://detectionlint.org/library/spl-rundll32-dnsquery-5a8e5f08 2026-04-25T16:21:30.976Z monthly 0.6 https://detectionlint.org/library/spl-remote-desktop-network-traffic-64ec5ed6 2026-04-25T16:21:30.704Z monthly 0.6 https://detectionlint.org/library/spl-protocols-passing-authentication-in-cleartext-2e1a0dd5 2026-04-25T16:21:30.431Z monthly 0.6 https://detectionlint.org/library/spl-protocol-or-port-mismatch-f395dfdf 2026-04-25T16:21:30.143Z monthly 0.6 https://detectionlint.org/library/spl-prohibited-network-traffic-allowed-b96a01ce 2026-04-25T16:21:29.892Z monthly 0.6 https://detectionlint.org/library/spl-ngrok-reverse-proxy-on-network-5ee65447 2026-04-25T16:21:29.612Z monthly 0.6 https://detectionlint.org/library/spl-large-volume-of-dns-any-queries-30b48827 2026-04-25T16:21:29.349Z monthly 0.6 https://detectionlint.org/library/spl-internal-vulnerability-scan-9e4a56b2 2026-04-25T16:21:29.070Z monthly 0.6 https://detectionlint.org/library/spl-internal-vertical-port-scan-dccdf1f4 2026-04-25T16:21:28.814Z monthly 0.6 https://detectionlint.org/library/spl-internal-horizontal-port-scan-nmap-top-20-6946ef03 2026-04-25T16:21:28.544Z monthly 0.6 https://detectionlint.org/library/spl-internal-horizontal-port-scan-213ccd18 2026-04-25T16:21:28.275Z monthly 0.6 https://detectionlint.org/library/spl-http-rmm-user-agent-f5929bfc 2026-04-25T16:21:28.018Z monthly 0.6 https://detectionlint.org/library/spl-http-pua-user-agent-b9894ffe 2026-04-25T16:21:27.757Z monthly 0.6 https://detectionlint.org/library/spl-http-malware-user-agent-a8d830cf 2026-04-25T16:21:27.472Z monthly 0.6 https://detectionlint.org/library/spl-http-c2-framework-user-agent-87c78e11 2026-04-25T16:21:27.118Z monthly 0.6 https://detectionlint.org/library/spl-hosts-receiving-high-volume-of-network-traffic-from-email-se-b05d2d6d 2026-04-25T16:21:26.820Z monthly 0.6 https://detectionlint.org/library/spl-f5-big-ip-icontrol-rest-vulnerability-cve-2022-1388-5400bc05 2026-04-25T16:21:26.551Z monthly 0.6 https://detectionlint.org/library/spl-excessive-dns-failures-57e32f99 2026-04-25T16:21:26.280Z monthly 0.6 https://detectionlint.org/library/spl-dns-query-length-with-high-standard-deviation-b076052d 2026-04-25T16:21:26.017Z monthly 0.6 https://detectionlint.org/library/spl-dns-kerberos-coercion-f73dd074 2026-04-25T16:21:25.699Z monthly 0.6 https://detectionlint.org/library/spl-detect-zerologon-via-zeek-94864e6f 2026-04-25T16:21:25.423Z monthly 0.6 https://detectionlint.org/library/spl-detect-windows-dns-sigred-via-zeek-19faf224 2026-04-25T16:21:25.145Z monthly 0.6 https://detectionlint.org/library/spl-detect-windows-dns-sigred-via-splunk-stream-afb1b6bb 2026-04-25T16:21:24.884Z monthly 0.6 https://detectionlint.org/library/spl-detect-unauthorized-assets-by-mac-address-c1922b81 2026-04-25T16:21:24.612Z monthly 0.6 https://detectionlint.org/library/spl-detect-traffic-mirroring-4493f1ab 2026-04-25T16:21:24.350Z monthly 0.6 https://detectionlint.org/library/spl-detect-software-download-to-network-device-6dc3f4cb 2026-04-25T16:21:24.094Z monthly 0.6 https://detectionlint.org/library/spl-detect-snicat-sni-exfiltration-98c3a921 2026-04-25T16:21:23.806Z monthly 0.6 https://detectionlint.org/library/spl-detect-rogue-dhcp-server-4b5f18a7 2026-04-25T16:21:23.540Z monthly 0.6 https://detectionlint.org/library/spl-detect-remote-access-software-usage-traffic-755ce523 2026-04-25T16:21:23.279Z monthly 0.6 https://detectionlint.org/library/spl-detect-remote-access-software-usage-dns-ead99ef1 2026-04-25T16:21:23.001Z monthly 0.6 https://detectionlint.org/library/spl-detect-port-security-violation-6d6fbefd 2026-04-25T16:21:22.722Z monthly 0.6 https://detectionlint.org/library/spl-detect-outbound-smb-traffic-04f0a18f 2026-04-25T16:21:22.454Z monthly 0.6 https://detectionlint.org/library/spl-detect-outbound-ldap-traffic-27d5bc40 2026-04-25T16:21:22.192Z monthly 0.6 https://detectionlint.org/library/spl-detect-large-icmp-traffic-4121d441 2026-04-25T16:21:21.915Z monthly 0.6 https://detectionlint.org/library/spl-detect-ipv6-network-infrastructure-threats-efcd952c 2026-04-25T16:21:21.659Z monthly 0.6 https://detectionlint.org/library/spl-detect-hosts-connecting-to-dynamic-domain-providers-24b6604c 2026-04-25T16:21:21.395Z monthly 0.6 https://detectionlint.org/library/spl-detect-dns-query-to-decommissioned-s3-bucket-e2dba763 2026-04-25T16:21:21.136Z monthly 0.6 https://detectionlint.org/library/spl-detect-arp-poisoning-b3687f91 2026-04-25T16:21:20.869Z monthly 0.6 https://detectionlint.org/library/spl-cisco-tftp-server-configuration-for-data-exfiltration-4f70fd35 2026-04-25T16:21:20.604Z monthly 0.6 https://detectionlint.org/library/spl-cisco-snmp-community-string-configuration-changes-a67f967c 2026-04-25T16:21:20.315Z monthly 0.6 https://detectionlint.org/library/spl-cisco-smart-install-port-discovery-and-status-f2a0684d 2026-04-25T16:21:20.034Z monthly 0.6 https://detectionlint.org/library/spl-cisco-smart-install-oversized-packet-detection-3ffad37b 2026-04-25T16:21:19.781Z monthly 0.6 https://detectionlint.org/library/spl-cisco-secure-firewall---wget-or-curl-download-65c62743 2026-04-25T16:21:19.511Z monthly 0.6 https://detectionlint.org/library/spl-cisco-secure-firewall---veeam-cve-2023-27532-exploitation-ac-3a95e506 2026-04-25T16:21:19.235Z monthly 0.6 https://detectionlint.org/library/spl-cisco-secure-firewall---static-tundra-smart-install-abuse-457757bd 2026-04-25T16:21:18.885Z monthly 0.6 https://detectionlint.org/library/spl-cisco-secure-firewall---ssh-connection-to-sshd_operns-f51799f5 2026-04-25T16:21:18.619Z monthly 0.6 https://detectionlint.org/library/spl-cisco-secure-firewall---ssh-connection-to-non-standard-port-0774e6ae 2026-04-25T16:21:18.330Z monthly 0.6 https://detectionlint.org/library/spl-cisco-secure-firewall---snort-rule-triggered-across-multiple-bc42e2b5 2026-04-25T16:21:18.070Z monthly 0.6 https://detectionlint.org/library/spl-cisco-secure-firewall---repeated-malware-downloads-b7950b3d 2026-04-25T16:21:17.782Z monthly 0.6 https://detectionlint.org/library/spl-cisco-secure-firewall---repeated-blocked-connections-6901bde2 2026-04-25T16:21:17.470Z monthly 0.6 https://detectionlint.org/library/spl-cisco-secure-firewall---remote-access-software-usage-traffic-92fadde2 2026-04-25T16:21:17.196Z monthly 0.6 https://detectionlint.org/library/spl-cisco-secure-firewall---react-server-components-rce-attempt-eaf625ef 2026-04-25T16:21:16.907Z monthly 0.6 https://detectionlint.org/library/spl-cisco-secure-firewall---rare-snort-rule-triggered-b1f14f51 2026-04-25T16:21:16.646Z monthly 0.6 https://detectionlint.org/library/spl-cisco-secure-firewall---privileged-command-execution-via-htt-083e3774 2026-04-25T16:21:16.374Z monthly 0.6 https://detectionlint.org/library/spl-cisco-secure-firewall---potential-data-exfiltration-e57b19c3 2026-04-25T16:21:16.086Z monthly 0.6 https://detectionlint.org/library/spl-cisco-secure-firewall---possibly-compromised-host-3367dd27 2026-04-25T16:21:15.781Z monthly 0.6 https://detectionlint.org/library/spl-cisco-secure-firewall---oracle-e-business-suite-exploitation-184752ca 2026-04-25T16:21:15.524Z monthly 0.6 https://detectionlint.org/library/spl-cisco-secure-firewall---oracle-e-business-suite-correlation-0488a708 2026-04-25T16:21:15.208Z monthly 0.6 https://detectionlint.org/library/spl-cisco-secure-firewall---malware-file-downloaded-ef4eb144 2026-04-25T16:21:14.922Z monthly 0.6 https://detectionlint.org/library/spl-cisco-secure-firewall---lumma-stealer-outbound-connection-at-31b72047 2026-04-25T16:21:14.647Z monthly 0.6 https://detectionlint.org/library/spl-cisco-secure-firewall---lumma-stealer-download-attempt-df950f99 2026-04-25T16:21:14.376Z monthly 0.6 https://detectionlint.org/library/spl-cisco-secure-firewall---lumma-stealer-activity-35dfca9f 2026-04-25T16:21:14.099Z monthly 0.6 https://detectionlint.org/library/spl-cisco-secure-firewall---intrusion-events-by-threat-activity-b4fc33c7 2026-04-25T16:21:13.826Z monthly 0.6 https://detectionlint.org/library/spl-cisco-secure-firewall---high-volume-of-intrusion-events-per--8fede224 2026-04-25T16:21:13.563Z monthly 0.6 https://detectionlint.org/library/spl-cisco-secure-firewall---high-priority-intrusion-classificati-6b27b623 2026-04-25T16:21:13.288Z monthly 0.6 https://detectionlint.org/library/spl-cisco-secure-firewall---high-eve-threat-confidence-da9149df 2026-04-25T16:21:13.019Z monthly 0.6 https://detectionlint.org/library/spl-cisco-secure-firewall---file-download-over-uncommon-port-f509cc62 2026-04-25T16:21:12.753Z monthly 0.6 https://detectionlint.org/library/spl-cisco-secure-firewall---connection-to-file-sharing-domain-cef76883 2026-04-25T16:21:12.481Z monthly 0.6 https://detectionlint.org/library/spl-cisco-secure-firewall---communication-over-suspicious-ports-6029c0d1 2026-04-25T16:21:12.199Z monthly 0.6 https://detectionlint.org/library/spl-cisco-secure-firewall---citrix-netscaler-memory-overread-att-cc46a9f9 2026-04-25T16:21:11.833Z monthly 0.6 https://detectionlint.org/library/spl-cisco-secure-firewall---blocked-connection-1710e379 2026-04-25T16:21:11.555Z monthly 0.6 https://detectionlint.org/library/spl-cisco-secure-firewall---blacklisted-ssl-certificate-fingerpr-b2dae559 2026-04-25T16:21:11.289Z monthly 0.6 https://detectionlint.org/library/spl-cisco-secure-firewall---bits-network-activity-80bbcc97 2026-04-25T16:21:11.021Z monthly 0.6 https://detectionlint.org/library/spl-cisco-secure-firewall---binary-file-type-download-df78524b 2026-04-25T16:21:10.756Z monthly 0.6 https://detectionlint.org/library/spl-cisco-sd-wan---uncommon-user-agent-multi-uri-activity-803e65dd 2026-04-25T16:21:10.467Z monthly 0.6 https://detectionlint.org/library/spl-cisco-sd-wan---peering-activity-90348996 2026-04-25T16:21:10.198Z monthly 0.6 https://detectionlint.org/library/spl-cisco-sd-wan---low-frequency-rogue-peer-6ddb6331 2026-04-25T16:21:09.937Z monthly 0.6 https://detectionlint.org/library/spl-cisco-sd-wan---arbitrary-file-overwrite-exploitation-activit-daedba70 2026-04-25T16:21:09.666Z monthly 0.6 https://detectionlint.org/library/spl-cisco-privileged-account-creation-with-suspicious-ssh-activi-e7251c91 2026-04-25T16:21:09.401Z monthly 0.6 https://detectionlint.org/library/spl-cisco-privileged-account-creation-with-http-command-executio-d5a93045 2026-04-25T16:21:09.126Z monthly 0.6 https://detectionlint.org/library/spl-cisco-network-interface-modifications-14b52db5 2026-04-25T16:21:08.866Z monthly 0.6 https://detectionlint.org/library/spl-cisco-ios-suspicious-privileged-account-creation-94bd9481 2026-04-25T16:21:08.594Z monthly 0.6 https://detectionlint.org/library/spl-cisco-configuration-archive-logging-analysis-6ae57fc2 2026-04-25T16:21:08.333Z monthly 0.6 https://detectionlint.org/library/spl-3cx-supply-chain-attack-network-indicators-32d3384e 2026-04-25T16:21:08.066Z monthly 0.6 https://detectionlint.org/library/spl-windows-mimikatz-crypto-export-file-extensions-f86281f2 2026-04-25T16:21:07.789Z monthly 0.6 https://detectionlint.org/library/spl-windows-mimikatz-binary-execution-f8866389 2026-04-25T16:21:07.527Z monthly 0.6 https://detectionlint.org/library/spl-windows-masquerading-msdtc-process-648a3d50 2026-04-25T16:21:07.243Z monthly 0.6 https://detectionlint.org/library/spl-windows-masquerading-explorer-as-child-process-7074417d 2026-04-25T16:21:06.984Z monthly 0.6 https://detectionlint.org/library/spl-windows-mark-of-the-web-bypass-c8aec012 2026-04-25T16:21:06.716Z monthly 0.6 https://detectionlint.org/library/spl-windows-mail-protocol-in-non-common-process-path-f1566965 2026-04-25T16:21:06.451Z monthly 0.6 https://detectionlint.org/library/spl-windows-lsa-secrets-nolmhash-registry-677bbe58 2026-04-25T16:21:06.182Z monthly 0.6 https://detectionlint.org/library/spl-windows-lolbas-executed-outside-expected-path-32424037 2026-04-25T16:21:05.900Z monthly 0.6 https://detectionlint.org/library/spl-windows-lolbas-executed-as-renamed-file-895b776d 2026-04-25T16:21:05.604Z monthly 0.6 https://detectionlint.org/library/spl-windows-local-llm-framework-execution-508d56df 2026-04-25T16:21:05.328Z monthly 0.6 https://detectionlint.org/library/spl-windows-local-administrator-credential-stuffing-0891bf62 2026-04-25T16:21:05.036Z monthly 0.6 https://detectionlint.org/library/spl-windows-list-env-variables-via-set-command-from-uncommon-par-6f9b968b 2026-04-25T16:21:04.772Z monthly 0.6 https://detectionlint.org/library/spl-windows-linked-policies-in-adsi-discovery-798736a0 2026-04-25T16:21:04.509Z monthly 0.6 https://detectionlint.org/library/spl-windows-ldifde-directory-object-behavior-2d6a02c2 2026-04-25T16:21:04.228Z monthly 0.6 https://detectionlint.org/library/spl-windows-large-number-of-computer-service-tickets-requested-3a34fced 2026-04-25T16:21:03.955Z monthly 0.6 https://detectionlint.org/library/spl-windows-krbrelayup-service-creation-d2fe95d2 2026-04-25T16:21:03.677Z monthly 0.6 https://detectionlint.org/library/spl-windows-known-graphicalproton-loaded-modules-657650a3 2026-04-25T16:21:03.408Z monthly 0.6 https://detectionlint.org/library/spl-windows-known-abused-dll-loaded-suspiciously-d81351b5 2026-04-25T16:21:03.149Z monthly 0.6 https://detectionlint.org/library/spl-windows-known-abused-dll-created-d62a0c5b 2026-04-25T16:21:02.884Z monthly 0.6 https://detectionlint.org/library/spl-windows-kerberos-local-successful-logon-1d326ac5 2026-04-25T16:21:02.593Z monthly 0.6 https://detectionlint.org/library/spl-windows-kerberos-coercion-via-dns-3f2cb66f 2026-04-25T16:21:02.319Z monthly 0.6 https://detectionlint.org/library/spl-windows-iso-lnk-file-creation-a0d7fb8b 2026-04-25T16:21:02.059Z monthly 0.6 https://detectionlint.org/library/spl-windows-installutil-url-in-command-line-610c4b7c 2026-04-25T16:21:01.762Z monthly 0.6 https://detectionlint.org/library/spl-windows-installutil-uninstall-option-5c5bc137 2026-04-25T16:21:01.495Z monthly 0.6 https://detectionlint.org/library/spl-windows-installutil-remote-network-connection-843e448d 2026-04-25T16:21:01.227Z monthly 0.6 https://detectionlint.org/library/spl-windows-installutil-in-non-standard-path-0c15b141 2026-04-25T16:21:00.955Z monthly 0.6 https://detectionlint.org/library/spl-windows-installutil-credential-theft-ee2ec102 2026-04-25T16:21:00.678Z monthly 0.6 https://detectionlint.org/library/spl-windows-input-capture-using-credential-ui-dll-fc8152ba 2026-04-25T16:21:00.403Z monthly 0.6 https://detectionlint.org/library/spl-windows-inprocserver32-new-outlook-form-c379871f 2026-04-25T16:21:00.122Z monthly 0.6 https://detectionlint.org/library/spl-windows-ingress-tool-transfer-using-explorer-10b3ea19 2026-04-25T16:20:59.857Z monthly 0.6 https://detectionlint.org/library/spl-windows-information-discovery-fsutil-37a47a20 2026-04-25T16:20:59.588Z monthly 0.6 https://detectionlint.org/library/spl-windows-indirect-command-execution-via-series-of-forfiles-d73755b0 2026-04-25T16:20:59.324Z monthly 0.6 https://detectionlint.org/library/spl-windows-indirect-command-execution-via-pcalua-6000fc0f 2026-04-25T16:20:59.062Z monthly 0.6 https://detectionlint.org/library/spl-windows-indirect-command-execution-via-forfiles-bf14e54a 2026-04-25T16:20:58.803Z monthly 0.6 https://detectionlint.org/library/spl-windows-indicator-removal-via-rmdir-43e61538 2026-04-25T16:20:58.527Z monthly 0.6 https://detectionlint.org/library/spl-windows-increase-in-user-modification-activity-a70058ce 2026-04-25T16:20:58.254Z monthly 0.6 https://detectionlint.org/library/spl-windows-increase-in-group-or-object-modification-activity-2247ef2b 2026-04-25T16:20:57.969Z monthly 0.6 https://detectionlint.org/library/spl-windows-important-audit-policy-disabled-965f51c3 2026-04-25T16:20:57.707Z monthly 0.6 https://detectionlint.org/library/spl-windows-impair-defenses-disable-win-defender-auto-logging-7b4c5fd8 2026-04-25T16:20:57.430Z monthly 0.6 https://detectionlint.org/library/spl-windows-impair-defenses-disable-hvci-89427fbd 2026-04-25T16:20:57.167Z monthly 0.6 https://detectionlint.org/library/spl-windows-impair-defenses-disable-av-autostart-via-registry-65ad3e9a 2026-04-25T16:20:56.807Z monthly 0.6 https://detectionlint.org/library/spl-windows-impair-defenses-disable-auto-logger-session-12da2ec2 2026-04-25T16:20:56.534Z monthly 0.6 https://detectionlint.org/library/spl-windows-impair-defense-set-win-defender-smart-screen-level-t-72fc02fb 2026-04-25T16:20:56.270Z monthly 0.6 https://detectionlint.org/library/spl-windows-impair-defense-override-smartscreen-prompt-3e0eb9e6 2026-04-25T16:20:56.008Z monthly 0.6 https://detectionlint.org/library/spl-windows-impair-defense-overide-win-defender-phishing-filter-293dc7db 2026-04-25T16:20:55.746Z monthly 0.6 https://detectionlint.org/library/spl-windows-impair-defense-disable-win-defender-signature-retire-55906708 2026-04-25T16:20:55.483Z monthly 0.6 https://detectionlint.org/library/spl-windows-impair-defense-disable-win-defender-scan-on-update-8b97dd9b 2026-04-25T16:20:55.200Z monthly 0.6 https://detectionlint.org/library/spl-windows-impair-defense-disable-win-defender-report-infection-52f31869 2026-04-25T16:20:54.943Z monthly 0.6 https://detectionlint.org/library/spl-windows-impair-defense-disable-win-defender-network-protecti-416855ab 2026-04-25T16:20:54.681Z monthly 0.6 https://detectionlint.org/library/spl-windows-impair-defense-disable-win-defender-gen-reports-a7e282c6 2026-04-25T16:20:54.389Z monthly 0.6 https://detectionlint.org/library/spl-windows-impair-defense-disable-win-defender-compute-file-has-663133d1 2026-04-25T16:20:54.110Z monthly 0.6 https://detectionlint.org/library/spl-windows-impair-defense-disable-win-defender-app-guard-daaf785b 2026-04-25T16:20:53.822Z monthly 0.6 https://detectionlint.org/library/spl-windows-impair-defense-disable-web-evaluation-38a2c094 2026-04-25T16:20:53.547Z monthly 0.6 https://detectionlint.org/library/spl-windows-impair-defense-disable-realtime-signature-delivery-6791f114 2026-04-25T16:20:53.288Z monthly 0.6 https://detectionlint.org/library/spl-windows-impair-defense-disable-pua-protection-5fd0deb9 2026-04-25T16:20:53.022Z monthly 0.6 https://detectionlint.org/library/spl-windows-impair-defense-disable-defender-protocol-recognition-ef7c5653 2026-04-25T16:20:52.747Z monthly 0.6 https://detectionlint.org/library/spl-windows-impair-defense-disable-defender-firewall-and-network-d14bd715 2026-04-25T16:20:52.487Z monthly 0.6 https://detectionlint.org/library/spl-windows-impair-defense-disable-controlled-folder-access-62411ade 2026-04-25T16:20:52.215Z monthly 0.6 https://detectionlint.org/library/spl-windows-impair-defense-deny-security-software-with-applocker-033448a1 2026-04-25T16:20:51.951Z monthly 0.6 https://detectionlint.org/library/spl-windows-impair-defense-delete-win-defender-profile-registry-05e9fb48 2026-04-25T16:20:51.684Z monthly 0.6 https://detectionlint.org/library/spl-windows-impair-defense-delete-win-defender-context-menu-4dc17f62 2026-04-25T16:20:51.415Z monthly 0.6 https://detectionlint.org/library/spl-windows-impair-defense-define-win-defender-threat-action-02e3eaee 2026-04-25T16:20:51.158Z monthly 0.6 https://detectionlint.org/library/spl-windows-impair-defense-configure-app-install-control-d46af37f 2026-04-25T16:20:50.902Z monthly 0.6 https://detectionlint.org/library/spl-windows-impair-defense-change-win-defender-tracing-level-a0e6a254 2026-04-25T16:20:50.645Z monthly 0.6 https://detectionlint.org/library/spl-windows-impair-defense-change-win-defender-throttle-rate-5f9d28b0 2026-04-25T16:20:50.370Z monthly 0.6 https://detectionlint.org/library/spl-windows-impair-defense-change-win-defender-quick-scan-interv-a631a936 2026-04-25T16:20:50.097Z monthly 0.6 https://detectionlint.org/library/spl-windows-impair-defense-change-win-defender-health-check-inte-908d336f 2026-04-25T16:20:49.822Z monthly 0.6 https://detectionlint.org/library/spl-windows-impair-defense-add-xml-applocker-rules-e1269968 2026-04-25T16:20:49.546Z monthly 0.6 https://detectionlint.org/library/spl-windows-iis-components-new-module-added-8159822a 2026-04-25T16:20:49.274Z monthly 0.6 https://detectionlint.org/library/spl-windows-iis-components-module-failed-to-load-c0644253 2026-04-25T16:20:49.000Z monthly 0.6 https://detectionlint.org/library/spl-windows-iis-components-get-webglobalmodule-module-query-3aa7f5e7 2026-04-25T16:20:48.734Z monthly 0.6 https://detectionlint.org/library/spl-windows-iis-components-add-new-module-2c97ef59 2026-04-25T16:20:48.360Z monthly 0.6 https://detectionlint.org/library/spl-windows-identify-protocol-handlers-66d28788 2026-04-25T16:20:48.087Z monthly 0.6 https://detectionlint.org/library/spl-windows-identify-powershell-web-access-iis-pool-e432cedf 2026-04-25T16:20:47.818Z monthly 0.6 https://detectionlint.org/library/spl-windows-hunting-system-account-targeting-lsass-23c4f804 2026-04-25T16:20:47.538Z monthly 0.6 https://detectionlint.org/library/spl-windows-http-network-communication-from-msiexec-d199b1be 2026-04-25T16:20:47.279Z monthly 0.6 https://detectionlint.org/library/spl-windows-hosts-file-access-3e2858e2 2026-04-25T16:20:47.018Z monthly 0.6 https://detectionlint.org/library/spl-windows-hijack-execution-flow-version-dll-side-load-82b71471 2026-04-25T16:20:46.759Z monthly 0.6 https://detectionlint.org/library/spl-windows-high-file-deletion-frequency-7ba665c4 2026-04-25T16:20:46.474Z monthly 0.6 https://detectionlint.org/library/spl-windows-hide-notification-features-through-registry-fcefe996 2026-04-25T16:20:46.203Z monthly 0.6 https://detectionlint.org/library/spl-windows-hidden-schedule-task-settings-4c821a09 2026-04-25T16:20:45.938Z monthly 0.6 https://detectionlint.org/library/spl-windows-handle-duplication-in-known-uac-bypass-binaries-7b709110 2026-04-25T16:20:45.670Z monthly 0.6 https://detectionlint.org/library/spl-windows-group-policy-object-created-e05961ba 2026-04-25T16:20:45.411Z monthly 0.6 https://detectionlint.org/library/spl-windows-group-discovery-via-net-09105929 2026-04-25T16:20:45.127Z monthly 0.6 https://detectionlint.org/library/spl-windows-global-object-access-audit-list-cleared-via-auditpol-96c6240d 2026-04-25T16:20:44.863Z monthly 0.6 https://detectionlint.org/library/spl-windows-get-local-admin-with-findlocaladminaccess-99d89d01 2026-04-25T16:20:44.593Z monthly 0.6 https://detectionlint.org/library/spl-windows-get-adcomputer-unconstrained-delegation-discovery-5105a3a3 2026-04-25T16:20:44.307Z monthly 0.6 https://detectionlint.org/library/spl-windows-gdrive-binary-activity-77fbe729 2026-04-25T16:20:44.042Z monthly 0.6 https://detectionlint.org/library/spl-windows-gather-victim-identity-sam-info-b02ad920 2026-04-25T16:20:43.762Z monthly 0.6 https://detectionlint.org/library/spl-windows-gather-victim-host-information-camera-109e263b 2026-04-25T16:20:43.501Z monthly 0.6 https://detectionlint.org/library/spl-windows-forest-discovery-with-getforestdomain-c58731d0 2026-04-25T16:20:43.239Z monthly 0.6 https://detectionlint.org/library/spl-windows-firewall-rule-modification-ef5dfdfa 2026-04-25T16:20:42.973Z monthly 0.6 https://detectionlint.org/library/spl-windows-firewall-rule-deletion-b8a187da 2026-04-25T16:20:42.707Z monthly 0.6 https://detectionlint.org/library/spl-windows-firewall-rule-added-c508ed91 2026-04-25T16:20:42.440Z monthly 0.6 https://detectionlint.org/library/spl-windows-findstr-gpp-discovery-9d3fe937 2026-04-25T16:20:42.160Z monthly 0.6 https://detectionlint.org/library/spl-windows-find-interesting-acl-with-findinterestingdomainacl-28704434 2026-04-25T16:20:41.892Z monthly 0.6 https://detectionlint.org/library/spl-windows-find-domain-organizational-units-with-getdomainou-3240b84a 2026-04-25T16:20:41.527Z monthly 0.6 https://detectionlint.org/library/spl-windows-files-and-dirs-access-rights-modification-via-icacls-8e92f48b 2026-04-25T16:20:41.250Z monthly 0.6 https://detectionlint.org/library/spl-windows-file-without-extension-in-critical-folder-c5f433df 2026-04-25T16:20:40.984Z monthly 0.6 https://detectionlint.org/library/spl-windows-file-transfer-protocol-in-non-common-process-path-db572141 2026-04-25T16:20:40.716Z monthly 0.6 https://detectionlint.org/library/spl-windows-file-share-discovery-with-powerview-da498fb7 2026-04-25T16:20:40.455Z monthly 0.6 https://detectionlint.org/library/spl-windows-file-download-via-powershell-868a86e0 2026-04-25T16:20:40.185Z monthly 0.6 https://detectionlint.org/library/spl-windows-file-download-via-certutil-788025dd 2026-04-25T16:20:39.917Z monthly 0.6 https://detectionlint.org/library/spl-windows-file-collection-via-copy-utilities-4691f4f6 2026-04-25T16:20:39.631Z monthly 0.6 https://detectionlint.org/library/spl-windows-file-and-directory-permissions-remove-inheritance-6c993eb2 2026-04-25T16:20:39.357Z monthly 0.6 https://detectionlint.org/library/spl-windows-file-and-directory-permissions-enable-inheritance-c4994215 2026-04-25T16:20:39.084Z monthly 0.6 https://detectionlint.org/library/spl-windows-file-and-directory-enable-readonly-permissions-d929ec84 2026-04-25T16:20:38.819Z monthly 0.6 https://detectionlint.org/library/spl-windows-export-certificate-9ab37a35 2026-04-25T16:20:38.539Z monthly 0.6 https://detectionlint.org/library/spl-windows-explorer-lnk-exploit-process-launch-with-padding-a57168f4 2026-04-25T16:20:38.278Z monthly 0.6 https://detectionlint.org/library/spl-windows-explorerexe-spawning-powershell-or-cmd-73e02d49 2026-04-25T16:20:38.017Z monthly 0.6 https://detectionlint.org/library/spl-windows-exfiltration-over-c2-via-powershell-uploadstring-8ac2d6f6 2026-04-25T16:20:37.757Z monthly 0.6 https://detectionlint.org/library/spl-windows-exfiltration-over-c2-via-invoke-restmethod-ea324e8a 2026-04-25T16:20:37.486Z monthly 0.6 https://detectionlint.org/library/spl-windows-execution-of-microsoft-msc-file-in-suspicious-path-4ad0b38c 2026-04-25T16:20:37.219Z monthly 0.6 https://detectionlint.org/library/spl-windows-execute-arbitrary-commands-with-msdt-461e2d1c 2026-04-25T16:20:36.950Z monthly 0.6 https://detectionlint.org/library/spl-windows-executable-masquerading-as-benign-file-types-ffbda2e4 2026-04-25T16:20:36.680Z monthly 0.6 https://detectionlint.org/library/spl-windows-executable-in-loaded-modules-b09a050c 2026-04-25T16:20:36.416Z monthly 0.6 https://detectionlint.org/library/spl-windows-excessive-usage-of-net-app-e7e7e3b0 2026-04-25T16:20:36.147Z monthly 0.6 https://detectionlint.org/library/spl-windows-excessive-service-stop-attempt-75a1737f 2026-04-25T16:20:35.852Z monthly 0.6 https://detectionlint.org/library/spl-windows-excessive-disabled-services-event-a3c6a788 2026-04-25T16:20:35.591Z monthly 0.6 https://detectionlint.org/library/spl-windows-excel-spawning-microsoft-project-application-15f8aef4 2026-04-25T16:20:35.334Z monthly 0.6 https://detectionlint.org/library/spl-windows-eventlog-recon-activity-using-log-query-utilities-565d55c2 2026-04-25T16:20:35.072Z monthly 0.6 https://detectionlint.org/library/spl-windows-eventlog-cleared-via-wevtutil-b08a3c37 2026-04-25T16:20:34.811Z monthly 0.6 https://detectionlint.org/library/spl-windows-event-triggered-image-file-execution-options-injecti-204c419b 2026-04-25T16:20:34.544Z monthly 0.6 https://detectionlint.org/library/spl-windows-event-logging-service-has-shutdown-6fbd3d96 2026-04-25T16:20:34.284Z monthly 0.6 https://detectionlint.org/library/spl-windows-event-log-cleared-9a6fc36e 2026-04-25T16:20:34.011Z monthly 0.6 https://detectionlint.org/library/spl-windows-event-for-service-disabled-350f41cd 2026-04-25T16:20:33.744Z monthly 0.6 https://detectionlint.org/library/spl-windows-esx-admins-group-creation-via-powershell-e00a33eb 2026-04-25T16:20:33.487Z monthly 0.6 https://detectionlint.org/library/spl-windows-esx-admins-group-creation-via-net-4e7c4aa2 2026-04-25T16:20:33.224Z monthly 0.6 https://detectionlint.org/library/spl-windows-esx-admins-group-creation-security-event-1e13a352 2026-04-25T16:20:32.954Z monthly 0.6 https://detectionlint.org/library/spl-windows-enable-win32-scheduledjob-via-registry-47f594f6 2026-04-25T16:20:32.689Z monthly 0.6 https://detectionlint.org/library/spl-windows-enable-powershell-web-access-064d834b 2026-04-25T16:20:32.410Z monthly 0.6 https://detectionlint.org/library/spl-windows-drivers-loaded-by-signature-2358528b 2026-04-25T16:20:32.131Z monthly 0.6 https://detectionlint.org/library/spl-windows-driver-load-non-standard-path-539be5ed 2026-04-25T16:20:31.857Z monthly 0.6 https://detectionlint.org/library/spl-windows-driver-inventory-7f248529 2026-04-25T16:20:31.498Z monthly 0.6 https://detectionlint.org/library/spl-windows-dotnet-binary-in-non-standard-path-76e6d3ff 2026-04-25T16:20:31.220Z monthly 0.6 https://detectionlint.org/library/spl-windows-domain-admin-impersonation-indicator-3aab88a7 2026-04-25T16:20:30.954Z monthly 0.6 https://detectionlint.org/library/spl-windows-domain-account-discovery-via-get-netcomputer-1947dceb 2026-04-25T16:20:30.684Z monthly 0.6 https://detectionlint.org/library/spl-windows-dnsadmins-new-member-added-1b0adc6f 2026-04-25T16:20:30.418Z monthly 0.6 https://detectionlint.org/library/spl-windows-dns-query-request-to-tinyurl-79749152 2026-04-25T16:20:30.153Z monthly 0.6 https://detectionlint.org/library/spl-windows-dns-gather-network-info-9299ffdc 2026-04-25T16:20:29.884Z monthly 0.6 https://detectionlint.org/library/spl-windows-dll-side-loading-process-child-of-calc-3ffd4391 2026-04-25T16:20:29.610Z monthly 0.6 https://detectionlint.org/library/spl-windows-dll-side-loading-in-calc-a13a74fb 2026-04-25T16:20:29.343Z monthly 0.6 https://detectionlint.org/library/spl-windows-dll-search-order-hijacking-with-iscsicpl-f99ef33b 2026-04-25T16:20:29.080Z monthly 0.6 https://detectionlint.org/library/spl-windows-dll-search-order-hijacking-hunt-with-sysmon-12f9dfdf 2026-04-25T16:20:28.802Z monthly 0.6 https://detectionlint.org/library/spl-windows-dll-module-loaded-in-temp-dir-dd658f43 2026-04-25T16:20:28.540Z monthly 0.6 https://detectionlint.org/library/spl-windows-dism-remove-defender-e3a8f056 2026-04-25T16:20:28.279Z monthly 0.6 https://detectionlint.org/library/spl-windows-dism-install-powershell-web-access-78a4451c 2026-04-25T16:20:28.012Z monthly 0.6 https://detectionlint.org/library/spl-windows-diskshadow-proxy-execution-86e897d9 2026-04-25T16:20:27.751Z monthly 0.6 https://detectionlint.org/library/spl-windows-diskcryptor-usage-47527f98 2026-04-25T16:20:27.462Z monthly 0.6 https://detectionlint.org/library/spl-windows-disableantispyware-registry-d7c704fd 2026-04-25T16:20:27.205Z monthly 0.6 https://detectionlint.org/library/spl-windows-disable-windows-group-policy-features-through-regist-a711dbcd 2026-04-25T16:20:26.933Z monthly 0.6 https://detectionlint.org/library/spl-windows-disable-windows-event-logging-disable-http-logging-2a766300 2026-04-25T16:20:26.669Z monthly 0.6 https://detectionlint.org/library/spl-windows-disable-shutdown-button-through-registry-75ac4dc7 2026-04-25T16:20:26.320Z monthly 0.6 https://detectionlint.org/library/spl-windows-disable-or-stop-browser-process-93ec3ef3 2026-04-25T16:20:26.055Z monthly 0.6 https://detectionlint.org/library/spl-windows-disable-or-modify-tools-via-taskkill-25ef0237 2026-04-25T16:20:25.781Z monthly 0.6 https://detectionlint.org/library/spl-windows-disable-notification-center-934cb30e 2026-04-25T16:20:25.482Z monthly 0.6 https://detectionlint.org/library/spl-windows-disable-memory-crash-dump-8a0b515e 2026-04-25T16:20:25.219Z monthly 0.6 https://detectionlint.org/library/spl-windows-disable-logoff-button-through-registry-d61fd507 2026-04-25T16:20:24.950Z monthly 0.6 https://detectionlint.org/library/spl-windows-disable-lock-workstation-feature-through-registry-d58114e6 2026-04-25T16:20:24.691Z monthly 0.6 https://detectionlint.org/library/spl-windows-disable-internet-explorer-addons-6c925860 2026-04-25T16:20:24.400Z monthly 0.6 https://detectionlint.org/library/spl-windows-disable-change-password-through-registry-c414e5a0 2026-04-25T16:20:24.116Z monthly 0.6 https://detectionlint.org/library/spl-windows-developer-signed-msix-package-installation-c72cc933 2026-04-25T16:20:23.856Z monthly 0.6 https://detectionlint.org/library/spl-windows-detect-network-scanner-behavior-bc729bf8 2026-04-25T16:20:23.591Z monthly 0.6 https://detectionlint.org/library/spl-windows-deleted-registry-by-a-non-critical-process-file-path-e7b3c82d 2026-04-25T16:20:23.331Z monthly 0.6 https://detectionlint.org/library/spl-windows-delete-or-modify-system-firewall-685725a5 2026-04-25T16:20:23.077Z monthly 0.6 https://detectionlint.org/library/spl-windows-defender-exclusion-registry-entry-a776194c 2026-04-25T16:20:22.812Z monthly 0.6 https://detectionlint.org/library/spl-windows-defender-asr-rules-stacking-88474298 2026-04-25T16:20:22.538Z monthly 0.6 https://detectionlint.org/library/spl-windows-defender-asr-rule-disabled-32c74930 2026-04-25T16:20:22.246Z monthly 0.6 https://detectionlint.org/library/spl-windows-defender-asr-registry-modification-c252ae0d 2026-04-25T16:20:21.994Z monthly 0.6 https://detectionlint.org/library/spl-windows-defender-asr-or-threat-configuration-tamper-8f656c5b 2026-04-25T16:20:21.719Z monthly 0.6 https://detectionlint.org/library/spl-windows-defender-asr-block-events-b053d882 2026-04-25T16:20:21.456Z monthly 0.6 https://detectionlint.org/library/spl-windows-defender-asr-audit-events-b0aff3bb 2026-04-25T16:20:21.190Z monthly 0.6 https://detectionlint.org/library/spl-windows-default-rdp-file-unhidden-b426de62 2026-04-25T16:20:20.880Z monthly 0.6 https://detectionlint.org/library/spl-windows-default-rdp-file-deletion-9656e104 2026-04-25T16:20:20.605Z monthly 0.6 https://detectionlint.org/library/spl-windows-default-rdp-file-creation-by-non-mstsc-process-504a14c1 2026-04-25T16:20:20.346Z monthly 0.6 https://detectionlint.org/library/spl-windows-default-group-policy-object-modified-with-gpme-b5cf0300 2026-04-25T16:20:20.089Z monthly 0.6 https://detectionlint.org/library/spl-windows-default-group-policy-object-modified-b8e79253 2026-04-25T16:20:19.816Z monthly 0.6 https://detectionlint.org/library/spl-windows-defacement-modify-transcodedwallpaper-file-88e06456 2026-04-25T16:20:19.549Z monthly 0.6 https://detectionlint.org/library/spl-windows-debugger-tool-execution-2a03b254 2026-04-25T16:20:19.279Z monthly 0.6 https://detectionlint.org/library/spl-windows-data-destruction-recursive-exec-files-deletion-8885b97f 2026-04-25T16:20:18.992Z monthly 0.6 https://detectionlint.org/library/spl-windows-curl-upload-to-remote-destination-29c1d832 2026-04-25T16:20:18.719Z monthly 0.6 https://detectionlint.org/library/spl-windows-curl-download-to-suspicious-path-b7a3080c 2026-04-25T16:20:18.465Z monthly 0.6 https://detectionlint.org/library/spl-windows-credentials-in-registry-reg-query-a616326c 2026-04-25T16:20:18.186Z monthly 0.6 https://detectionlint.org/library/spl-windows-credentials-from-web-browsers-saved-in-temp-folder-5f061d66 2026-04-25T16:20:17.922Z monthly 0.6 https://detectionlint.org/library/spl-windows-credentials-from-password-stores-query-7c323658 2026-04-25T16:20:17.651Z monthly 0.6 https://detectionlint.org/library/spl-windows-credentials-from-password-stores-deletion-528266dd 2026-04-25T16:20:17.384Z monthly 0.6 https://detectionlint.org/library/spl-windows-credentials-from-password-stores-creation-8bd574bf 2026-04-25T16:20:17.093Z monthly 0.6 https://detectionlint.org/library/spl-windows-credentials-from-password-stores-chrome-login-data-a-bc133607 2026-04-25T16:20:16.823Z monthly 0.6 https://detectionlint.org/library/spl-windows-credentials-from-password-stores-chrome-localstate-a-0e014f18 2026-04-25T16:20:16.548Z monthly 0.6 https://detectionlint.org/library/spl-windows-credentials-from-password-stores-chrome-extension-ac-62b5fe27 2026-04-25T16:20:16.284Z monthly 0.6 https://detectionlint.org/library/spl-windows-credentials-from-password-stores-chrome-copied-in-te-174a8cd7 2026-04-25T16:20:16.015Z monthly 0.6 https://detectionlint.org/library/spl-windows-credentials-access-via-vaultcli-module-50608b96 2026-04-25T16:20:15.747Z monthly 0.6 https://detectionlint.org/library/spl-windows-credential-target-information-structure-in-commandli-e808164d 2026-04-25T16:20:15.464Z monthly 0.6 https://detectionlint.org/library/spl-windows-credential-dumping-lsass-memory-createdump-0e2d29cb 2026-04-25T16:20:15.180Z monthly 0.6 https://detectionlint.org/library/spl-windows-credential-access-from-browser-password-store-663448b1 2026-04-25T16:20:14.895Z monthly 0.6 https://detectionlint.org/library/spl-windows-create-local-administrator-account-via-net-ca39f802 2026-04-25T16:20:14.629Z monthly 0.6 https://detectionlint.org/library/spl-windows-create-local-account-5f0c36c8 2026-04-25T16:20:14.335Z monthly 0.6 https://detectionlint.org/library/spl-windows-consolehost-history-file-deletion-00f28371 2026-04-25T16:20:14.051Z monthly 0.6 https://detectionlint.org/library/spl-windows-conhost-with-headless-argument-6984c270 2026-04-25T16:20:13.783Z monthly 0.6 https://detectionlint.org/library/spl-windows-computerdefaults-spawning-a-process-4694d400 2026-04-25T16:20:13.511Z monthly 0.6 https://detectionlint.org/library/spl-windows-computer-account-with-spn-fff05861 2026-04-25T16:20:13.228Z monthly 0.6 https://detectionlint.org/library/spl-windows-computer-account-requesting-kerberos-ticket-4a388356 2026-04-25T16:20:12.934Z monthly 0.6 https://detectionlint.org/library/spl-windows-computer-account-created-by-computer-account-5ab19f03 2026-04-25T16:20:12.652Z monthly 0.6 https://detectionlint.org/library/spl-windows-compatibility-telemetry-tampering-through-registry-42526ff0 2026-04-25T16:20:12.373Z monthly 0.6 https://detectionlint.org/library/spl-windows-compatibility-telemetry-suspicious-child-process-07d7f81b 2026-04-25T16:20:12.117Z monthly 0.6 https://detectionlint.org/library/spl-windows-common-abused-cmd-shell-risk-behavior-a497b9f4 2026-04-25T16:20:11.842Z monthly 0.6 https://detectionlint.org/library/spl-windows-command-shell-dcrat-forkbomb-payload-e231da90 2026-04-25T16:20:11.583Z monthly 0.6 https://detectionlint.org/library/spl-windows-command-and-scripting-interpreter-path-traversal-exe-940cbb4e 2026-04-25T16:20:11.233Z monthly 0.6 https://detectionlint.org/library/spl-windows-command-and-scripting-interpreter-hunting-path-trave-8532d7a0 2026-04-25T16:20:10.961Z monthly 0.6 https://detectionlint.org/library/spl-windows-com-hijacking-inprocserver32-modification-3fa2bd54 2026-04-25T16:20:10.676Z monthly 0.6 https://detectionlint.org/library/spl-windows-cmdline-tool-execution-from-non-shell-process-2de85aea 2026-04-25T16:20:10.400Z monthly 0.6 https://detectionlint.org/library/spl-windows-clipboard-data-via-get-clipboard-a0f6447a 2026-04-25T16:20:10.137Z monthly 0.6 https://detectionlint.org/library/spl-windows-cisco-secure-endpoint-uninstall-immunet-service-via--ea11b97e 2026-04-25T16:20:09.844Z monthly 0.6 https://detectionlint.org/library/spl-windows-cisco-secure-endpoint-unblock-file-via-sfc-eef5f100 2026-04-25T16:20:09.577Z monthly 0.6 https://detectionlint.org/library/spl-windows-cisco-secure-endpoint-stop-immunet-service-via-sfc-e60aad97 2026-04-25T16:20:09.310Z monthly 0.6 https://detectionlint.org/library/spl-windows-cisco-secure-endpoint-related-service-stopped-42eae873 2026-04-25T16:20:09.047Z monthly 0.6 https://detectionlint.org/library/spl-windows-chromium-process-with-disabled-extensions-2c2dc166 2026-04-25T16:20:08.769Z monthly 0.6 https://detectionlint.org/library/spl-windows-chromium-process-loaded-extension-via-command-line-5c2ce903 2026-04-25T16:20:08.484Z monthly 0.6 https://detectionlint.org/library/spl-windows-chromium-process-launched-with-logging-disabled-49688b07 2026-04-25T16:20:08.206Z monthly 0.6 https://detectionlint.org/library/spl-windows-chromium-process-launched-with-disable-popup-blockin-83d5d73d 2026-04-25T16:20:07.930Z monthly 0.6 https://detectionlint.org/library/spl-windows-chromium-browser-with-custom-user-data-directory-1559dcd5 2026-04-25T16:20:07.666Z monthly 0.6 https://detectionlint.org/library/spl-windows-chromium-browser-no-security-sandbox-process-5f36ff99 2026-04-25T16:20:07.379Z monthly 0.6 https://detectionlint.org/library/spl-windows-chromium-browser-launched-with-small-window-size-7e8e5226 2026-04-25T16:20:07.094Z monthly 0.6 https://detectionlint.org/library/spl-windows-chrome-extension-allowed-registry-modification-240b065b 2026-04-25T16:20:06.823Z monthly 0.6 https://detectionlint.org/library/spl-windows-chrome-enable-extension-loading-via-command-line-0995c9c0 2026-04-25T16:20:06.535Z monthly 0.6 https://detectionlint.org/library/spl-windows-chrome-auto-update-disabled-via-registry-217b76f4 2026-04-25T16:20:06.261Z monthly 0.6 https://detectionlint.org/library/spl-windows-change-file-association-command-to-notepad-dc41f3fa 2026-04-25T16:20:05.947Z monthly 0.6 https://detectionlint.org/library/spl-windows-certutil-root-certificate-addition-ec02444a 2026-04-25T16:20:05.670Z monthly 0.6 https://detectionlint.org/library/spl-windows-cached-domain-credentials-reg-query-e2304eb3 2026-04-25T16:20:05.400Z monthly 0.6 https://detectionlint.org/library/spl-windows-cabinet-file-extraction-via-expand-b33cef71 2026-04-25T16:20:05.084Z monthly 0.6 https://detectionlint.org/library/spl-windows-cab-file-on-disk-e263c416 2026-04-25T16:20:04.776Z monthly 0.6 https://detectionlint.org/library/spl-windows-bypass-uac-via-pkgmgr-tool-d31cb6fd 2026-04-25T16:20:04.468Z monthly 0.6 https://detectionlint.org/library/spl-windows-browser-process-launched-with-unusual-flags-12552bfc 2026-04-25T16:20:04.200Z monthly 0.6 https://detectionlint.org/library/spl-windows-bootloader-inventory-5f4d4571 2026-04-25T16:20:03.929Z monthly 0.6 https://detectionlint.org/library/spl-windows-boot-or-logon-autostart-execution-in-startup-folder-76dc123a 2026-04-25T16:20:03.611Z monthly 0.6 https://detectionlint.org/library/spl-windows-bluetooth-service-installed-from-uncommon-location-3d60cb07 2026-04-25T16:20:03.323Z monthly 0.6 https://detectionlint.org/library/spl-windows-bitlockertogo-with-network-activity-972a80f7 2026-04-25T16:20:03.061Z monthly 0.6 https://detectionlint.org/library/spl-windows-bitlockertogo-process-execution-757ae517 2026-04-25T16:20:02.745Z monthly 0.6 https://detectionlint.org/library/spl-windows-bitlocker-suspicious-command-usage-769e6226 2026-04-25T16:20:02.479Z monthly 0.6 https://detectionlint.org/library/spl-windows-bitdefender-submission-wizard-dll-sideloading-9e8cad03 2026-04-25T16:20:02.189Z monthly 0.6 https://detectionlint.org/library/spl-windows-binary-proxy-execution-mavinject-dll-injection-7d410ce7 2026-04-25T16:20:01.924Z monthly 0.6 https://detectionlint.org/library/spl-windows-autostart-execution-lsass-driver-registry-modificati-6cac218a 2026-04-25T16:20:01.645Z monthly 0.6 https://detectionlint.org/library/spl-windows-autoit3-execution-4980487c 2026-04-25T16:20:01.381Z monthly 0.6 https://detectionlint.org/library/spl-windows-audit-policy-security-descriptor-tampering-via-audit-cb990976 2026-04-25T16:20:01.120Z monthly 0.6 https://detectionlint.org/library/spl-windows-audit-policy-restored-via-auditpol-f75096e5 2026-04-25T16:20:00.858Z monthly 0.6 https://detectionlint.org/library/spl-windows-audit-policy-excluded-category-via-auditpol-f1a4d7ee 2026-04-25T16:20:00.588Z monthly 0.6 https://detectionlint.org/library/spl-windows-audit-policy-disabled-via-legacy-auditpol-e5d764dc 2026-04-25T16:20:00.322Z monthly 0.6 https://detectionlint.org/library/spl-windows-audit-policy-disabled-via-auditpol-3a2c5daa 2026-04-25T16:20:00.059Z monthly 0.6 https://detectionlint.org/library/spl-windows-audit-policy-cleared-via-auditpol-f6367631 2026-04-25T16:19:59.796Z monthly 0.6 https://detectionlint.org/library/spl-windows-audit-policy-auditing-option-modified---registry-0289e7fc 2026-04-25T16:19:59.530Z monthly 0.6 https://detectionlint.org/library/spl-windows-audit-policy-auditing-option-disabled-via-auditpol-3ff26a7a 2026-04-25T16:19:59.271Z monthly 0.6 https://detectionlint.org/library/spl-windows-attempt-to-stop-security-service-65507c4c 2026-04-25T16:19:59.007Z monthly 0.6 https://detectionlint.org/library/spl-windows-archived-collected-data-in-temp-folder-d0814f71 2026-04-25T16:19:58.740Z monthly 0.6 https://detectionlint.org/library/spl-windows-archive-collected-data-via-rar-a07afc94 2026-04-25T16:19:58.470Z monthly 0.6 https://detectionlint.org/library/spl-windows-archive-collected-data-via-powershell-57f1808d 2026-04-25T16:19:58.204Z monthly 0.6 https://detectionlint.org/library/spl-windows-appx-deployment-unsigned-package-installation-960905f3 2026-04-25T16:19:57.950Z monthly 0.6 https://detectionlint.org/library/spl-windows-appx-deployment-package-installation-success-5f60dad8 2026-04-25T16:19:57.668Z monthly 0.6 https://detectionlint.org/library/spl-windows-appx-deployment-full-trust-package-installation-e23e4456 2026-04-25T16:19:57.387Z monthly 0.6 https://detectionlint.org/library/spl-windows-applocker-rare-application-launch-detection-697bf5d7 2026-04-25T16:19:57.127Z monthly 0.6 https://detectionlint.org/library/spl-windows-applocker-privilege-escalation-via-unauthorized-bypa-08e36869 2026-04-25T16:19:56.874Z monthly 0.6 https://detectionlint.org/library/spl-windows-applocker-execution-from-uncommon-locations-e1b3d681 2026-04-25T16:19:56.600Z monthly 0.6 https://detectionlint.org/library/spl-windows-applocker-block-events-00de9cb7 2026-04-25T16:19:56.324Z monthly 0.6 https://detectionlint.org/library/spl-windows-application-whitelisting-bypass-attempt-via-rundll32-d4c478d8 2026-04-25T16:19:55.968Z monthly 0.6 https://detectionlint.org/library/spl-windows-application-layer-protocol-rms-radmin-tool-namedpipe-487f97f3 2026-04-25T16:19:55.710Z monthly 0.6 https://detectionlint.org/library/spl-windows-app-layer-protocol-wermgr-connect-to-namedpipe-ee386daf 2026-04-25T16:19:55.440Z monthly 0.6 https://detectionlint.org/library/spl-windows-app-layer-protocol-qakbot-namedpipe-7e9ee34b 2026-04-25T16:19:55.167Z monthly 0.6 https://detectionlint.org/library/spl-windows-apache-benchmark-binary-e9d4c305 2026-04-25T16:19:54.893Z monthly 0.6 https://detectionlint.org/library/spl-windows-anonymous-pipe-activity-46056d7b 2026-04-25T16:19:54.625Z monthly 0.6 https://detectionlint.org/library/spl-windows-alternate-datastream---process-execution-aa3d66f6 2026-04-25T16:19:54.364Z monthly 0.6 https://detectionlint.org/library/spl-windows-alternate-datastream---executable-content-f5dfd020 2026-04-25T16:19:54.105Z monthly 0.6 https://detectionlint.org/library/spl-windows-alternate-datastream---base64-content-5f356833 2026-04-25T16:19:53.839Z monthly 0.6 https://detectionlint.org/library/spl-windows-ai-platform-dns-query-4269ec3d 2026-04-25T16:19:53.575Z monthly 0.6 https://detectionlint.org/library/spl-windows-advanced-installer-msix-with-ai_stubs-execution-ca7e3d5b 2026-04-25T16:19:53.309Z monthly 0.6 https://detectionlint.org/library/spl-windows-admon-group-policy-object-created-536e2cea 2026-04-25T16:19:53.027Z monthly 0.6 https://detectionlint.org/library/spl-windows-admon-default-group-policy-object-modified-fb4f8dd9 2026-04-25T16:19:52.699Z monthly 0.6 https://detectionlint.org/library/spl-windows-administrative-shares-accessed-on-multiple-hosts-a0bf6db3 2026-04-25T16:19:52.434Z monthly 0.6 https://detectionlint.org/library/spl-windows-admin-permission-discovery-7bb9be1b 2026-04-25T16:19:52.173Z monthly 0.6 https://detectionlint.org/library/spl-windows-adfind-exe-f0e75e23 2026-04-25T16:19:51.899Z monthly 0.6 https://detectionlint.org/library/spl-windows-ad-suspicious-attribute-modification-c1243665 2026-04-25T16:19:51.635Z monthly 0.6 https://detectionlint.org/library/spl-windows-ad-sid-history-attribute-modified-3ba6ba20 2026-04-25T16:19:51.381Z monthly 0.6 https://detectionlint.org/library/spl-windows-ad-short-lived-server-object-c99548fd 2026-04-25T16:19:51.113Z monthly 0.6 https://detectionlint.org/library/spl-windows-ad-short-lived-domain-controller-spn-attribute-d2e2e368 2026-04-25T16:19:50.854Z monthly 0.6 https://detectionlint.org/library/spl-windows-ad-short-lived-domain-account-serviceprincipalname-69ff3631 2026-04-25T16:19:50.600Z monthly 0.6 https://detectionlint.org/library/spl-windows-ad-serviceprincipalname-added-to-domain-account-51df38c6 2026-04-25T16:19:50.295Z monthly 0.6 https://detectionlint.org/library/spl-windows-ad-self-dacl-assignment-025d8353 2026-04-25T16:19:50.029Z monthly 0.6 https://detectionlint.org/library/spl-windows-ad-same-domain-sid-history-addition-3bd7e013 2026-04-25T16:19:49.771Z monthly 0.6 https://detectionlint.org/library/spl-windows-ad-replication-request-initiated-from-unsanctioned-l-b9db7c1e 2026-04-25T16:19:49.504Z monthly 0.6 https://detectionlint.org/library/spl-windows-ad-replication-request-initiated-by-user-account-be09f2a5 2026-04-25T16:19:49.246Z monthly 0.6 https://detectionlint.org/library/spl-windows-ad-privileged-object-access-activity-c5f7936c 2026-04-25T16:19:48.992Z monthly 0.6 https://detectionlint.org/library/spl-windows-ad-privileged-group-modification-b565d8f0 2026-04-25T16:19:48.735Z monthly 0.6 https://detectionlint.org/library/spl-windows-ad-privileged-account-sid-history-addition-9c9f8db1 2026-04-25T16:19:48.475Z monthly 0.6 https://detectionlint.org/library/spl-windows-ad-object-owner-updated-607ec078 2026-04-25T16:19:48.211Z monthly 0.6 https://detectionlint.org/library/spl-windows-ad-hidden-ou-creation-f600e976 2026-04-25T16:19:47.944Z monthly 0.6 https://detectionlint.org/library/spl-windows-ad-gpo-new-cse-addition-a1c49c8c 2026-04-25T16:19:47.678Z monthly 0.6 https://detectionlint.org/library/spl-windows-ad-gpo-disabled-286a2bfb 2026-04-25T16:19:47.417Z monthly 0.6 https://detectionlint.org/library/spl-windows-ad-gpo-deleted-c7a76b19 2026-04-25T16:19:47.142Z monthly 0.6 https://detectionlint.org/library/spl-windows-ad-dsrm-password-reset-1bb9fde2 2026-04-25T16:19:46.875Z monthly 0.6 https://detectionlint.org/library/spl-windows-ad-dsrm-account-changes-885d5b83 2026-04-25T16:19:46.608Z monthly 0.6 https://detectionlint.org/library/spl-windows-ad-domain-root-acl-modification-76ee9df0 2026-04-25T16:19:46.349Z monthly 0.6 https://detectionlint.org/library/spl-windows-ad-domain-root-acl-deletion-4f7062cc 2026-04-25T16:19:46.084Z monthly 0.6 https://detectionlint.org/library/spl-windows-ad-domain-replication-acl-addition-94edd2a1 2026-04-25T16:19:45.815Z monthly 0.6 https://detectionlint.org/library/spl-windows-ad-domain-controller-promotion-c459f5e9 2026-04-25T16:19:45.537Z monthly 0.6 https://detectionlint.org/library/spl-windows-ad-domain-controller-audit-policy-disabled-454dcf0a 2026-04-25T16:19:45.282Z monthly 0.6 https://detectionlint.org/library/spl-windows-ad-dcshadow-privileges-acl-addition-caa55d00 2026-04-25T16:19:45.018Z monthly 0.6 https://detectionlint.org/library/spl-windows-ad-dangerous-user-acl-modification-db63c9f2 2026-04-25T16:19:44.739Z monthly 0.6 https://detectionlint.org/library/spl-windows-ad-dangerous-group-acl-modification-b3ff6d5c 2026-04-25T16:19:44.470Z monthly 0.6 https://detectionlint.org/library/spl-windows-ad-dangerous-deny-acl-modification-7ef1ca36 2026-04-25T16:19:44.200Z monthly 0.6 https://detectionlint.org/library/spl-windows-ad-cross-domain-sid-history-addition-a4fe62fe 2026-04-25T16:19:43.939Z monthly 0.6 https://detectionlint.org/library/spl-windows-ad-adminsdholder-acl-modified-67594afc 2026-04-25T16:19:43.669Z monthly 0.6 https://detectionlint.org/library/spl-windows-ad-add-self-to-group-363ce497 2026-04-25T16:19:43.421Z monthly 0.6 https://detectionlint.org/library/spl-windows-ad-abnormal-object-access-activity-6a135802 2026-04-25T16:19:43.150Z monthly 0.6 https://detectionlint.org/library/spl-windows-account-discovery-with-netuser-preauthnotrequire-0b42176b 2026-04-25T16:19:42.881Z monthly 0.6 https://detectionlint.org/library/spl-windows-account-discovery-for-sam-account-name-630bb914 2026-04-25T16:19:42.620Z monthly 0.6 https://detectionlint.org/library/spl-windows-account-discovery-for-none-disable-user-account-f7dfa864 2026-04-25T16:19:42.358Z monthly 0.6 https://detectionlint.org/library/spl-windows-account-access-removal-via-logoff-exec-5f703348 2026-04-25T16:19:42.089Z monthly 0.6 https://detectionlint.org/library/spl-windows-access-token-winlogon-duplicate-handle-in-uncommon-p-f345ade0 2026-04-25T16:19:41.840Z monthly 0.6 https://detectionlint.org/library/spl-windows-access-token-manipulation-winlogon-duplicate-token-h-ef81b66a 2026-04-25T16:19:41.557Z monthly 0.6 https://detectionlint.org/library/spl-windows-access-token-manipulation-sedebugprivilege-e2a23ace 2026-04-25T16:19:41.294Z monthly 0.6 https://detectionlint.org/library/spl-wermgr-process-spawned-cmd-or-powershell-process-7c873181 2026-04-25T16:19:40.939Z monthly 0.6 https://detectionlint.org/library/spl-wermgr-process-create-executable-file-43002452 2026-04-25T16:19:40.673Z monthly 0.6 https://detectionlint.org/library/spl-web-servers-executing-suspicious-processes-2407aefa 2026-04-25T16:19:40.412Z monthly 0.6 https://detectionlint.org/library/spl-web-or-application-server-spawning-a-shell-2f3bd9c7 2026-04-25T16:19:40.144Z monthly 0.6 https://detectionlint.org/library/spl-wbemprox-com-object-execution-a51e094e 2026-04-25T16:19:39.869Z monthly 0.6 https://detectionlint.org/library/spl-wbadmin-delete-system-backups-9c185682 2026-04-25T16:19:39.603Z monthly 0.6 https://detectionlint.org/library/spl-verclsid-clsid-execution-5ab9e664 2026-04-25T16:19:39.343Z monthly 0.6 https://detectionlint.org/library/spl-vbscript-execution-using-wscript-app-b227dd19 2026-04-25T16:19:39.068Z monthly 0.6 https://detectionlint.org/library/spl-usn-journal-deletion-60befa35 2026-04-25T16:19:38.813Z monthly 0.6 https://detectionlint.org/library/spl-user-discovery-with-env-vars-powershell-script-block-dc150e55 2026-04-25T16:19:38.530Z monthly 0.6 https://detectionlint.org/library/spl-user-discovery-with-env-vars-powershell-316a40e4 2026-04-25T16:19:38.261Z monthly 0.6 https://detectionlint.org/library/spl-unusually-long-command-line-50ed4dc8 2026-04-25T16:19:37.994Z monthly 0.6 https://detectionlint.org/library/spl-unusual-number-of-remote-endpoint-authentication-events-147ef507 2026-04-25T16:19:37.724Z monthly 0.6 https://detectionlint.org/library/spl-unusual-number-of-kerberos-service-tickets-requested-0013ed36 2026-04-25T16:19:37.464Z monthly 0.6 https://detectionlint.org/library/spl-unusual-number-of-computer-service-tickets-requested-d7b41594 2026-04-25T16:19:37.196Z monthly 0.6 https://detectionlint.org/library/spl-unloading-amsi-via-reflection-02c38302 2026-04-25T16:19:36.892Z monthly 0.6 https://detectionlint.org/library/spl-unload-sysmon-filter-driver-d4ea1361 2026-04-25T16:19:36.628Z monthly 0.6 https://detectionlint.org/library/spl-unknown-process-using-the-kerberos-protocol-dfe400ba 2026-04-25T16:19:36.357Z monthly 0.6 https://detectionlint.org/library/spl-uninstall-app-using-msiexec-cb56678a 2026-04-25T16:19:36.085Z monthly 0.6 https://detectionlint.org/library/spl-uac-bypass-with-colorui-com-object-3c2ecd8f 2026-04-25T16:19:35.814Z monthly 0.6 https://detectionlint.org/library/spl-uac-bypass-mmc-load-unsigned-dll-ac326573 2026-04-25T16:19:35.560Z monthly 0.6 https://detectionlint.org/library/spl-trickbot-named-pipe-d6f45c75 2026-04-25T16:19:35.281Z monthly 0.6 https://detectionlint.org/library/spl-time-provider-persistence-registry-4b5d1815 2026-04-25T16:19:35.025Z monthly 0.6 https://detectionlint.org/library/spl-system-user-discovery-with-whoami-287d4831 2026-04-25T16:19:34.758Z monthly 0.6 https://detectionlint.org/library/spl-system-user-discovery-with-query-9c8ea66c 2026-04-25T16:19:34.500Z monthly 0.6 https://detectionlint.org/library/spl-system-processes-run-from-unexpected-locations-bc601103 2026-04-25T16:19:34.247Z monthly 0.6 https://detectionlint.org/library/spl-system-information-discovery-detection-b3157a5a 2026-04-25T16:19:33.978Z monthly 0.6 https://detectionlint.org/library/spl-system-info-gathering-using-dxdiag-application-6432ab33 2026-04-25T16:19:33.704Z monthly 0.6 https://detectionlint.org/library/spl-svchost-lolbas-execution-process-spawn-43fd827c 2026-04-25T16:19:33.428Z monthly 0.6 https://detectionlint.org/library/spl-suspicious-writes-to-windows-recycle-bin-006d23d4 2026-04-25T16:19:33.166Z monthly 0.6 https://detectionlint.org/library/spl-suspicious-wevtutil-usage-07905e1b 2026-04-25T16:19:32.899Z monthly 0.6 https://detectionlint.org/library/spl-suspicious-wav-file-in-appdata-folder-bf1f0333 2026-04-25T16:19:32.640Z monthly 0.6 https://detectionlint.org/library/spl-suspicious-ticket-granting-ticket-request-3432de34 2026-04-25T16:19:32.376Z monthly 0.6 https://detectionlint.org/library/spl-suspicious-sqlite3-lsquarantine-behavior-2f068d4d 2026-04-25T16:19:32.109Z monthly 0.6 https://detectionlint.org/library/spl-suspicious-searchprotocolhost-no-command-line-arguments-51dd8ff3 2026-04-25T16:19:31.839Z monthly 0.6 https://detectionlint.org/library/spl-suspicious-scheduled-task-from-public-directory-dab6898d 2026-04-25T16:19:31.568Z monthly 0.6 https://detectionlint.org/library/spl-suspicious-rundll32-startw-a9b4a406 2026-04-25T16:19:31.315Z monthly 0.6 https://detectionlint.org/library/spl-suspicious-rundll32-plugininit-3f3868f4 2026-04-25T16:19:31.052Z monthly 0.6 https://detectionlint.org/library/spl-suspicious-rundll32-no-command-line-arguments-9c8b3aa8 2026-04-25T16:19:30.773Z monthly 0.6 https://detectionlint.org/library/spl-suspicious-rundll32-dllregisterserver-17457e4a 2026-04-25T16:19:30.512Z monthly 0.6 https://detectionlint.org/library/spl-suspicious-regsvr32-register-suspicious-path-c9a23ec6 2026-04-25T16:19:30.250Z monthly 0.6 https://detectionlint.org/library/spl-suspicious-reg-exe-process-c5cb071e 2026-04-25T16:19:29.925Z monthly 0.6 https://detectionlint.org/library/spl-suspicious-process-executed-from-container-file-210c5a0b 2026-04-25T16:19:29.664Z monthly 0.6 https://detectionlint.org/library/spl-suspicious-plistbuddy-usage-via-osquery-adeb1c9e 2026-04-25T16:19:29.392Z monthly 0.6 https://detectionlint.org/library/spl-suspicious-plistbuddy-usage-15bc3ab6 2026-04-25T16:19:29.128Z monthly 0.6 https://detectionlint.org/library/spl-suspicious-mshta-spawn-e2bdf480 2026-04-25T16:19:28.860Z monthly 0.6 https://detectionlint.org/library/spl-suspicious-mshta-child-process-3535fef8 2026-04-25T16:19:28.555Z monthly 0.6 https://detectionlint.org/library/spl-suspicious-msbuild-spawn-7c3ee560 2026-04-25T16:19:28.290Z monthly 0.6 https://detectionlint.org/library/spl-suspicious-msbuild-rename-87403456 2026-04-25T16:19:28.013Z monthly 0.6 https://detectionlint.org/library/spl-suspicious-msbuild-path-b29708ae 2026-04-25T16:19:27.745Z monthly 0.6 https://detectionlint.org/library/spl-suspicious-microsoft-workflow-compiler-usage-3e0b9aa3 2026-04-25T16:19:27.482Z monthly 0.6 https://detectionlint.org/library/spl-suspicious-microsoft-workflow-compiler-rename-66a56ded 2026-04-25T16:19:27.218Z monthly 0.6 https://detectionlint.org/library/spl-suspicious-linux-discovery-commands-8709593f 2026-04-25T16:19:26.955Z monthly 0.6 https://detectionlint.org/library/spl-suspicious-kerberos-service-ticket-request-7aa8dba0 2026-04-25T16:19:26.686Z monthly 0.6 https://detectionlint.org/library/spl-suspicious-image-creation-in-appdata-folder-dd0ae55e 2026-04-25T16:19:26.424Z monthly 0.6 https://detectionlint.org/library/spl-suspicious-icedid-rundll32-cmdline-80b6e357 2026-04-25T16:19:26.158Z monthly 0.6 https://detectionlint.org/library/spl-suspicious-gpupdate-no-command-line-arguments-6c9a7cf6 2026-04-25T16:19:25.796Z monthly 0.6 https://detectionlint.org/library/spl-suspicious-dllhost-no-command-line-arguments-3f165d3d 2026-04-25T16:19:25.514Z monthly 0.6 https://detectionlint.org/library/spl-suspicious-curl-network-connection-50782984 2026-04-25T16:19:25.229Z monthly 0.6 https://detectionlint.org/library/spl-suspicious-copy-on-system32-74945bb9 2026-04-25T16:19:24.954Z monthly 0.6 https://detectionlint.org/library/spl-suspicious-computer-account-name-change-596490ae 2026-04-25T16:19:24.690Z monthly 0.6 https://detectionlint.org/library/spl-sunburst-correlation-dll-and-network-event-b5725d55 2026-04-25T16:19:24.418Z monthly 0.6 https://detectionlint.org/library/spl-steal-or-forge-authentication-certificates-behavior-identifi-f0bde1ed 2026-04-25T16:19:24.150Z monthly 0.6 https://detectionlint.org/library/spl-sqlite-module-in-temp-folder-c9d84500 2026-04-25T16:19:23.889Z monthly 0.6 https://detectionlint.org/library/spl-spoolsv-writing-a-dll---sysmon-32a30816 2026-04-25T16:19:23.608Z monthly 0.6 https://detectionlint.org/library/spl-spoolsv-writing-a-dll-7379f851 2026-04-25T16:19:23.325Z monthly 0.6 https://detectionlint.org/library/spl-spoolsv-suspicious-process-access-54368bc3 2026-04-25T16:19:23.050Z monthly 0.6 https://detectionlint.org/library/spl-spoolsv-suspicious-loaded-modules-dbe69384 2026-04-25T16:19:22.782Z monthly 0.6 https://detectionlint.org/library/spl-spoolsv-spawning-rundll32-8e72c9f6 2026-04-25T16:19:22.520Z monthly 0.6 https://detectionlint.org/library/spl-spike-in-file-writes-07329be5 2026-04-25T16:19:22.260Z monthly 0.6 https://detectionlint.org/library/spl-slui-spawning-a-process-d6ddcab7 2026-04-25T16:19:21.990Z monthly 0.6 https://detectionlint.org/library/spl-slui-runas-elevated-52f8a6b3 2026-04-25T16:19:21.722Z monthly 0.6 https://detectionlint.org/library/spl-single-letter-process-on-endpoint-a180f358 2026-04-25T16:19:21.446Z monthly 0.6 https://detectionlint.org/library/spl-silentcleanup-uac-bypass-b881e06e 2026-04-25T16:19:21.178Z monthly 0.6 https://detectionlint.org/library/spl-short-lived-windows-accounts-fdf1d84e 2026-04-25T16:19:20.911Z monthly 0.6 https://detectionlint.org/library/spl-short-lived-scheduled-task-13bf88e0 2026-04-25T16:19:20.648Z monthly 0.6 https://detectionlint.org/library/spl-shim-database-installation-with-suspicious-parameters-7f8331cd 2026-04-25T16:19:20.376Z monthly 0.6 https://detectionlint.org/library/spl-shim-database-file-creation-0969e864 2026-04-25T16:19:20.116Z monthly 0.6 https://detectionlint.org/library/spl-shai-hulud-workflow-file-creation-or-modification-4272b7fa 2026-04-25T16:19:19.844Z monthly 0.6 https://detectionlint.org/library/spl-shai-hulud-2-exfiltration-artifact-files-36d8ad4f 2026-04-25T16:19:19.556Z monthly 0.6 https://detectionlint.org/library/spl-set-default-powershell-execution-policy-to-unrestricted-or-b-0c750f9a 2026-04-25T16:19:19.295Z monthly 0.6 https://detectionlint.org/library/spl-services-lolbas-execution-process-spawn-c55e9658 2026-04-25T16:19:19.023Z monthly 0.6 https://detectionlint.org/library/spl-services-escalate-exe-238dd3b1 2026-04-25T16:19:18.717Z monthly 0.6 https://detectionlint.org/library/spl-serviceprincipalnames-discovery-with-setspn-4014d5ec 2026-04-25T16:19:18.445Z monthly 0.6 https://detectionlint.org/library/spl-serviceprincipalnames-discovery-with-powershell-0b856dc2 2026-04-25T16:19:18.174Z monthly 0.6 https://detectionlint.org/library/spl-secretdumps-offline-ntds-dumping-tool-e98ed4f6 2026-04-25T16:19:17.917Z monthly 0.6 https://detectionlint.org/library/spl-searchprotocolhost-with-no-command-line-with-network-b6ccf672 2026-04-25T16:19:17.662Z monthly 0.6 https://detectionlint.org/library/spl-sdelete-application-execution-f4b4026f 2026-04-25T16:19:17.404Z monthly 0.6 https://detectionlint.org/library/spl-sdclt-uac-bypass-5cf1657f 2026-04-25T16:19:17.124Z monthly 0.6 https://detectionlint.org/library/spl-script-execution-via-wmi-301f9d85 2026-04-25T16:19:16.847Z monthly 0.6 https://detectionlint.org/library/spl-screensaver-event-trigger-execution-9a176f02 2026-04-25T16:19:16.586Z monthly 0.6 https://detectionlint.org/library/spl-schtasks-used-for-forcing-a-reboot-b46a0fdb 2026-04-25T16:19:16.333Z monthly 0.6 https://detectionlint.org/library/spl-schtasks-scheduling-job-on-remote-system-a42ff34c 2026-04-25T16:19:16.067Z monthly 0.6 https://detectionlint.org/library/spl-schtasks-run-task-on-demand-e8b95fb8 2026-04-25T16:19:15.807Z monthly 0.6 https://detectionlint.org/library/spl-scheduled-task-initiation-on-remote-endpoint-980d0945 2026-04-25T16:19:15.549Z monthly 0.6 https://detectionlint.org/library/spl-scheduled-task-deleted-or-created-via-cmd-16bb4d0a 2026-04-25T16:19:15.293Z monthly 0.6 https://detectionlint.org/library/spl-scheduled-task-creation-on-remote-endpoint-using-at-76db9cc0 2026-04-25T16:19:15.026Z monthly 0.6 https://detectionlint.org/library/spl-schedule-task-with-rundll32-command-trigger-064d030f 2026-04-25T16:19:14.738Z monthly 0.6 https://detectionlint.org/library/spl-schedule-task-with-http-command-arguments-55ab101b 2026-04-25T16:19:14.471Z monthly 0.6 https://detectionlint.org/library/spl-schcache-change-by-app-connect-and-create-adsi-object-0cf44e24 2026-04-25T16:19:14.218Z monthly 0.6 https://detectionlint.org/library/spl-samsam-test-file-write-f6c94cce 2026-04-25T16:19:13.954Z monthly 0.6 https://detectionlint.org/library/spl-sam-database-file-access-attempt-def5f3b2 2026-04-25T16:19:13.686Z monthly 0.6 https://detectionlint.org/library/spl-ryuk-wake-on-lan-command-682ef936 2026-04-25T16:19:13.425Z monthly 0.6 https://detectionlint.org/library/spl-ryuk-test-files-detected-c3b4b31e 2026-04-25T16:19:13.161Z monthly 0.6 https://detectionlint.org/library/spl-rundll-loading-dll-by-ordinal-1786256e 2026-04-25T16:19:12.882Z monthly 0.6 https://detectionlint.org/library/spl-rundll32-with-no-command-line-arguments-with-network-c9f4864b 2026-04-25T16:19:12.621Z monthly 0.6 https://detectionlint.org/library/spl-rundll32-shimcache-flush-e72df91d 2026-04-25T16:19:12.354Z monthly 0.6 https://detectionlint.org/library/spl-rundll32-process-creating-exe-dll-files-1147684b 2026-04-25T16:19:12.099Z monthly 0.6 https://detectionlint.org/library/spl-rundll32-lockworkstation-1ffed13d 2026-04-25T16:19:11.832Z monthly 0.6 https://detectionlint.org/library/spl-rundll32-createremotethread-in-browser-427f5700 2026-04-25T16:19:11.555Z monthly 0.6 https://detectionlint.org/library/spl-rundll32-create-remote-thread-to-a-process-197a9f81 2026-04-25T16:19:11.294Z monthly 0.6 https://detectionlint.org/library/spl-rundll32-control-rundll-world-writable-directory-703f96fa 2026-04-25T16:19:10.949Z monthly 0.6 https://detectionlint.org/library/spl-rundll32-control-rundll-hunt-69c6a85e 2026-04-25T16:19:09.962Z monthly 0.6 https://detectionlint.org/library/spl-runas-execution-in-commandline-8098f869 2026-04-25T16:19:09.710Z monthly 0.6 https://detectionlint.org/library/spl-rubeus-kerberos-ticket-exports-through-winlogon-access-7398bff6 2026-04-25T16:19:09.421Z monthly 0.6 https://detectionlint.org/library/spl-rubeus-command-line-parameters-10dd4145 2026-04-25T16:19:09.150Z monthly 0.6 https://detectionlint.org/library/spl-revil-registry-entry-8948b742 2026-04-25T16:19:08.898Z monthly 0.6 https://detectionlint.org/library/spl-revil-common-exec-parameter-8c452a58 2026-04-25T16:19:08.628Z monthly 0.6 https://detectionlint.org/library/spl-resize-shadowstorage-volume-b7de4d0f 2026-04-25T16:19:08.371Z monthly 0.6 https://detectionlint.org/library/spl-remote-wmi-command-attempt-14a3b9f0 2026-04-25T16:19:08.112Z monthly 0.6 https://detectionlint.org/library/spl-remote-system-discovery-with-wmic-6a1548de 2026-04-25T16:19:07.845Z monthly 0.6 https://detectionlint.org/library/spl-remote-system-discovery-with-dsquery-9c2af822 2026-04-25T16:19:07.563Z monthly 0.6 https://detectionlint.org/library/spl-remote-system-discovery-with-adsisearcher-ab57d523 2026-04-25T16:19:07.304Z monthly 0.6 https://detectionlint.org/library/spl-remote-process-instantiation-via-wmi-and-powershell-script-b-4532e47c 2026-04-25T16:19:07.012Z monthly 0.6 https://detectionlint.org/library/spl-remote-process-instantiation-via-wmi-and-powershell-897686b0 2026-04-25T16:19:06.750Z monthly 0.6 https://detectionlint.org/library/spl-remote-process-instantiation-via-wmi-b903be35 2026-04-25T16:19:06.485Z monthly 0.6 https://detectionlint.org/library/spl-remote-process-instantiation-via-winrm-and-winrs-aa9999fa 2026-04-25T16:19:06.217Z monthly 0.6 https://detectionlint.org/library/spl-remote-process-instantiation-via-winrm-and-powershell-script-c24058e0 2026-04-25T16:19:05.938Z monthly 0.6 https://detectionlint.org/library/spl-remote-process-instantiation-via-winrm-and-powershell-e1e4c880 2026-04-25T16:19:05.667Z monthly 0.6 https://detectionlint.org/library/spl-remote-process-instantiation-via-dcom-and-powershell-script--1d1abede 2026-04-25T16:19:05.354Z monthly 0.6 https://detectionlint.org/library/spl-remote-process-instantiation-via-dcom-and-powershell-1d97b5fa 2026-04-25T16:19:05.071Z monthly 0.6 https://detectionlint.org/library/spl-remote-desktop-process-running-on-system-67454703 2026-04-25T16:19:04.799Z monthly 0.6 https://detectionlint.org/library/spl-remcos-rat-file-creation-in-remcos-folder-650ac384 2026-04-25T16:19:04.509Z monthly 0.6 https://detectionlint.org/library/spl-remcos-client-registry-install-entry-4a91258e 2026-04-25T16:19:04.249Z monthly 0.6 https://detectionlint.org/library/spl-regsvr32-with-known-silent-switch-cmdline-9fc7d029 2026-04-25T16:19:03.987Z monthly 0.6 https://detectionlint.org/library/spl-regsvr32-silent-and-install-param-dll-loading-38e862ea 2026-04-25T16:19:03.717Z monthly 0.6 https://detectionlint.org/library/spl-registry-keys-used-for-privilege-escalation-3c6a41c7 2026-04-25T16:19:03.455Z monthly 0.6 https://detectionlint.org/library/spl-registry-keys-used-for-persistence-9785445a 2026-04-25T16:19:03.156Z monthly 0.6 https://detectionlint.org/library/spl-registry-keys-for-creating-shim-databases-0e153b04 2026-04-25T16:19:02.894Z monthly 0.6 https://detectionlint.org/library/spl-reg-exe-manipulating-windows-services-registry-keys-d7f0520d 2026-04-25T16:19:02.632Z monthly 0.6 https://detectionlint.org/library/spl-recursive-delete-of-directory-in-batch-cmd-27f8a6e7 2026-04-25T16:19:02.372Z monthly 0.6 https://detectionlint.org/library/spl-recon-using-wmi-class-b84ec90b 2026-04-25T16:19:02.085Z monthly 0.6 https://detectionlint.org/library/spl-recon-avproduct-through-pwh-or-wmi-6a237d4f 2026-04-25T16:19:01.804Z monthly 0.6 https://detectionlint.org/library/spl-ransomware-notes-bulk-creation-c709d5e6 2026-04-25T16:19:01.529Z monthly 0.6 https://detectionlint.org/library/spl-randomly-generated-windows-service-name-079a3153 2026-04-25T16:19:01.255Z monthly 0.6 https://detectionlint.org/library/spl-randomly-generated-scheduled-task-name-b4b463cc 2026-04-25T16:19:00.988Z monthly 0.6 https://detectionlint.org/library/spl-processes-tapping-keyboard-events-e6cdd7b6 2026-04-25T16:19:00.735Z monthly 0.6 https://detectionlint.org/library/spl-process-writing-dynamicwrapperx-513419b2 2026-04-25T16:19:00.376Z monthly 0.6 https://detectionlint.org/library/spl-process-kill-base-on-file-path-64ee07c3 2026-04-25T16:19:00.118Z monthly 0.6 https://detectionlint.org/library/spl-process-execution-via-wmi-5b02ef4e 2026-04-25T16:18:59.848Z monthly 0.6 https://detectionlint.org/library/spl-process-deleting-its-process-file-path-a2f1b73f 2026-04-25T16:18:59.585Z monthly 0.6 https://detectionlint.org/library/spl-process-creating-lnk-file-in-suspicious-location-f4210df0 2026-04-25T16:18:59.298Z monthly 0.6 https://detectionlint.org/library/spl-print-spooler-failed-to-load-a-plug-in-be08ce5d 2026-04-25T16:18:59.037Z monthly 0.6 https://detectionlint.org/library/spl-print-spooler-adding-a-printer-driver-c4a41399 2026-04-25T16:18:58.765Z monthly 0.6 https://detectionlint.org/library/spl-print-processor-registry-autostart-25d76d58 2026-04-25T16:18:58.507Z monthly 0.6 https://detectionlint.org/library/spl-prevent-automatic-repair-mode-using-bcdedit-b5303d17 2026-04-25T16:18:58.240Z monthly 0.6 https://detectionlint.org/library/spl-powershell-windows-defender-exclusion-commands-0d6c3b0c 2026-04-25T16:18:57.969Z monthly 0.6 https://detectionlint.org/library/spl-powershell-webrequest-using-memory-stream-87196f69 2026-04-25T16:18:57.707Z monthly 0.6 https://detectionlint.org/library/spl-powershell-using-memory-as-backing-store-7b57a3eb 2026-04-25T16:18:57.430Z monthly 0.6 https://detectionlint.org/library/spl-powershell-start-or-stop-service-66899f90 2026-04-25T16:18:57.167Z monthly 0.6 https://detectionlint.org/library/spl-powershell-start-bitstransfer-dd64db54 2026-04-25T16:18:56.905Z monthly 0.6 https://detectionlint.org/library/spl-powershell-script-block-with-url-chain-02523474 2026-04-25T16:18:56.642Z monthly 0.6 https://detectionlint.org/library/spl-powershell-remove-windows-defender-directory-1bd2d8e0 2026-04-25T16:18:56.375Z monthly 0.6 https://detectionlint.org/library/spl-powershell-remote-thread-to-known-windows-process-33d87f8f 2026-04-25T16:18:56.112Z monthly 0.6 https://detectionlint.org/library/spl-powershell-remote-services-add-trustedhost-38c5255a 2026-04-25T16:18:55.845Z monthly 0.6 https://detectionlint.org/library/spl-powershell-processing-stream-of-data-b74ec4d8 2026-04-25T16:18:55.539Z monthly 0.6 https://detectionlint.org/library/spl-powershell-loading-dotnet-into-memory-via-reflection-4a1deebf 2026-04-25T16:18:55.283Z monthly 0.6 https://detectionlint.org/library/spl-powershell-load-module-in-meterpreter-be716124 2026-04-25T16:18:55.019Z monthly 0.6 https://detectionlint.org/library/spl-powershell-invoke-wmiexec-usage-3eee2693 2026-04-25T16:18:54.759Z monthly 0.6 https://detectionlint.org/library/spl-powershell-invoke-cimmethod-cimsession-fa4deb4b 2026-04-25T16:18:54.495Z monthly 0.6 https://detectionlint.org/library/spl-powershell-get-localgroup-discovery-with-script-block-loggin-18a147f9 2026-04-25T16:18:54.239Z monthly 0.6 https://detectionlint.org/library/spl-powershell-get-localgroup-discovery-8e1c6a67 2026-04-25T16:18:53.973Z monthly 0.6 https://detectionlint.org/library/spl-powershell-fileless-script-contains-base64-encoded-content-2d308eb8 2026-04-25T16:18:53.716Z monthly 0.6 https://detectionlint.org/library/spl-powershell-fileless-process-injection-via-getprocaddress-66bba337 2026-04-25T16:18:53.457Z monthly 0.6 https://detectionlint.org/library/spl-powershell-execute-com-object-b5fae440 2026-04-25T16:18:53.188Z monthly 0.6 https://detectionlint.org/library/spl-powershell-enable-smb1protocol-feature-8ca2e52c 2026-04-25T16:18:52.930Z monthly 0.6 https://detectionlint.org/library/spl-powershell-enable-powershell-remoting-8a6a02da 2026-04-25T16:18:52.660Z monthly 0.6 https://detectionlint.org/library/spl-powershell-domain-enumeration-48a2e354 2026-04-25T16:18:52.401Z monthly 0.6 https://detectionlint.org/library/spl-powershell-disable-security-monitoring-42bf2e78 2026-04-25T16:18:52.148Z monthly 0.6 https://detectionlint.org/library/spl-powershell-creating-thread-mutex-4ae1448d 2026-04-25T16:18:51.891Z monthly 0.6 https://detectionlint.org/library/spl-powershell-com-hijacking-inprocserver32-modification-ba0596a8 2026-04-25T16:18:51.620Z monthly 0.6 https://detectionlint.org/library/spl-powershell---connect-to-internet-with-hidden-window-9b35639b 2026-04-25T16:18:51.346Z monthly 0.6 https://detectionlint.org/library/spl-powershell-4104-hunting-a9e39ecb 2026-04-25T16:18:51.080Z monthly 0.6 https://detectionlint.org/library/spl-potential-telegram-api-request-via-commandline-f2da9139 2026-04-25T16:18:50.808Z monthly 0.6 https://detectionlint.org/library/spl-potential-system-network-configuration-discovery-activity-cd32991b 2026-04-25T16:18:50.517Z monthly 0.6 https://detectionlint.org/library/spl-potential-password-in-username-e94b042d 2026-04-25T16:18:50.254Z monthly 0.6 https://detectionlint.org/library/spl-possible-lateral-movement-powershell-spawn-e1cb4ac6 2026-04-25T16:18:49.985Z monthly 0.6 https://detectionlint.org/library/spl-possible-browser-pass-view-parameter-48887ea1 2026-04-25T16:18:49.704Z monthly 0.6 https://detectionlint.org/library/spl-ping-sleep-batch-command-37a3b35b 2026-04-25T16:18:49.434Z monthly 0.6 https://detectionlint.org/library/spl-petitpotam-suspicious-kerberos-tgt-request-48c6446d 2026-04-25T16:18:49.150Z monthly 0.6 https://detectionlint.org/library/spl-petitpotam-network-share-access-request-84e6ef87 2026-04-25T16:18:48.883Z monthly 0.6 https://detectionlint.org/library/spl-permission-modification-using-takeown-app-81564865 2026-04-25T16:18:48.619Z monthly 0.6 https://detectionlint.org/library/spl-papercut-ng-suspicious-behavior-debug-log-96adbddd 2026-04-25T16:18:48.367Z monthly 0.6 https://detectionlint.org/library/spl-overwriting-accessibility-binaries-bd7bb441 2026-04-25T16:18:48.096Z monthly 0.6 https://detectionlint.org/library/spl-outbound-network-connection-from-java-using-default-ports-8071cc86 2026-04-25T16:18:47.827Z monthly 0.6 https://detectionlint.org/library/spl-ntdsutil-export-ntds-fac7e514 2026-04-25T16:18:47.535Z monthly 0.6 https://detectionlint.org/library/spl-notepad-with-no-command-line-arguments-4f7fb52a 2026-04-25T16:18:47.268Z monthly 0.6 https://detectionlint.org/library/spl-non-firefox-process-access-firefox-profile-dir-7828c5ef 2026-04-25T16:18:46.990Z monthly 0.6 https://detectionlint.org/library/spl-non-chrome-process-accessing-chrome-default-dir-73e8f65d 2026-04-25T16:18:46.709Z monthly 0.6 https://detectionlint.org/library/spl-nltest-domain-trust-discovery-63cf5a96 2026-04-25T16:18:46.447Z monthly 0.6 https://detectionlint.org/library/spl-nishang-powershelltcponeline-bba0fc9b 2026-04-25T16:18:46.189Z monthly 0.6 https://detectionlint.org/library/spl-network-traffic-to-active-directory-web-services-protocol-eddbc0f4 2026-04-25T16:18:45.907Z monthly 0.6 https://detectionlint.org/library/spl-network-share-discovery-via-dir-command-e2db62ec 2026-04-25T16:18:45.643Z monthly 0.6 https://detectionlint.org/library/spl-network-discovery-using-route-windows-app-dbdc2127 2026-04-25T16:18:45.264Z monthly 0.6 https://detectionlint.org/library/spl-network-connection-discovery-with-netstat-1de27ba5 2026-04-25T16:18:44.982Z monthly 0.6 https://detectionlint.org/library/spl-network-connection-discovery-with-arp-4a5fec91 2026-04-25T16:18:44.723Z monthly 0.6 https://detectionlint.org/library/spl-net-profiler-uac-bypass-c08144fd 2026-04-25T16:18:44.444Z monthly 0.6 https://detectionlint.org/library/spl-msmpeng-application-dll-side-loading-31d253bd 2026-04-25T16:18:44.165Z monthly 0.6 https://detectionlint.org/library/spl-msi-module-loaded-by-non-system-binary-97f1e024 2026-04-25T16:18:43.894Z monthly 0.6 https://detectionlint.org/library/spl-mshta-spawning-rundll32-or-regsvr32-process-2e93a274 2026-04-25T16:18:43.628Z monthly 0.6 https://detectionlint.org/library/spl-msbuild-suspicious-spawned-by-script-process-f2eccfc3 2026-04-25T16:18:43.366Z monthly 0.6 https://detectionlint.org/library/spl-ms-scripting-process-loading-wmi-module-decea106 2026-04-25T16:18:43.104Z monthly 0.6 https://detectionlint.org/library/spl-ms-scripting-process-loading-ldap-module-bf8207a1 2026-04-25T16:18:42.823Z monthly 0.6 https://detectionlint.org/library/spl-ms-exchange-mailbox-replication-service-writing-active-serve-90507cdd 2026-04-25T16:18:42.547Z monthly 0.6 https://detectionlint.org/library/spl-moveit-empty-key-fingerprint-authentication-attempt-949e3e80 2026-04-25T16:18:42.271Z monthly 0.6 https://detectionlint.org/library/spl-moveit-certificate-store-access-failure-c7ec8934 2026-04-25T16:18:42.007Z monthly 0.6 https://detectionlint.org/library/spl-monitor-registry-keys-for-print-monitors-0c1fd7f2 2026-04-25T16:18:41.737Z monthly 0.6 https://detectionlint.org/library/spl-modify-acl-permission-to-files-or-folder-679e5395 2026-04-25T16:18:41.478Z monthly 0.6 https://detectionlint.org/library/spl-modification-of-wallpaper-eb93825e 2026-04-25T16:18:41.213Z monthly 0.6 https://detectionlint.org/library/spl-mmc-lolbas-execution-process-spawn-259c345d 2026-04-25T16:18:40.944Z monthly 0.6 https://detectionlint.org/library/spl-mimikatz-passtheticket-commandline-parameters-a473daa6 2026-04-25T16:18:40.679Z monthly 0.6 https://detectionlint.org/library/spl-microsoft-defender-incident-alerts-24f650f2 2026-04-25T16:18:40.401Z monthly 0.6 https://detectionlint.org/library/spl-microsoft-defender-atp-alerts-2e05d228 2026-04-25T16:18:40.132Z monthly 0.6 https://detectionlint.org/library/spl-malicious-powershell-process-with-obfuscation-techniques-b53c74e3 2026-04-25T16:18:39.860Z monthly 0.6 https://detectionlint.org/library/spl-malicious-powershell-process---execution-policy-bypass-44b72126 2026-04-25T16:18:39.577Z monthly 0.6 https://detectionlint.org/library/spl-malicious-powershell-process---encoded-command-71422c13 2026-04-25T16:18:39.302Z monthly 0.6 https://detectionlint.org/library/spl-malicious-powershell-executed-as-a-service-bbe90b2e 2026-04-25T16:18:39.038Z monthly 0.6 https://detectionlint.org/library/spl-malicious-inprocserver32-modification-b33edc01 2026-04-25T16:18:38.763Z monthly 0.6 https://detectionlint.org/library/spl-mailsniper-invoke-functions-2b354f24 2026-04-25T16:18:38.490Z monthly 0.6 https://detectionlint.org/library/spl-macos-plutil-52f3505b 2026-04-25T16:18:38.228Z monthly 0.6 https://detectionlint.org/library/spl-macos-network-share-discovery-4c854c53 2026-04-25T16:18:37.948Z monthly 0.6 https://detectionlint.org/library/spl-macos-lolbin-c0b58c7b 2026-04-25T16:18:37.648Z monthly 0.6 https://detectionlint.org/library/spl-macos-loginhook-persistence-fb5e701a 2026-04-25T16:18:37.389Z monthly 0.6 https://detectionlint.org/library/spl-macos-log-removal-a8777c7e 2026-04-25T16:18:37.099Z monthly 0.6 https://detectionlint.org/library/spl-macos-list-firewall-rules-fcd30f98 2026-04-25T16:18:36.834Z monthly 0.6 https://detectionlint.org/library/spl-macos-keychains-dumped-e1788c97 2026-04-25T16:18:36.554Z monthly 0.6 https://detectionlint.org/library/spl-macos-kextload-usage-9efb273c 2026-04-25T16:18:36.280Z monthly 0.6 https://detectionlint.org/library/spl-macos-hidden-files-and-directories-0ce1059e 2026-04-25T16:18:36.007Z monthly 0.6 https://detectionlint.org/library/spl-macos-gatekeeper-bypass-1436b742 2026-04-25T16:18:35.744Z monthly 0.6 https://detectionlint.org/library/spl-macos-data-chunking-a2c37a18 2026-04-25T16:18:35.476Z monthly 0.6 https://detectionlint.org/library/spl-macos-amos-stealer---virtual-machine-check-activity-2b7966cc 2026-04-25T16:18:35.212Z monthly 0.6 https://detectionlint.org/library/spl-macos-account-created-f55bdd2e 2026-04-25T16:18:34.951Z monthly 0.6 https://detectionlint.org/library/spl-macos---re-opened-applications-90ec8b9b 2026-04-25T16:18:34.695Z monthly 0.6 https://detectionlint.org/library/spl-lolbas-with-network-traffic-993bba3f 2026-04-25T16:18:34.410Z monthly 0.6 https://detectionlint.org/library/spl-logon-script-event-trigger-execution-232adcf6 2026-04-25T16:18:34.137Z monthly 0.6 https://detectionlint.org/library/spl-log4shell-cve-2021-44228-exploitation-119160af 2026-04-25T16:18:33.859Z monthly 0.6 https://detectionlint.org/library/spl-local-llm-framework-dns-query-3075b7ea 2026-04-25T16:18:33.586Z monthly 0.6 https://detectionlint.org/library/spl-local-account-discovery-with-wmic-0ce31954 2026-04-25T16:18:33.297Z monthly 0.6 https://detectionlint.org/library/spl-loading-of-dynwrapx-module-9f590c15 2026-04-25T16:18:33.019Z monthly 0.6 https://detectionlint.org/library/spl-llm-model-file-creation-a8bd7205 2026-04-25T16:18:32.728Z monthly 0.6 https://detectionlint.org/library/spl-living-off-the-land-detection-deb93c65 2026-04-25T16:18:32.451Z monthly 0.6 https://detectionlint.org/library/spl-linux-visudo-utility-execution-71a2ff31 2026-04-25T16:18:32.189Z monthly 0.6 https://detectionlint.org/library/spl-linux-unix-shell-enable-all-sysrq-functions-4741f3ea 2026-04-25T16:18:31.919Z monthly 0.6 https://detectionlint.org/library/spl-linux-telnet-authentication-bypass-f51819d5 2026-04-25T16:18:31.636Z monthly 0.6 https://detectionlint.org/library/spl-linux-system-reboot-via-system-request-key-925a50fc 2026-04-25T16:18:31.382Z monthly 0.6 https://detectionlint.org/library/spl-linux-system-network-discovery-e3ece3ea 2026-04-25T16:18:31.108Z monthly 0.6 https://detectionlint.org/library/spl-linux-suspicious-react-or-nextjs-child-process-6d9c04ac 2026-04-25T16:18:30.835Z monthly 0.6 https://detectionlint.org/library/spl-linux-sudoers-tmp-file-creation-e3166694 2026-04-25T16:18:30.573Z monthly 0.6 https://detectionlint.org/library/spl-linux-sudo-or-su-execution-4311c547 2026-04-25T16:18:30.213Z monthly 0.6 https://detectionlint.org/library/spl-linux-stop-services-995ddc4c 2026-04-25T16:18:29.937Z monthly 0.6 https://detectionlint.org/library/spl-linux-stdout-redirection-to-dev-null-file-7287587d 2026-04-25T16:18:29.673Z monthly 0.6 https://detectionlint.org/library/spl-linux-ssh-remote-services-script-execute-8a14584a 2026-04-25T16:18:29.408Z monthly 0.6 https://detectionlint.org/library/spl-linux-ssh-authorized-keys-modification-fae94411 2026-04-25T16:18:29.137Z monthly 0.6 https://detectionlint.org/library/spl-linux-sqlite3-privilege-escalation-4f6435d3 2026-04-25T16:18:28.890Z monthly 0.6 https://detectionlint.org/library/spl-linux-shred-overwrite-command-d505be97 2026-04-25T16:18:28.619Z monthly 0.6 https://detectionlint.org/library/spl-linux-setuid-using-setcap-utility-61b2ea26 2026-04-25T16:18:28.342Z monthly 0.6 https://detectionlint.org/library/spl-linux-setuid-using-chmod-utility-a66bbf2e 2026-04-25T16:18:28.071Z monthly 0.6 https://detectionlint.org/library/spl-linux-service-started-or-enabled-7dd81133 2026-04-25T16:18:27.808Z monthly 0.6 https://detectionlint.org/library/spl-linux-service-restarted-969923bf 2026-04-25T16:18:27.541Z monthly 0.6 https://detectionlint.org/library/spl-linux-service-file-created-in-systemd-directory-6d14c26a 2026-04-25T16:18:27.258Z monthly 0.6 https://detectionlint.org/library/spl-linux-ruby-privilege-escalation-66cd4647 2026-04-25T16:18:26.966Z monthly 0.6 https://detectionlint.org/library/spl-linux-rpm-privilege-escalation-d629f5ce 2026-04-25T16:18:26.696Z monthly 0.6 https://detectionlint.org/library/spl-linux-puppet-privilege-escalation-2a36a47e 2026-04-25T16:18:26.426Z monthly 0.6 https://detectionlint.org/library/spl-linux-proxy-socks-curl-f0815c07 2026-04-25T16:18:26.115Z monthly 0.6 https://detectionlint.org/library/spl-linux-preload-hijack-library-calls-8e55fb11 2026-04-25T16:18:25.854Z monthly 0.6 https://detectionlint.org/library/spl-linux-possible-ssh-key-file-creation-9f1abaf0 2026-04-25T16:18:25.564Z monthly 0.6 https://detectionlint.org/library/spl-linux-possible-cronjob-modification-with-editor-6a6ec655 2026-04-25T16:18:25.288Z monthly 0.6 https://detectionlint.org/library/spl-linux-possible-append-cronjob-entry-on-existing-cronjob-file-d09c6f4a 2026-04-25T16:18:25.017Z monthly 0.6 https://detectionlint.org/library/spl-linux-possible-append-command-to-profile-config-file-8eab7dcb 2026-04-25T16:18:24.747Z monthly 0.6 https://detectionlint.org/library/spl-linux-possible-append-command-to-at-allow-config-file-5ac14d21 2026-04-25T16:18:24.465Z monthly 0.6 https://detectionlint.org/library/spl-linux-possible-access-to-sudoers-file-55f24d39 2026-04-25T16:18:24.205Z monthly 0.6 https://detectionlint.org/library/spl-linux-possible-access-to-credential-files-acea2041 2026-04-25T16:18:23.940Z monthly 0.6 https://detectionlint.org/library/spl-linux-possible-access-or-modification-of-sshd-config-file-d3f55149 2026-04-25T16:18:23.658Z monthly 0.6 https://detectionlint.org/library/spl-linux-pkexec-privilege-escalation-cddcdd10 2026-04-25T16:18:23.374Z monthly 0.6 https://detectionlint.org/library/spl-linux-php-privilege-escalation-82b86832 2026-04-25T16:18:23.086Z monthly 0.6 https://detectionlint.org/library/spl-linux-persistence-and-privilege-escalation-risk-behavior-f5743292 2026-04-25T16:18:22.823Z monthly 0.6 https://detectionlint.org/library/spl-linux-openvpn-privilege-escalation-43c2be2c 2026-04-25T16:18:22.562Z monthly 0.6 https://detectionlint.org/library/spl-linux-octave-privilege-escalation-664d5d1e 2026-04-25T16:18:22.295Z monthly 0.6 https://detectionlint.org/library/spl-linux-obfuscated-files-or-information-base64-decode-0b1fd3a0 2026-04-25T16:18:22.038Z monthly 0.6 https://detectionlint.org/library/spl-linux-nopasswd-entry-in-sudoers-file-baf42b72 2026-04-25T16:18:21.766Z monthly 0.6 https://detectionlint.org/library/spl-linux-node-privilege-escalation-89495618 2026-04-25T16:18:21.490Z monthly 0.6 https://detectionlint.org/library/spl-linux-ngrok-reverse-proxy-usage-02867056 2026-04-25T16:18:21.225Z monthly 0.6 https://detectionlint.org/library/spl-linux-mysql-privilege-escalation-5916fb5d 2026-04-25T16:18:20.975Z monthly 0.6 https://detectionlint.org/library/spl-linux-medusa-rootkit-690d6a3f 2026-04-25T16:18:20.705Z monthly 0.6 https://detectionlint.org/library/spl-linux-make-privilege-escalation-909c6b84 2026-04-25T16:18:20.437Z monthly 0.6 https://detectionlint.org/library/spl-linux-magic-sysrq-key-abuse-1f28a38e 2026-04-25T16:18:20.157Z monthly 0.6 https://detectionlint.org/library/spl-linux-kworker-process-in-writable-process-path-cc7b9d11 2026-04-25T16:18:19.887Z monthly 0.6 https://detectionlint.org/library/spl-linux-kernel-module-enumeration-c11cfa9b 2026-04-25T16:18:19.622Z monthly 0.6 https://detectionlint.org/library/spl-linux-iptables-firewall-modification-b14538fa 2026-04-25T16:18:19.351Z monthly 0.6 https://detectionlint.org/library/spl-linux-install-kernel-module-using-modprobe-utility-b0445c2f 2026-04-25T16:18:19.088Z monthly 0.6 https://detectionlint.org/library/spl-linux-insert-kernel-module-using-insmod-utility-9f60fd65 2026-04-25T16:18:18.819Z monthly 0.6 https://detectionlint.org/library/spl-linux-ingress-tool-transfer-with-curl-b8c490ba 2026-04-25T16:18:18.567Z monthly 0.6 https://detectionlint.org/library/spl-linux-ingress-tool-transfer-hunting-bdb17678 2026-04-25T16:18:18.296Z monthly 0.6 https://detectionlint.org/library/spl-linux-indicator-removal-service-file-deletion-7456f6dc 2026-04-25T16:18:18.032Z monthly 0.6 https://detectionlint.org/library/spl-linux-indicator-removal-clear-cache-ab6920f5 2026-04-25T16:18:17.767Z monthly 0.6 https://detectionlint.org/library/spl-linux-impair-defenses-process-kill-8d5af809 2026-04-25T16:18:17.503Z monthly 0.6 https://detectionlint.org/library/spl-linux-high-frequency-of-file-deletion-in-etc-folder-08d65c71 2026-04-25T16:18:17.226Z monthly 0.6 https://detectionlint.org/library/spl-linux-high-frequency-of-file-deletion-in-boot-folder-abc3c8dd 2026-04-25T16:18:16.966Z monthly 0.6 https://detectionlint.org/library/spl-linux-hardware-addition-swapoff-8973efc6 2026-04-25T16:18:16.690Z monthly 0.6 https://detectionlint.org/library/spl-linux-gnu-awk-privilege-escalation-63bfa521 2026-04-25T16:18:16.423Z monthly 0.6 https://detectionlint.org/library/spl-linux-gem-privilege-escalation-f03565e7 2026-04-25T16:18:16.137Z monthly 0.6 https://detectionlint.org/library/spl-linux-gdrive-binary-activity-83d125ee 2026-04-25T16:18:15.876Z monthly 0.6 https://detectionlint.org/library/spl-linux-gdb-privilege-escalation-f5325a6d 2026-04-25T16:18:15.583Z monthly 0.6 https://detectionlint.org/library/spl-linux-find-privilege-escalation-c1f53910 2026-04-25T16:18:15.300Z monthly 0.6 https://detectionlint.org/library/spl-linux-file-creation-in-profile-directory-f4816ce8 2026-04-25T16:18:14.930Z monthly 0.6 https://detectionlint.org/library/spl-linux-file-creation-in-init-boot-directory-d4195a51 2026-04-25T16:18:14.664Z monthly 0.6 https://detectionlint.org/library/spl-linux-file-created-in-kernel-driver-directory-2905f2b4 2026-04-25T16:18:14.367Z monthly 0.6 https://detectionlint.org/library/spl-linux-emacs-privilege-escalation-10ec7842 2026-04-25T16:18:14.092Z monthly 0.6 https://detectionlint.org/library/spl-linux-edit-cron-table-parameter-ba9ec6ae 2026-04-25T16:18:13.793Z monthly 0.6 https://detectionlint.org/library/spl-linux-docker-shell-execution-d3deaf79 2026-04-25T16:18:13.529Z monthly 0.6 https://detectionlint.org/library/spl-linux-docker-root-directory-mount-b3c3b702 2026-04-25T16:18:13.268Z monthly 0.6 https://detectionlint.org/library/spl-linux-doas-tool-execution-20e51951 2026-04-25T16:18:12.942Z monthly 0.6 https://detectionlint.org/library/spl-linux-doas-conf-file-creation-d0567a42 2026-04-25T16:18:12.681Z monthly 0.6 https://detectionlint.org/library/spl-linux-disable-services-c0d0bf9b 2026-04-25T16:18:12.432Z monthly 0.6 https://detectionlint.org/library/spl-linux-deletion-of-ssl-certificate-94348759 2026-04-25T16:18:12.174Z monthly 0.6 https://detectionlint.org/library/spl-linux-deletion-of-services-a2c53ff3 2026-04-25T16:18:11.903Z monthly 0.6 https://detectionlint.org/library/spl-linux-deletion-of-init-daemon-script-21989c37 2026-04-25T16:18:11.587Z monthly 0.6 https://detectionlint.org/library/spl-linux-deletion-of-cron-jobs-f050b180 2026-04-25T16:18:11.310Z monthly 0.6 https://detectionlint.org/library/spl-linux-deleting-critical-directory-using-rm-command-031ff486 2026-04-25T16:18:11.036Z monthly 0.6 https://detectionlint.org/library/spl-linux-decode-base64-to-shell-db788683 2026-04-25T16:18:10.772Z monthly 0.6 https://detectionlint.org/library/spl-linux-dd-file-overwrite-2533bba6 2026-04-25T16:18:10.503Z monthly 0.6 https://detectionlint.org/library/spl-linux-data-destruction-command-033e5d67 2026-04-25T16:18:10.262Z monthly 0.6 https://detectionlint.org/library/spl-linux-curl-upload-file-2b073825 2026-04-25T16:18:09.988Z monthly 0.6 https://detectionlint.org/library/spl-linux-csvtool-privilege-escalation-cc4a0f71 2026-04-25T16:18:09.706Z monthly 0.6 https://detectionlint.org/library/spl-linux-cpulimit-privilege-escalation-10d53218 2026-04-25T16:18:09.444Z monthly 0.6 https://detectionlint.org/library/spl-linux-composer-privilege-escalation-416266ea 2026-04-25T16:18:09.175Z monthly 0.6 https://detectionlint.org/library/spl-linux-common-process-for-elevation-control-f586b3aa 2026-04-25T16:18:08.894Z monthly 0.6 https://detectionlint.org/library/spl-linux-clipboard-data-copy-1909beae 2026-04-25T16:18:08.629Z monthly 0.6 https://detectionlint.org/library/spl-linux-change-file-owner-to-root-18a48172 2026-04-25T16:18:08.359Z monthly 0.6 https://detectionlint.org/library/spl-linux-c99-privilege-escalation-e469734e 2026-04-25T16:18:08.073Z monthly 0.6 https://detectionlint.org/library/spl-linux-c89-privilege-escalation-c374d707 2026-04-25T16:18:07.801Z monthly 0.6 https://detectionlint.org/library/spl-linux-busybox-privilege-escalation-71292404 2026-04-25T16:18:07.537Z monthly 0.6 https://detectionlint.org/library/spl-linux-awk-privilege-escalation-a208260c 2026-04-25T16:18:07.267Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-whoami-user-discovery-7c90779f 2026-04-25T16:18:06.986Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-virtual-disk-file-and-directory-discovery-81cf6644 2026-04-25T16:18:06.720Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-unload-module-via-modprobe-d475afe9 2026-04-25T16:18:06.458Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-unix-shell-configuration-modification-f268176f 2026-04-25T16:18:06.196Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-system-network-configuration-discovery-15e71b68 2026-04-25T16:18:05.934Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-sysmon-service-stop-b1b8cb49 2026-04-25T16:18:05.666Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-sudo-or-su-execution-fac9d33d 2026-04-25T16:18:05.395Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-stop-services-71c1bd9c 2026-04-25T16:18:05.124Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-shred-overwrite-command-5a576c43 2026-04-25T16:18:04.838Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-setuid-using-setcap-utility-ea55a2f5 2026-04-25T16:18:04.575Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-setuid-using-chmod-utility-41a2da81 2026-04-25T16:18:04.299Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-service-started-52d1215a 2026-04-25T16:18:04.037Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-service-restarted-ff9f1a10 2026-04-25T16:18:03.752Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-private-keys-and-certificate-enumeration-70b71c53 2026-04-25T16:18:03.490Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-preload-hijack-via-preload-file-17b77394 2026-04-25T16:18:03.223Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-preload-hijack-library-calls-e7aa3ffe 2026-04-25T16:18:02.928Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-possible-append-cronjob-entry-on-existing-cronj-e7c450ff 2026-04-25T16:18:02.669Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-possible-access-to-sudoers-file-363397e1 2026-04-25T16:18:02.396Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-possible-access-to-credential-files-e280be1a 2026-04-25T16:18:02.118Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-possible-access-or-modification-of-sshd-config--c86eda1a 2026-04-25T16:18:01.849Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-osquery-service-stop-292c7293 2026-04-25T16:18:01.554Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-nopasswd-entry-in-sudoers-file-c105dbf9 2026-04-25T16:18:01.284Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-kernel-module-using-rmmod-utility-6498d9fc 2026-04-25T16:18:01.005Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-kernel-module-enumeration-dcf6182a 2026-04-25T16:18:00.726Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-install-kernel-module-using-modprobe-utility-d532d8b3 2026-04-25T16:18:00.439Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-insert-kernel-module-using-insmod-utility-1616d675 2026-04-25T16:18:00.197Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-hidden-files-and-directories-creation-a8da5ba9 2026-04-25T16:17:59.841Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-hardware-addition-swapoff-11a9a254 2026-04-25T16:17:59.557Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-find-ssh-private-keys-2772ae3b 2026-04-25T16:17:59.293Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-find-credentials-from-password-stores-29d57201 2026-04-25T16:17:59.010Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-find-credentials-from-password-managers-e14bc61e 2026-04-25T16:17:58.734Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-file-permissions-modification-via-chattr-d4dab01e 2026-04-25T16:17:58.455Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-file-permission-modification-via-chmod-0eab6843 2026-04-25T16:17:58.188Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-file-and-directory-discovery-8b61842b 2026-04-25T16:17:57.933Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-edit-cron-table-parameter-7e3006a6 2026-04-25T16:17:57.665Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-doas-tool-execution-09ebba27 2026-04-25T16:17:57.374Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-doas-conf-file-creation-f688503e 2026-04-25T16:17:57.117Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-disable-or-modify-system-firewall-99e2f1f6 2026-04-25T16:17:56.836Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-dd-file-overwrite-ee006a67 2026-04-25T16:17:56.571Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-database-file-and-directory-discovery-de62bd30 2026-04-25T16:17:56.296Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-data-transfer-size-limits-via-split-syscall-3ca60e25 2026-04-25T16:17:56.013Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-data-transfer-size-limits-via-split-a6fd9218 2026-04-25T16:17:55.753Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-data-destruction-command-3ded4e68 2026-04-25T16:17:55.466Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-clipboard-data-copy-3f99e9d1 2026-04-25T16:17:55.198Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-change-file-owner-to-root-64b409dc 2026-04-25T16:17:54.934Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-base64-decode-files-fc8bcf0d 2026-04-25T16:17:54.687Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-auditd-service-stop-07a25c62 2026-04-25T16:17:54.421Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-auditd-daemon-start-cdf527ca 2026-04-25T16:17:54.146Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-auditd-daemon-shutdown-5ffa7ff9 2026-04-25T16:17:53.883Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-auditd-daemon-abort-abdf2452 2026-04-25T16:17:53.619Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-at-application-execution-5629d63f 2026-04-25T16:17:53.349Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-ai-cli-permission-override-activated-adcc6dd5 2026-04-25T16:17:53.081Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-add-user-account-type-b741fe4d 2026-04-25T16:17:52.814Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-add-user-account-6f6abdbd 2026-04-25T16:17:52.550Z monthly 0.6 https://detectionlint.org/library/spl-linux-at-application-execution-9162af44 2026-04-25T16:17:52.281Z monthly 0.6 https://detectionlint.org/library/spl-linux-at-allow-config-file-creation-c86c62da 2026-04-25T16:17:52.012Z monthly 0.6 https://detectionlint.org/library/spl-linux-apt-privilege-escalation-8549c088 2026-04-25T16:17:51.735Z monthly 0.6 https://detectionlint.org/library/spl-linux-adding-crontab-using-list-parameter-47c91bcc 2026-04-25T16:17:51.447Z monthly 0.6 https://detectionlint.org/library/spl-linux-add-user-account-8d198ec5 2026-04-25T16:17:51.182Z monthly 0.6 https://detectionlint.org/library/spl-linux-add-files-in-known-crontab-directories-4ed2f0f1 2026-04-25T16:17:50.902Z monthly 0.6 https://detectionlint.org/library/spl-linux-account-manipulation-of-ssh-config-and-keys-194cf8f8 2026-04-25T16:17:50.637Z monthly 0.6 https://detectionlint.org/library/spl-kerberos-user-enumeration-230bdca2 2026-04-25T16:17:50.395Z monthly 0.6 https://detectionlint.org/library/spl-kerberos-tgt-request-using-rc4-encryption-4f444fbe 2026-04-25T16:17:50.099Z monthly 0.6 https://detectionlint.org/library/spl-kerberos-service-ticket-request-using-rc4-encryption-2442cd40 2026-04-25T16:17:49.824Z monthly 0.6 https://detectionlint.org/library/spl-kerberos-pre-authentication-flag-disabled-with-powershell-77413d17 2026-04-25T16:17:49.551Z monthly 0.6 https://detectionlint.org/library/spl-kerberos-pre-authentication-flag-disabled-in-useraccountcont-838c245f 2026-04-25T16:17:49.278Z monthly 0.6 https://detectionlint.org/library/spl-kerberoasting-spn-request-with-rc4-encryption-c2ddf3bb 2026-04-25T16:17:49.001Z monthly 0.6 https://detectionlint.org/library/spl-jscript-execution-using-cscript-app-055a83c7 2026-04-25T16:17:48.720Z monthly 0.6 https://detectionlint.org/library/spl-java-writing-jsp-file-5fd7f84c 2026-04-25T16:17:48.425Z monthly 0.6 https://detectionlint.org/library/spl-interactive-session-on-remote-endpoint-with-powershell-ae3803b0 2026-04-25T16:17:48.142Z monthly 0.6 https://detectionlint.org/library/spl-impacket-lateral-movement-wmiexec-commandline-parameters-f9e83b2e 2026-04-25T16:17:47.849Z monthly 0.6 https://detectionlint.org/library/spl-impacket-lateral-movement-smbexec-commandline-parameters-679de9ae 2026-04-25T16:17:47.555Z monthly 0.6 https://detectionlint.org/library/spl-impacket-lateral-movement-commandline-parameters-a861d699 2026-04-25T16:17:47.279Z monthly 0.6 https://detectionlint.org/library/spl-icedid-exfiltrated-archived-file-creation-84dfae6d 2026-04-25T16:17:47.007Z monthly 0.6 https://detectionlint.org/library/spl-icacls-grant-command-242ebf66 2026-04-25T16:17:46.704Z monthly 0.6 https://detectionlint.org/library/spl-icacls-deny-command-3cfe29b0 2026-04-25T16:17:46.429Z monthly 0.6 https://detectionlint.org/library/spl-hunting-3cxdesktopapp-software-badbfe57 2026-04-25T16:17:46.146Z monthly 0.6 https://detectionlint.org/library/spl-high-process-termination-frequency-04d93bd0 2026-04-25T16:17:45.883Z monthly 0.6 https://detectionlint.org/library/spl-high-frequency-copy-of-files-in-network-share-2e289074 2026-04-25T16:17:45.609Z monthly 0.6 https://detectionlint.org/library/spl-hiding-files-and-directories-with-attrib-exe-496975c5 2026-04-25T16:17:45.340Z monthly 0.6 https://detectionlint.org/library/spl-hide-user-account-from-sign-in-screen-a44bb907 2026-04-25T16:17:45.042Z monthly 0.6 https://detectionlint.org/library/spl-headless-browser-usage-a06704d9 2026-04-25T16:17:44.678Z monthly 0.6 https://detectionlint.org/library/spl-headless-browser-mockbin-or-mocky-request-df5cf651 2026-04-25T16:17:44.418Z monthly 0.6 https://detectionlint.org/library/spl-gpupdate-with-no-command-line-arguments-with-network-977b38ae 2026-04-25T16:17:44.154Z monthly 0.6 https://detectionlint.org/library/spl-github-workflow-file-creation-or-modification-7ffbe68b 2026-04-25T16:17:43.843Z monthly 0.6 https://detectionlint.org/library/spl-getwmiobject-user-account-with-powershell-script-block-00954d5d 2026-04-25T16:17:43.573Z monthly 0.6 https://detectionlint.org/library/spl-getwmiobject-user-account-with-powershell-10a8a887 2026-04-25T16:17:43.307Z monthly 0.6 https://detectionlint.org/library/spl-getwmiobject-ds-user-with-powershell-script-block-ec616f0e 2026-04-25T16:17:43.034Z monthly 0.6 https://detectionlint.org/library/spl-getwmiobject-ds-user-with-powershell-dfa9df6b 2026-04-25T16:17:42.757Z monthly 0.6 https://detectionlint.org/library/spl-getwmiobject-ds-group-with-powershell-script-block-0e9505f9 2026-04-25T16:17:42.491Z monthly 0.6 https://detectionlint.org/library/spl-getwmiobject-ds-group-with-powershell-0626d902 2026-04-25T16:17:42.231Z monthly 0.6 https://detectionlint.org/library/spl-getwmiobject-ds-computer-with-powershell-script-block-e4ad0ed1 2026-04-25T16:17:41.969Z monthly 0.6 https://detectionlint.org/library/spl-getwmiobject-ds-computer-with-powershell-699ff1b7 2026-04-25T16:17:41.694Z monthly 0.6 https://detectionlint.org/library/spl-getnettcpconnection-with-powershell-script-block-af8ddb4a 2026-04-25T16:17:41.420Z monthly 0.6 https://detectionlint.org/library/spl-getnettcpconnection-with-powershell-27d929a2 2026-04-25T16:17:41.151Z monthly 0.6 https://detectionlint.org/library/spl-getlocaluser-with-powershell-script-block-b42bb4c9 2026-04-25T16:17:40.882Z monthly 0.6 https://detectionlint.org/library/spl-getlocaluser-with-powershell-c99ba045 2026-04-25T16:17:40.615Z monthly 0.6 https://detectionlint.org/library/spl-getdomaingroup-with-powershell-script-block-2444a277 2026-04-25T16:17:40.333Z monthly 0.6 https://detectionlint.org/library/spl-getdomaingroup-with-powershell-cf1bf00b 2026-04-25T16:17:40.071Z monthly 0.6 https://detectionlint.org/library/spl-getdomaincontroller-with-powershell-script-block-2a797d62 2026-04-25T16:17:39.803Z monthly 0.6 https://detectionlint.org/library/spl-getdomaincontroller-with-powershell-485b8ed4 2026-04-25T16:17:39.524Z monthly 0.6 https://detectionlint.org/library/spl-getdomaincomputer-with-powershell-script-block-ac968754 2026-04-25T16:17:39.225Z monthly 0.6 https://detectionlint.org/library/spl-getdomaincomputer-with-powershell-9fbca153 2026-04-25T16:17:38.941Z monthly 0.6 https://detectionlint.org/library/spl-getcurrent-user-with-powershell-script-block-f2f3f374 2026-04-25T16:17:38.681Z monthly 0.6 https://detectionlint.org/library/spl-getcurrent-user-with-powershell-f238795a 2026-04-25T16:17:38.401Z monthly 0.6 https://detectionlint.org/library/spl-getadgroup-with-powershell-script-block-ce3fea45 2026-04-25T16:17:38.132Z monthly 0.6 https://detectionlint.org/library/spl-getadgroup-with-powershell-a0f6ceb3 2026-04-25T16:17:37.826Z monthly 0.6 https://detectionlint.org/library/spl-getadcomputer-with-powershell-script-block-7fc78060 2026-04-25T16:17:37.520Z monthly 0.6 https://detectionlint.org/library/spl-getadcomputer-with-powershell-6dc9f79b 2026-04-25T16:17:37.243Z monthly 0.6 https://detectionlint.org/library/spl-get-wmiobject-group-discovery-with-script-block-logging-08b20afa 2026-04-25T16:17:36.969Z monthly 0.6 https://detectionlint.org/library/spl-get-wmiobject-group-discovery-e66a6706 2026-04-25T16:17:36.700Z monthly 0.6 https://detectionlint.org/library/spl-get-foresttrust-with-powershell-script-block-88e3ceb5 2026-04-25T16:17:36.438Z monthly 0.6 https://detectionlint.org/library/spl-get-foresttrust-with-powershell-d5c3e88c 2026-04-25T16:17:36.163Z monthly 0.6 https://detectionlint.org/library/spl-get-domainuser-with-powershell-script-block-cc2fd7f4 2026-04-25T16:17:35.900Z monthly 0.6 https://detectionlint.org/library/spl-get-domainuser-with-powershell-5827ea7e 2026-04-25T16:17:35.632Z monthly 0.6 https://detectionlint.org/library/spl-get-domaintrust-with-powershell-script-block-61025f2e 2026-04-25T16:17:35.368Z monthly 0.6 https://detectionlint.org/library/spl-get-domaintrust-with-powershell-83563d39 2026-04-25T16:17:35.095Z monthly 0.6 https://detectionlint.org/library/spl-get-domainpolicy-with-powershell-script-block-66304862 2026-04-25T16:17:34.824Z monthly 0.6 https://detectionlint.org/library/spl-get-domainpolicy-with-powershell-0fce2bce 2026-04-25T16:17:34.537Z monthly 0.6 https://detectionlint.org/library/spl-get-aduserresultantpasswordpolicy-with-powershell-script-blo-da3f9827 2026-04-25T16:17:34.270Z monthly 0.6 https://detectionlint.org/library/spl-get-aduserresultantpasswordpolicy-with-powershell-f0227722 2026-04-25T16:17:33.992Z monthly 0.6 https://detectionlint.org/library/spl-get-aduser-with-powershell-script-block-c0d4db63 2026-04-25T16:17:33.729Z monthly 0.6 https://detectionlint.org/library/spl-get-aduser-with-powershell-e508ae0b 2026-04-25T16:17:33.465Z monthly 0.6 https://detectionlint.org/library/spl-get-addefaultdomainpasswordpolicy-with-powershell-script-blo-d92ba7b2 2026-04-25T16:17:33.181Z monthly 0.6 https://detectionlint.org/library/spl-get-addefaultdomainpasswordpolicy-with-powershell-91f730ab 2026-04-25T16:17:32.911Z monthly 0.6 https://detectionlint.org/library/spl-fsutil-zeroing-file-2a55953d 2026-04-25T16:17:32.640Z monthly 0.6 https://detectionlint.org/library/spl-fodhelper-uac-bypass-885d123f 2026-04-25T16:17:32.385Z monthly 0.6 https://detectionlint.org/library/spl-first-time-seen-running-windows-service-e9e99328 2026-04-25T16:17:32.120Z monthly 0.6 https://detectionlint.org/library/spl-first-time-seen-child-process-of-zoom-a2ee0a5d 2026-04-25T16:17:31.856Z monthly 0.6 https://detectionlint.org/library/spl-firewall-allowed-program-enable-8d07ac84 2026-04-25T16:17:31.585Z monthly 0.6 https://detectionlint.org/library/spl-file-with-samsam-extension-088fa7e3 2026-04-25T16:17:31.318Z monthly 0.6 https://detectionlint.org/library/spl-file-download-or-read-to-pipe-execution-48f16e8d 2026-04-25T16:17:31.034Z monthly 0.6 https://detectionlint.org/library/spl-execution-of-file-with-multiple-extensions-2409ce20 2026-04-25T16:17:30.759Z monthly 0.6 https://detectionlint.org/library/spl-execute-javascript-with-jscript-com-clsid-85a441c9 2026-04-25T16:17:30.486Z monthly 0.6 https://detectionlint.org/library/spl-executables-or-script-creation-in-temp-path-6c706b8b 2026-04-25T16:17:30.221Z monthly 0.6 https://detectionlint.org/library/spl-executables-or-script-creation-in-suspicious-path-207b9a15 2026-04-25T16:17:29.949Z monthly 0.6 https://detectionlint.org/library/spl-executable-file-written-in-administrative-smb-share-9b92e1e2 2026-04-25T16:17:29.596Z monthly 0.6 https://detectionlint.org/library/spl-exchange-powershell-module-usage-2f7f2900 2026-04-25T16:17:29.326Z monthly 0.6 https://detectionlint.org/library/spl-exchange-powershell-abuse-via-ssrf-c5044c74 2026-04-25T16:17:29.046Z monthly 0.6 https://detectionlint.org/library/spl-excessive-usage-of-taskkill-708f5686 2026-04-25T16:17:28.778Z monthly 0.6 https://detectionlint.org/library/spl-excessive-usage-of-sc-service-utility-05eab652 2026-04-25T16:17:28.510Z monthly 0.6 https://detectionlint.org/library/spl-excessive-usage-of-nslookup-app-e348dac2 2026-04-25T16:17:28.232Z monthly 0.6 https://detectionlint.org/library/spl-excessive-usage-of-cacls-app-04c26391 2026-04-25T16:17:27.956Z monthly 0.6 https://detectionlint.org/library/spl-excessive-number-of-taskhost-processes-61d22ede 2026-04-25T16:17:27.670Z monthly 0.6 https://detectionlint.org/library/spl-excessive-number-of-service-control-start-as-disabled-b2f73ee8 2026-04-25T16:17:27.392Z monthly 0.6 https://detectionlint.org/library/spl-excessive-file-deletion-in-windefender-folder-374ad3da 2026-04-25T16:17:27.085Z monthly 0.6 https://detectionlint.org/library/spl-excessive-distinct-processes-from-windows-temp-92ed68f0 2026-04-25T16:17:26.800Z monthly 0.6 https://detectionlint.org/library/spl-excessive-attempt-to-disable-services-803e52f0 2026-04-25T16:17:26.522Z monthly 0.6 https://detectionlint.org/library/spl-eventvwr-uac-bypass-8f530b6e 2026-04-25T16:17:26.243Z monthly 0.6 https://detectionlint.org/library/spl-etw-registry-disabled-b6a7ac69 2026-04-25T16:17:25.964Z monthly 0.6 https://detectionlint.org/library/spl-esentutl-sam-copy-5a326d42 2026-04-25T16:17:25.687Z monthly 0.6 https://detectionlint.org/library/spl-enumerate-users-local-group-using-telegram-d8ff76da 2026-04-25T16:17:25.411Z monthly 0.6 https://detectionlint.org/library/spl-enable-wdigest-uselogoncredential-registry-92136588 2026-04-25T16:17:25.114Z monthly 0.6 https://detectionlint.org/library/spl-enable-rdp-in-other-port-number-e68ea19e 2026-04-25T16:17:24.830Z monthly 0.6 https://detectionlint.org/library/spl-elevated-group-discovery-with-wmic-f9bb161c 2026-04-25T16:17:24.556Z monthly 0.6 https://detectionlint.org/library/spl-elevated-group-discovery-with-powerview-a86dd2cf 2026-04-25T16:17:24.292Z monthly 0.6 https://detectionlint.org/library/spl-dump-lsass-via-procdump-fa4a874a 2026-04-25T16:17:23.995Z monthly 0.6 https://detectionlint.org/library/spl-dump-lsass-via-comsvcs-dll-86d41183 2026-04-25T16:17:23.721Z monthly 0.6 https://detectionlint.org/library/spl-dsquery-domain-discovery-af2bf3d3 2026-04-25T16:17:23.450Z monthly 0.6 https://detectionlint.org/library/spl-drop-icedid-license-dat-4fd1373e 2026-04-25T16:17:23.187Z monthly 0.6 https://detectionlint.org/library/spl-download-files-using-telegram-08c80eb9 2026-04-25T16:17:22.918Z monthly 0.6 https://detectionlint.org/library/spl-domain-group-discovery-with-wmic-a5605e7a 2026-04-25T16:17:22.652Z monthly 0.6 https://detectionlint.org/library/spl-domain-group-discovery-with-dsquery-ee7ebe39 2026-04-25T16:17:22.380Z monthly 0.6 https://detectionlint.org/library/spl-domain-group-discovery-with-adsisearcher-a7331309 2026-04-25T16:17:22.116Z monthly 0.6 https://detectionlint.org/library/spl-domain-controller-discovery-with-wmic-1835d533 2026-04-25T16:17:21.848Z monthly 0.6 https://detectionlint.org/library/spl-domain-controller-discovery-with-nltest-7415b29c 2026-04-25T16:17:21.556Z monthly 0.6 https://detectionlint.org/library/spl-domain-account-discovery-with-wmic-a02034d1 2026-04-25T16:17:21.292Z monthly 0.6 https://detectionlint.org/library/spl-domain-account-discovery-with-dsquery-36ced12d 2026-04-25T16:17:21.010Z monthly 0.6 https://detectionlint.org/library/spl-dns-exfiltration-using-nslookup-app-79ec050b 2026-04-25T16:17:20.705Z monthly 0.6 https://detectionlint.org/library/spl-dllhost-with-no-command-line-arguments-with-network-d1bb3954 2026-04-25T16:17:20.446Z monthly 0.6 https://detectionlint.org/library/spl-disabling-windows-local-security-authority-defences-via-regi-1aee1053 2026-04-25T16:17:20.172Z monthly 0.6 https://detectionlint.org/library/spl-disabling-task-manager-548102e7 2026-04-25T16:17:19.902Z monthly 0.6 https://detectionlint.org/library/spl-disabling-systemrestore-in-registry-944ca91d 2026-04-25T16:17:19.634Z monthly 0.6 https://detectionlint.org/library/spl-disabling-remote-user-account-control-a9f8943a 2026-04-25T16:17:19.379Z monthly 0.6 https://detectionlint.org/library/spl-disabling-norun-windows-app-6c0a7d1b 2026-04-25T16:17:19.116Z monthly 0.6 https://detectionlint.org/library/spl-disabling-folderoptions-windows-feature-47596a8c 2026-04-25T16:17:18.849Z monthly 0.6 https://detectionlint.org/library/spl-disabling-firewall-with-netsh-a0835f7d 2026-04-25T16:17:18.534Z monthly 0.6 https://detectionlint.org/library/spl-disabling-defender-services-d5ace51a 2026-04-25T16:17:18.261Z monthly 0.6 https://detectionlint.org/library/spl-disabling-controlpanel-22ab547a 2026-04-25T16:17:17.991Z monthly 0.6 https://detectionlint.org/library/spl-disabling-cmd-application-6490184d 2026-04-25T16:17:17.735Z monthly 0.6 https://detectionlint.org/library/spl-disabled-kerberos-pre-authentication-discovery-with-powervie-193dd827 2026-04-25T16:17:17.464Z monthly 0.6 https://detectionlint.org/library/spl-disabled-kerberos-pre-authentication-discovery-with-get-adus-4f3177d8 2026-04-25T16:17:17.189Z monthly 0.6 https://detectionlint.org/library/spl-disable-windows-smartscreen-protection-17eca218 2026-04-25T16:17:16.900Z monthly 0.6 https://detectionlint.org/library/spl-disable-windows-behavior-monitoring-086e092d 2026-04-25T16:17:16.611Z monthly 0.6 https://detectionlint.org/library/spl-disable-windows-app-hotkeys-28d7bd65 2026-04-25T16:17:16.331Z monthly 0.6 https://detectionlint.org/library/spl-disable-uac-remote-restriction-7a421ebb 2026-04-25T16:17:16.060Z monthly 0.6 https://detectionlint.org/library/spl-disable-show-hidden-files-8d350998 2026-04-25T16:17:15.795Z monthly 0.6 https://detectionlint.org/library/spl-disable-security-logs-using-minint-registry-25262a5a 2026-04-25T16:17:15.533Z monthly 0.6 https://detectionlint.org/library/spl-disable-schedule-task-3c33f34c 2026-04-25T16:17:15.258Z monthly 0.6 https://detectionlint.org/library/spl-disable-registry-tool-1b2773b9 2026-04-25T16:17:14.967Z monthly 0.6 https://detectionlint.org/library/spl-disable-logs-using-wevtutil-09f3234c 2026-04-25T16:17:14.680Z monthly 0.6 https://detectionlint.org/library/spl-disable-etw-through-registry-dd6645ec 2026-04-25T16:17:14.313Z monthly 0.6 https://detectionlint.org/library/spl-disable-defender-submit-samples-consent-feature-43d3a02f 2026-04-25T16:17:14.038Z monthly 0.6 https://detectionlint.org/library/spl-disable-defender-spynet-reporting-a0a64bee 2026-04-25T16:17:13.769Z monthly 0.6 https://detectionlint.org/library/spl-disable-defender-mpengine-registry-60d73ae3 2026-04-25T16:17:13.508Z monthly 0.6 https://detectionlint.org/library/spl-disable-defender-enhanced-notification-fb8db733 2026-04-25T16:17:13.223Z monthly 0.6 https://detectionlint.org/library/spl-disable-defender-blockatfirstseen-feature-88c1a2c8 2026-04-25T16:17:12.929Z monthly 0.6 https://detectionlint.org/library/spl-disable-defender-antivirus-registry-6fe14362 2026-04-25T16:17:12.663Z monthly 0.6 https://detectionlint.org/library/spl-disable-amsi-through-registry-2e9da69c 2026-04-25T16:17:12.402Z monthly 0.6 https://detectionlint.org/library/spl-detection-of-tools-built-by-nirsoft-6ad85194 2026-04-25T16:17:12.120Z monthly 0.6 https://detectionlint.org/library/spl-detect-wmi-event-subscription-persistence-0363972b 2026-04-25T16:17:11.858Z monthly 0.6 https://detectionlint.org/library/spl-detect-use-of-cmd-exe-to-launch-script-interpreters-42823823 2026-04-25T16:17:11.581Z monthly 0.6 https://detectionlint.org/library/spl-detect-sharphound-usage-3af795d0 2026-04-25T16:17:11.315Z monthly 0.6 https://detectionlint.org/library/spl-detect-sharphound-file-modifications-e5fc72bd 2026-04-25T16:17:11.040Z monthly 0.6 https://detectionlint.org/library/spl-detect-sharphound-command-line-arguments-85685344 2026-04-25T16:17:10.761Z monthly 0.6 https://detectionlint.org/library/spl-detect-rundll32-inline-hta-execution-d49b5ce7 2026-04-25T16:17:10.486Z monthly 0.6 https://detectionlint.org/library/spl-detect-rtlo-in-process-689838f8 2026-04-25T16:17:10.211Z monthly 0.6 https://detectionlint.org/library/spl-detect-rtlo-in-file-name-cbebea59 2026-04-25T16:17:09.941Z monthly 0.6 https://detectionlint.org/library/spl-detect-renamed-winrar-12285c0b 2026-04-25T16:17:09.681Z monthly 0.6 https://detectionlint.org/library/spl-detect-renamed-rclone-4c43d91c 2026-04-25T16:17:09.422Z monthly 0.6 https://detectionlint.org/library/spl-detect-renamed-psexec-3a45bf75 2026-04-25T16:17:09.145Z monthly 0.6 https://detectionlint.org/library/spl-detect-renamed-7-zip-26407127 2026-04-25T16:17:08.881Z monthly 0.6 https://detectionlint.org/library/spl-detect-remote-access-software-usage-registry-00327b5a 2026-04-25T16:17:08.602Z monthly 0.6 https://detectionlint.org/library/spl-detect-remote-access-software-usage-process-4ac2a742 2026-04-25T16:17:08.327Z monthly 0.6 https://detectionlint.org/library/spl-detect-remote-access-software-usage-fileinfo-55a0dcdc 2026-04-25T16:17:08.058Z monthly 0.6 https://detectionlint.org/library/spl-detect-remote-access-software-usage-file-2e0a1285 2026-04-25T16:17:07.783Z monthly 0.6 https://detectionlint.org/library/spl-detect-regsvr32-application-control-bypass-383f7479 2026-04-25T16:17:07.508Z monthly 0.6 https://detectionlint.org/library/spl-detect-regsvcs-with-no-command-line-arguments-7536f6de 2026-04-25T16:17:07.241Z monthly 0.6 https://detectionlint.org/library/spl-detect-regsvcs-with-network-connection-6381dd62 2026-04-25T16:17:06.985Z monthly 0.6 https://detectionlint.org/library/spl-detect-regsvcs-spawning-a-process-6c324e91 2026-04-25T16:17:06.702Z monthly 0.6 https://detectionlint.org/library/spl-detect-regasm-with-no-command-line-arguments-478463e9 2026-04-25T16:17:06.432Z monthly 0.6 https://detectionlint.org/library/spl-detect-regasm-with-network-connection-d80f5dc1 2026-04-25T16:17:06.155Z monthly 0.6 https://detectionlint.org/library/spl-detect-regasm-spawning-a-process-ab221597 2026-04-25T16:17:05.885Z monthly 0.6 https://detectionlint.org/library/spl-detect-rclone-command-line-usage-ed49fb3d 2026-04-25T16:17:05.609Z monthly 0.6 https://detectionlint.org/library/spl-detect-rare-executables-d48b292e 2026-04-25T16:17:05.334Z monthly 0.6 https://detectionlint.org/library/spl-detect-psexec-with-accepteula-flag-54e5d0ae 2026-04-25T16:17:05.070Z monthly 0.6 https://detectionlint.org/library/spl-detect-prohibited-applications-spawning-cmd-exe-be6fa005 2026-04-25T16:17:04.786Z monthly 0.6 https://detectionlint.org/library/spl-detect-path-interception-by-creation-of-program-exe-eb2b56ee 2026-04-25T16:17:04.517Z monthly 0.6 https://detectionlint.org/library/spl-detect-password-spray-attack-behavior-on-user-522d9014 2026-04-25T16:17:04.255Z monthly 0.6 https://detectionlint.org/library/spl-detect-password-spray-attack-behavior-from-source-f77c9c3b 2026-04-25T16:17:03.997Z monthly 0.6 https://detectionlint.org/library/spl-detect-outlook-exe-writing-a-zip-file-8ca3802d 2026-04-25T16:17:03.721Z monthly 0.6 https://detectionlint.org/library/spl-detect-new-local-admin-account-6d899887 2026-04-25T16:17:03.441Z monthly 0.6 https://detectionlint.org/library/spl-detect-mshta-url-in-command-line-ba7102b2 2026-04-25T16:17:03.172Z monthly 0.6 https://detectionlint.org/library/spl-detect-mshta-renamed-28650715 2026-04-25T16:17:02.898Z monthly 0.6 https://detectionlint.org/library/spl-detect-mshta-inline-hta-execution-4b9abadc 2026-04-25T16:17:02.624Z monthly 0.6 https://detectionlint.org/library/spl-detect-mimikatz-with-powershell-script-block-logging-ac8d705e 2026-04-25T16:17:02.334Z monthly 0.6 https://detectionlint.org/library/spl-detect-html-help-using-infotech-storage-handlers-0f12163c 2026-04-25T16:17:02.066Z monthly 0.6 https://detectionlint.org/library/spl-detect-html-help-url-in-command-line-f94892ff 2026-04-25T16:17:01.780Z monthly 0.6 https://detectionlint.org/library/spl-detect-html-help-renamed-cbfae4f5 2026-04-25T16:17:01.493Z monthly 0.6 https://detectionlint.org/library/spl-detect-exchange-web-shell-0388871b 2026-04-25T16:17:01.209Z monthly 0.6 https://detectionlint.org/library/spl-detect-excessive-user-account-lockouts-25b60440 2026-04-25T16:17:00.943Z monthly 0.6 https://detectionlint.org/library/spl-detect-excessive-account-lockouts-from-endpoint-a778f432 2026-04-25T16:17:00.647Z monthly 0.6 https://detectionlint.org/library/spl-detect-empire-with-powershell-script-block-logging-45f31777 2026-04-25T16:17:00.359Z monthly 0.6 https://detectionlint.org/library/spl-detect-credential-dumping-through-lsass-access-6bf7ddc4 2026-04-25T16:17:00.107Z monthly 0.6 https://detectionlint.org/library/spl-detect-copy-of-shadowcopy-with-script-block-logging-28837336 2026-04-25T16:16:59.842Z monthly 0.6 https://detectionlint.org/library/spl-detect-computer-changed-with-anonymous-account-d8b0ed64 2026-04-25T16:16:59.579Z monthly 0.6 https://detectionlint.org/library/spl-detect-certipy-file-modifications-d278629d 2026-04-25T16:16:59.216Z monthly 0.6 https://detectionlint.org/library/spl-detect-certify-with-powershell-script-block-logging-6ca12405 2026-04-25T16:16:58.946Z monthly 0.6 https://detectionlint.org/library/spl-detect-certify-command-line-arguments-a07cf9bc 2026-04-25T16:16:58.684Z monthly 0.6 https://detectionlint.org/library/spl-detect-baron-samedit-cve-2021-3156-via-osquery-69b29d91 2026-04-25T16:16:58.419Z monthly 0.6 https://detectionlint.org/library/spl-detect-baron-samedit-cve-2021-3156-segfault-7f7699dc 2026-04-25T16:16:58.131Z monthly 0.6 https://detectionlint.org/library/spl-detect-baron-samedit-cve-2021-3156-a7770d77 2026-04-25T16:16:57.866Z monthly 0.6 https://detectionlint.org/library/spl-detect-azurehound-file-modifications-de7c5585 2026-04-25T16:16:57.611Z monthly 0.6 https://detectionlint.org/library/spl-detect-azurehound-command-line-arguments-af2a7090 2026-04-25T16:16:57.338Z monthly 0.6 https://detectionlint.org/library/spl-deleting-shadow-copies-8dd55fcc 2026-04-25T16:16:57.056Z monthly 0.6 https://detectionlint.org/library/spl-delete-shadowcopy-with-powershell-3e82086d 2026-04-25T16:16:56.792Z monthly 0.6 https://detectionlint.org/library/spl-curl-execution-with-percent-encoded-url-15afd394 2026-04-25T16:16:56.515Z monthly 0.6 https://detectionlint.org/library/spl-csc-net-on-the-fly-compilation-e2afbdf2 2026-04-25T16:16:56.254Z monthly 0.6 https://detectionlint.org/library/spl-crowdstrike-user-with-duplicate-password-b0f9749a 2026-04-25T16:16:55.988Z monthly 0.6 https://detectionlint.org/library/spl-crowdstrike-user-weak-password-policy-1e6140fc 2026-04-25T16:16:55.722Z monthly 0.6 https://detectionlint.org/library/spl-crowdstrike-privilege-escalation-for-non-admin-user-4c52a93d 2026-04-25T16:16:55.461Z monthly 0.6 https://detectionlint.org/library/spl-crowdstrike-multiple-low-severity-alerts-97e6310f 2026-04-25T16:16:55.192Z monthly 0.6 https://detectionlint.org/library/spl-crowdstrike-medium-severity-alert-4ca7d7d2 2026-04-25T16:16:54.924Z monthly 0.6 https://detectionlint.org/library/spl-crowdstrike-medium-identity-risk-severity-e5285a00 2026-04-25T16:16:54.665Z monthly 0.6 https://detectionlint.org/library/spl-crowdstrike-high-identity-risk-severity-e9ee8e39 2026-04-25T16:16:54.393Z monthly 0.6 https://detectionlint.org/library/spl-crowdstrike-falcon-stream-alerts-496a90cd 2026-04-25T16:16:54.120Z monthly 0.6 https://detectionlint.org/library/spl-crowdstrike-admin-with-duplicate-password-816f56ff 2026-04-25T16:16:53.856Z monthly 0.6 https://detectionlint.org/library/spl-crowdstrike-admin-weak-password-policy-0026bace 2026-04-25T16:16:53.591Z monthly 0.6 https://detectionlint.org/library/spl-credential-dumping-via-symlink-to-shadow-copy-3d04aaad 2026-04-25T16:16:53.328Z monthly 0.6 https://detectionlint.org/library/spl-credential-dumping-via-copy-command-from-shadow-copy-85a9fcf3 2026-04-25T16:16:53.070Z monthly 0.6 https://detectionlint.org/library/spl-creation-of-shadow-copy-with-wmic-and-powershell-9be97a6d 2026-04-25T16:16:52.806Z monthly 0.6 https://detectionlint.org/library/spl-creation-of-shadow-copy-63fe783f 2026-04-25T16:16:52.537Z monthly 0.6 https://detectionlint.org/library/spl-creation-of-lsass-dump-with-taskmgr-feb19062 2026-04-25T16:16:52.273Z monthly 0.6 https://detectionlint.org/library/spl-create-remote-thread-into-lsass-041f921b 2026-04-25T16:16:51.997Z monthly 0.6 https://detectionlint.org/library/spl-create-remote-thread-in-shell-application-460c774e 2026-04-25T16:16:51.737Z monthly 0.6 https://detectionlint.org/library/spl-create-or-delete-windows-shares-using-net-exe-ff17ee60 2026-04-25T16:16:51.472Z monthly 0.6 https://detectionlint.org/library/spl-control-loading-from-world-writable-directory-b489c5e3 2026-04-25T16:16:51.204Z monthly 0.6 https://detectionlint.org/library/spl-conti-common-exec-parameter-26e17c2a 2026-04-25T16:16:50.926Z monthly 0.6 https://detectionlint.org/library/spl-connectwise-screenconnect-path-traversal-windows-sacl-774d2978 2026-04-25T16:16:50.653Z monthly 0.6 https://detectionlint.org/library/spl-connectwise-screenconnect-path-traversal-6f29b429 2026-04-25T16:16:50.367Z monthly 0.6 https://detectionlint.org/library/spl-common-ransomware-notes-103bc2f6 2026-04-25T16:16:50.084Z monthly 0.6 https://detectionlint.org/library/spl-common-ransomware-extensions-1c10fa37 2026-04-25T16:16:49.817Z monthly 0.6 https://detectionlint.org/library/spl-cmlua-or-cmstplua-uac-bypass-502ff5f3 2026-04-25T16:16:49.565Z monthly 0.6 https://detectionlint.org/library/spl-cmd-echo-pipe---escalation-2aa0d988 2026-04-25T16:16:49.313Z monthly 0.6 https://detectionlint.org/library/spl-cmd-carry-out-string-command-parameter-364a026b 2026-04-25T16:16:49.042Z monthly 0.6 https://detectionlint.org/library/spl-clop-ransomware-known-service-name-d8330557 2026-04-25T16:16:48.769Z monthly 0.6 https://detectionlint.org/library/spl-clop-common-exec-parameter-ca7d3a71 2026-04-25T16:16:48.507Z monthly 0.6 https://detectionlint.org/library/spl-clear-unallocated-sector-using-cipher-app-97a64e9b 2026-04-25T16:16:48.224Z monthly 0.6 https://detectionlint.org/library/spl-cisco-nvm---webserver-download-from-file-sharing-website-f51b7d84 2026-04-25T16:16:47.964Z monthly 0.6 https://detectionlint.org/library/spl-cisco-nvm---suspicious-network-connection-to-ip-lookup-servi-f3b7c0d3 2026-04-25T16:16:47.691Z monthly 0.6 https://detectionlint.org/library/spl-cisco-nvm---suspicious-network-connection-initiated-via-msxs-473ccb9a 2026-04-25T16:16:47.405Z monthly 0.6 https://detectionlint.org/library/spl-cisco-nvm---suspicious-network-connection-from-process-with--f62a89b8 2026-04-25T16:16:47.146Z monthly 0.6 https://detectionlint.org/library/spl-cisco-nvm---suspicious-file-download-via-headless-browser-63c3bc9b 2026-04-25T16:16:46.874Z monthly 0.6 https://detectionlint.org/library/spl-cisco-nvm---suspicious-download-from-file-sharing-website-615715bf 2026-04-25T16:16:46.590Z monthly 0.6 https://detectionlint.org/library/spl-cisco-nvm---susp-script-from-archive-triggering-network-acti-a5de7b70 2026-04-25T16:16:46.329Z monthly 0.6 https://detectionlint.org/library/spl-cisco-nvm---rundll32-abuse-of-mshtmldll-for-payload-download-631d4980 2026-04-25T16:16:46.040Z monthly 0.6 https://detectionlint.org/library/spl-cisco-nvm---rclone-execution-with-network-activity-38e76c2b 2026-04-25T16:16:45.770Z monthly 0.6 https://detectionlint.org/library/spl-cisco-nvm---outbound-connection-to-suspicious-port-79dc2273 2026-04-25T16:16:45.507Z monthly 0.6 https://detectionlint.org/library/spl-cisco-nvm---non-network-binary-making-network-connection-7ae00c21 2026-04-25T16:16:45.215Z monthly 0.6 https://detectionlint.org/library/spl-cisco-nvm---mshtml-or-mshta-network-execution-without-url-in-fb54ef12 2026-04-25T16:16:44.941Z monthly 0.6 https://detectionlint.org/library/spl-cisco-nvm---installation-of-typosquatted-python-package-e4e8eb17 2026-04-25T16:16:44.667Z monthly 0.6 https://detectionlint.org/library/spl-cisco-nvm---curl-execution-with-insecure-flags-b21ada75 2026-04-25T16:16:44.405Z monthly 0.6 https://detectionlint.org/library/spl-cisco-isovalent---shell-execution-052022e9 2026-04-25T16:16:44.041Z monthly 0.6 https://detectionlint.org/library/spl-cisco-isovalent---potential-escape-to-host-2e774003 2026-04-25T16:16:43.778Z monthly 0.6 https://detectionlint.org/library/spl-cisco-isovalent---pods-running-offensive-tools-9b8175aa 2026-04-25T16:16:43.484Z monthly 0.6 https://detectionlint.org/library/spl-cisco-isovalent---nsenter-usage-in-kubernetes-pod-155e6ce1 2026-04-25T16:16:43.217Z monthly 0.6 https://detectionlint.org/library/spl-cisco-isovalent---non-allowlisted-image-use-e6304295 2026-04-25T16:16:42.952Z monthly 0.6 https://detectionlint.org/library/spl-cisco-isovalent---late-process-execution-f2bf648b 2026-04-25T16:16:42.684Z monthly 0.6 https://detectionlint.org/library/spl-cisco-isovalent---kprobe-spike-2ca593c1 2026-04-25T16:16:42.415Z monthly 0.6 https://detectionlint.org/library/spl-cisco-isovalent---curl-execution-with-insecure-flags-58d45304 2026-04-25T16:16:42.149Z monthly 0.6 https://detectionlint.org/library/spl-cisco-isovalent---cron-job-creation-496f840a 2026-04-25T16:16:41.882Z monthly 0.6 https://detectionlint.org/library/spl-cisco-isovalent---access-to-cloud-metadata-service-6a4d804c 2026-04-25T16:16:41.622Z monthly 0.6 https://detectionlint.org/library/spl-child-processes-of-spoolsv-exe-eb832d42 2026-04-25T16:16:41.356Z monthly 0.6 https://detectionlint.org/library/spl-check-elevated-cmd-using-whoami-7f461c3b 2026-04-25T16:16:41.068Z monthly 0.6 https://detectionlint.org/library/spl-change-to-safe-mode-with-network-config-a72d2cb5 2026-04-25T16:16:40.794Z monthly 0.6 https://detectionlint.org/library/spl-certutil-with-decode-argument-4f6d1ddf 2026-04-25T16:16:40.512Z monthly 0.6 https://detectionlint.org/library/spl-certutil-exe-certificate-extraction-58827449 2026-04-25T16:16:40.250Z monthly 0.6 https://detectionlint.org/library/spl-bitsadmin-download-file-616dab8a 2026-04-25T16:16:39.968Z monthly 0.6 https://detectionlint.org/library/spl-bits-job-persistence-6c0a2ef6 2026-04-25T16:16:39.684Z monthly 0.6 https://detectionlint.org/library/spl-bcdedit-failure-recovery-modification-6a7a8a69 2026-04-25T16:16:39.403Z monthly 0.6 https://detectionlint.org/library/spl-bcdedit-command-back-to-normal-mode-boot-da5a7b43 2026-04-25T16:16:39.128Z monthly 0.6 https://detectionlint.org/library/spl-batch-file-write-to-system32-a0f253a6 2026-04-25T16:16:38.848Z monthly 0.6 https://detectionlint.org/library/spl-auto-admin-logon-registry-entry-cfd3cea7 2026-04-25T16:16:38.574Z monthly 0.6 https://detectionlint.org/library/spl-attacker-tools-on-endpoint-448bdb82 2026-04-25T16:16:38.292Z monthly 0.6 https://detectionlint.org/library/spl-anomalous-usage-of-7zip-fb6965cc 2026-04-25T16:16:38.033Z monthly 0.6 https://detectionlint.org/library/spl-allow-operation-with-consent-admin-5d309214 2026-04-25T16:16:37.756Z monthly 0.6 https://detectionlint.org/library/spl-allow-network-discovery-in-firewall-729577d7 2026-04-25T16:16:37.489Z monthly 0.6 https://detectionlint.org/library/spl-allow-inbound-traffic-in-firewall-rule-8fbac985 2026-04-25T16:16:37.214Z monthly 0.6 https://detectionlint.org/library/spl-allow-inbound-traffic-by-firewall-rule-registry-9db4187a 2026-04-25T16:16:36.940Z monthly 0.6 https://detectionlint.org/library/spl-allow-file-and-printing-sharing-in-firewall-15ce36a0 2026-04-25T16:16:36.649Z monthly 0.6 https://detectionlint.org/library/spl-advanced-ip-or-port-scanner-execution-4f3df886 2026-04-25T16:16:36.367Z monthly 0.6 https://detectionlint.org/library/spl-adsisearcher-account-discovery-564c185f 2026-04-25T16:16:36.106Z monthly 0.6 https://detectionlint.org/library/spl-add-or-set-windows-defender-exclusion-9d65135e 2026-04-25T16:16:35.825Z monthly 0.6 https://detectionlint.org/library/spl-add-defaultuser-and-password-in-registry-84ef2f58 2026-04-25T16:16:35.545Z monthly 0.6 https://detectionlint.org/library/spl-active-setup-registry-autostart-1a0cb535 2026-04-25T16:16:35.269Z monthly 0.6 https://detectionlint.org/library/spl-active-directory-privilege-escalation-identified-8196f0c2 2026-04-25T16:16:34.998Z monthly 0.6 https://detectionlint.org/library/spl-active-directory-lateral-movement-identified-870a0e42 2026-04-25T16:16:34.723Z monthly 0.6 https://detectionlint.org/library/spl-access-lsass-memory-for-dump-creation-0a9dfef9 2026-04-25T16:16:34.442Z monthly 0.6 https://detectionlint.org/library/spl-7zip-commandline-to-smb-share-path-16428275 2026-04-25T16:16:34.172Z monthly 0.6 https://detectionlint.org/library/kql-deprecated---sudo-heap-based-buffer-overflow-attempt-43ee065c 2026-04-25T16:16:32.721Z monthly 0.6 https://detectionlint.org/library/kql-potential-privilege-escalation-via-sudoers-file-modification-543ee360 2026-04-25T16:16:32.390Z monthly 0.6 https://detectionlint.org/library/kql-ssh-authorized-keys-file-activity-9391e458 2026-04-25T16:16:32.056Z monthly 0.6 https://detectionlint.org/library/kql-bash-shell-profile-modification-bf7ccaf9 2026-04-25T16:16:31.812Z monthly 0.6 https://detectionlint.org/library/kql-multiple-alerts-in-different-attck-tactics-on-a-single-host-5203eadb 2026-04-25T16:16:30.057Z monthly 0.6 https://detectionlint.org/library/kql-zoom-meeting-with-no-passcode-4550b939 2026-04-25T16:16:29.612Z monthly 0.6 https://detectionlint.org/library/kql-new-usb-storage-device-mounted-e61929bd 2026-04-25T16:16:29.157Z monthly 0.6 https://detectionlint.org/library/kql-deprecated---eggshell-backdoor-execution-9ea56c6f 2026-04-25T16:16:27.378Z monthly 0.6 https://detectionlint.org/library/kql-aws-ssm-sendcommand-with-run-shell-command-parameters-6b8c2e0d 2026-04-25T16:16:26.599Z monthly 0.6 https://detectionlint.org/library/kql-unusual-process-modifying-genai-configuration-file-b2d73134 2026-04-25T16:16:25.129Z monthly 0.6 https://detectionlint.org/library/kql-genai-process-connection-to-unusual-domain-2e6bd02f 2026-04-25T16:16:23.513Z monthly 0.6 https://detectionlint.org/library/kql-fortigate-administrator-account-creation-from-unusual-source-a1b48463 2026-04-25T16:16:22.927Z monthly 0.6 https://detectionlint.org/library/kql-abnormally-large-dns-response-30b46506 2026-04-25T16:16:22.679Z monthly 0.6 https://detectionlint.org/library/kql-inbound-connection-to-an-unsecure-elasticsearch-node-eb1f5740 2026-04-25T16:16:22.427Z monthly 0.6 https://detectionlint.org/library/kql-smb-windows-file-sharing-activity-to-the-internet-fc43566c 2026-04-25T16:16:22.185Z monthly 0.6 https://detectionlint.org/library/kql-rpc-remote-procedure-call-to-the-internet-cf4235a7 2026-04-25T16:16:21.946Z monthly 0.6 https://detectionlint.org/library/kql-rpc-remote-procedure-call-from-the-internet-2406bbbc 2026-04-25T16:16:21.702Z monthly 0.6 https://detectionlint.org/library/kql-react2shell-network-security-alert-3ca6b1c2 2026-04-25T16:16:21.429Z monthly 0.6 https://detectionlint.org/library/kql-potential-syn-based-port-scan-detected-dfc157aa 2026-04-25T16:16:20.910Z monthly 0.6 https://detectionlint.org/library/kql-potential-network-sweep-detected-1ca9a82d 2026-04-25T16:16:20.594Z monthly 0.6 https://detectionlint.org/library/kql-vnc-virtual-network-computing-to-the-internet-0a940cbb 2026-04-25T16:16:20.276Z monthly 0.6 https://detectionlint.org/library/kql-vnc-virtual-network-computing-from-the-internet-308c6ccc 2026-04-25T16:16:20.026Z monthly 0.6 https://detectionlint.org/library/kql-rdp-remote-desktop-protocol-from-the-internet-23841a90 2026-04-25T16:16:19.782Z monthly 0.6 https://detectionlint.org/library/kql-smtp-on-port-26tcp-236e8557 2026-04-25T16:16:19.518Z monthly 0.6 https://detectionlint.org/library/kql-ipsec-nat-traversal-port-activity-8030f102 2026-04-25T16:16:19.275Z monthly 0.6 https://detectionlint.org/library/kql-halfbaked-command-and-control-beacon-bc172121 2026-04-25T16:16:19.022Z monthly 0.6 https://detectionlint.org/library/kql-possible-fin7-dga-command-and-control-behavior-df9677d4 2026-04-25T16:16:18.777Z monthly 0.6 https://detectionlint.org/library/kql-roshal-archive-rar-or-powershell-file-downloaded-from-the-in-f3ff83b4 2026-04-25T16:16:18.519Z monthly 0.6 https://detectionlint.org/library/kql-default-cobalt-strike-team-server-certificate-52db5a84 2026-04-25T16:16:18.270Z monthly 0.6 https://detectionlint.org/library/kql-cobalt-strike-command-and-control-beacon-1fa2420c 2026-04-25T16:16:18.019Z monthly 0.6 https://detectionlint.org/library/kql-accepted-default-telnet-port-connection-d3e140d3 2026-04-25T16:16:17.776Z monthly 0.6 https://detectionlint.org/library/kql-first-time-python-created-a-launchagent-or-launchdaemon-d7a9ccc7 2026-04-25T16:16:16.571Z monthly 0.6 https://detectionlint.org/library/kql-potential-persistence-via-login-hook-72296943 2026-04-25T16:16:16.125Z monthly 0.6 https://detectionlint.org/library/kql-first-time-python-spawned-a-shell-on-host-f6078a5b 2026-04-25T16:16:13.943Z monthly 0.6 https://detectionlint.org/library/kql-first-time-python-accessed-sensitive-credential-files-452f7ae5 2026-04-25T16:16:11.965Z monthly 0.6 https://detectionlint.org/library/kql-potential-macos-ssh-brute-force-detected-4b6f334e 2026-04-25T16:16:11.643Z monthly 0.6 https://detectionlint.org/library/kql-unusual-network-connection-to-suspicious-web-service-3b524653 2026-04-25T16:16:10.908Z monthly 0.6 https://detectionlint.org/library/kql-unusual-network-connection-to-suspicious-top-level-domain-127e65aa 2026-04-25T16:16:10.659Z monthly 0.6 https://detectionlint.org/library/kql-uid-elevation-from-previously-unknown-executable-9e850b25 2026-04-25T16:16:09.418Z monthly 0.6 https://detectionlint.org/library/kql-potential-shadow-file-read-via-command-line-utilities-68f0ce93 2026-04-25T16:16:08.572Z monthly 0.6 https://detectionlint.org/library/kql-potential-buffer-overflow-attack-detected-ee183ff1 2026-04-25T16:16:08.073Z monthly 0.6 https://detectionlint.org/library/kql-modification-of-dynamic-linker-preload-shared-object-c3098cef 2026-04-25T16:16:07.409Z monthly 0.6 https://detectionlint.org/library/kql-potential-privilege-escalation-via-linux-dac-permissions-375b3391 2026-04-25T16:16:06.628Z monthly 0.6 https://detectionlint.org/library/kql-unusual-web-server-command-execution-143d9437 2026-04-25T16:16:05.885Z monthly 0.6 https://detectionlint.org/library/kql-unusual-sshd-child-process-f1aed130 2026-04-25T16:16:05.275Z monthly 0.6 https://detectionlint.org/library/kql-authentication-via-unusual-pam-grantor-a7efa543 2026-04-25T16:16:05.004Z monthly 0.6 https://detectionlint.org/library/kql-unusual-exim4-child-process-e1e4cbfa 2026-04-25T16:16:04.752Z monthly 0.6 https://detectionlint.org/library/kql-tainted-out-of-tree-kernel-module-load-385abf77 2026-04-25T16:16:04.370Z monthly 0.6 https://detectionlint.org/library/kql-tainted-kernel-module-load-f8dde20a 2026-04-25T16:16:04.115Z monthly 0.6 https://detectionlint.org/library/kql-systemd-service-started-by-unusual-parent-process-321c5f83 2026-04-25T16:16:03.804Z monthly 0.6 https://detectionlint.org/library/kql-unusual-login-via-system-user-097a24cc 2026-04-25T16:16:03.096Z monthly 0.6 https://detectionlint.org/library/kql-shared-object-created-by-previously-unknown-process-b347280c 2026-04-25T16:16:02.465Z monthly 0.6 https://detectionlint.org/library/kql-rpm-package-installed-by-unusual-parent-process-1cc3fd67 2026-04-25T16:16:02.091Z monthly 0.6 https://detectionlint.org/library/kql-suspicious-rclocal-error-message-4588abf3 2026-04-25T16:16:01.722Z monthly 0.6 https://detectionlint.org/library/kql-kernel-object-file-creation-3e479270 2026-04-25T16:16:00.036Z monthly 0.6 https://detectionlint.org/library/kql-dpkg-package-installed-by-unusual-parent-process-b34ab582 2026-04-25T16:15:58.746Z monthly 0.6 https://detectionlint.org/library/kql-renaming-of-openssh-binaries-34f69238 2026-04-25T16:15:58.126Z monthly 0.6 https://detectionlint.org/library/kql-suspicious-usage-of-bpf_probe_write_user-helper-e5b34781 2026-04-25T16:15:57.715Z monthly 0.6 https://detectionlint.org/library/kql-unusual-remote-file-creation-23403cf6 2026-04-25T16:15:57.094Z monthly 0.6 https://detectionlint.org/library/kql-remote-file-creation-in-world-writeable-directory-9faa174c 2026-04-25T16:15:56.598Z monthly 0.6 https://detectionlint.org/library/kql-successful-ssh-authentication-from-unusual-ip-address-1ddef3fd 2026-04-25T16:15:56.091Z monthly 0.6 https://detectionlint.org/library/kql-successful-ssh-authentication-from-unusual-ssh-public-key-ebc336f4 2026-04-25T16:15:55.594Z monthly 0.6 https://detectionlint.org/library/kql-high-number-of-process-terminations-fad70c1d 2026-04-25T16:15:55.291Z monthly 0.6 https://detectionlint.org/library/kql-unusual-pkexec-execution-37339fe2 2026-04-25T16:15:54.381Z monthly 0.6 https://detectionlint.org/library/kql-suspicious-path-invocation-from-command-line-375aa50e 2026-04-25T16:15:54.132Z monthly 0.6 https://detectionlint.org/library/kql-unusual-execution-from-kernel-thread-kthreadd-parent-ce15794d 2026-04-25T16:15:53.885Z monthly 0.6 https://detectionlint.org/library/kql-interactive-shell-launched-via-unusual-parent-process-in-a-c-ddaed745 2026-04-25T16:15:53.626Z monthly 0.6 https://detectionlint.org/library/kql-unknown-execution-of-binary-with-rwx-memory-region-91b47b39 2026-04-25T16:15:53.368Z monthly 0.6 https://detectionlint.org/library/kql-suspicious-named-pipe-creation-02ba5dd8 2026-04-25T16:15:52.835Z monthly 0.6 https://detectionlint.org/library/kql-suspicious-system-commands-executed-by-previously-unknown-ex-97a01a88 2026-04-25T16:15:52.519Z monthly 0.6 https://detectionlint.org/library/kql-process-backgrounded-by-unusual-parent-916ba072 2026-04-25T16:15:51.238Z monthly 0.6 https://detectionlint.org/library/kql-privileged-docker-container-creation-839dc32c 2026-04-25T16:15:50.976Z monthly 0.6 https://detectionlint.org/library/kql-process-started-with-executable-stack-57b1bd83 2026-04-25T16:15:50.061Z monthly 0.6 https://detectionlint.org/library/kql-abnormal-process-id-or-lock-file-created-cd85670a 2026-04-25T16:15:49.405Z monthly 0.6 https://detectionlint.org/library/kql-potential-network-scan-executed-from-host-c90f528c 2026-04-25T16:15:48.167Z monthly 0.6 https://detectionlint.org/library/kql-unusual-kernel-module-enumeration-687f0cb2 2026-04-25T16:15:47.448Z monthly 0.6 https://detectionlint.org/library/kql-file-creation-in-varlog-via-suspicious-process-91d3020c 2026-04-25T16:15:46.803Z monthly 0.6 https://detectionlint.org/library/kql-unusual-preload-environment-variable-process-execution-3fa51235 2026-04-25T16:15:46.466Z monthly 0.6 https://detectionlint.org/library/kql-system-binary-symlink-to-suspicious-location-2ce8d796 2026-04-25T16:15:46.074Z monthly 0.6 https://detectionlint.org/library/kql-unusual-ld_preloadld_library_path-command-line-arguments-7d1dc7df 2026-04-25T16:15:44.949Z monthly 0.6 https://detectionlint.org/library/kql-kill-command-execution-107cbc57 2026-04-25T16:15:44.615Z monthly 0.6 https://detectionlint.org/library/kql-unusual-interactive-shell-launched-from-system-user-c7ca48c4 2026-04-25T16:15:44.162Z monthly 0.6 https://detectionlint.org/library/kql-file-permission-modification-in-writable-directory-bf5880b7 2026-04-25T16:15:43.557Z monthly 0.6 https://detectionlint.org/library/kql-file-creation-in-world-writable-directory-by-unusual-process-d219ff06 2026-04-25T16:15:43.233Z monthly 0.6 https://detectionlint.org/library/kql-sensitive-files-compression-8c36c9aa 2026-04-25T16:15:39.999Z monthly 0.6 https://detectionlint.org/library/kql-suspicious-network-activity-to-the-internet-by-previously-un-108a20e6 2026-04-25T16:15:39.506Z monthly 0.6 https://detectionlint.org/library/kql-network-activity-detected-via-kworker-33754f75 2026-04-25T16:15:38.779Z monthly 0.6 https://detectionlint.org/library/kql-aws-cli-command-with-custom-endpoint-url-6db81752 2026-04-25T16:15:37.996Z monthly 0.6 https://detectionlint.org/library/kql-linux-video-recording-or-screenshot-activity-detected-6db5d340 2026-04-25T16:15:37.744Z monthly 0.6 https://detectionlint.org/library/kql-linux-audio-recording-activity-detected-d4d05090 2026-04-25T16:15:37.487Z monthly 0.6 https://detectionlint.org/library/kql-linux-clipboard-activity-detected-6acd46a5 2026-04-25T16:15:37.225Z monthly 0.6 https://detectionlint.org/library/kql-suspicious-seincreasebasepriorityprivilege-use-0642b9d6 2026-04-25T16:15:35.802Z monthly 0.6 https://detectionlint.org/library/kql-deprecated---suspicious-printspooler-service-executable-file-b9ed1a9a 2026-04-25T16:15:34.986Z monthly 0.6 https://detectionlint.org/library/kql-powershell-script-with-token-impersonation-capabilities-e4f21150 2026-04-25T16:15:34.658Z monthly 0.6 https://detectionlint.org/library/kql-first-time-seen-newcredentials-logon-process-82fdae72 2026-04-25T16:15:34.279Z monthly 0.6 https://detectionlint.org/library/kql-first-time-seen-driver-loaded-a07167d9 2026-04-25T16:15:33.224Z monthly 0.6 https://detectionlint.org/library/kql-dmsa-account-creation-by-an-unusual-user-9351f142 2026-04-25T16:15:32.903Z monthly 0.6 https://detectionlint.org/library/kql-modification-of-the-mspkiaccountcredentials-64e98c64 2026-04-25T16:15:32.545Z monthly 0.6 https://detectionlint.org/library/kql-delegated-managed-service-account-modification-by-an-unusual-424df716 2026-04-25T16:15:32.141Z monthly 0.6 https://detectionlint.org/library/kql-web-shell-detection-script-process-child-of-common-web-proce-8c4aa39b 2026-04-25T16:15:31.722Z monthly 0.6 https://detectionlint.org/library/kql-execution-via-mssql-xp_cmdshell-stored-procedure-0791c9fe 2026-04-25T16:15:31.390Z monthly 0.6 https://detectionlint.org/library/kql-unusual-scheduled-task-update-0819aa95 2026-04-25T16:15:29.277Z monthly 0.6 https://detectionlint.org/library/kql-adminsdholder-backdoor-99452c10 2026-04-25T16:15:27.152Z monthly 0.6 https://detectionlint.org/library/kql-unusual-file-operation-by-dnsexe-21fb37ea 2026-04-25T16:15:26.678Z monthly 0.6 https://detectionlint.org/library/kql-potential-pass-the-hash-pth-attempt-93793faf 2026-04-25T16:15:24.798Z monthly 0.6 https://detectionlint.org/library/kql-first-time-seen-removable-device-ca4860ae 2026-04-25T16:15:23.402Z monthly 0.6 https://detectionlint.org/library/kql-high-number-of-process-andor-service-terminations-26441ea9 2026-04-25T16:15:22.602Z monthly 0.6 https://detectionlint.org/library/kql-rare-smb-connection-to-the-internet-cb64bdda 2026-04-25T16:15:21.897Z monthly 0.6 https://detectionlint.org/library/kql-suspicious-powershell-engine-imageload-273f8897 2026-04-25T16:15:20.920Z monthly 0.6 https://detectionlint.org/library/kql-powershell-psreflect-script-2a53e6ec 2026-04-25T16:15:19.827Z monthly 0.6 https://detectionlint.org/library/kql-suspicious-portable-executable-encoded-in-powershell-script-7fa31cda 2026-04-25T16:15:19.566Z monthly 0.6 https://detectionlint.org/library/kql-potential-powershell-hacktool-script-by-function-names-19aa632d 2026-04-25T16:15:19.123Z monthly 0.6 https://detectionlint.org/library/kql-potential-powershell-hacktool-script-by-author-a7d756b3 2026-04-25T16:15:18.858Z monthly 0.6 https://detectionlint.org/library/kql-svchost-spawning-cmd-e2e2a6b3 2026-04-25T16:15:17.509Z monthly 0.6 https://detectionlint.org/library/kql-unusual-discovery-signal-alert-with-unusual-process-executab-98a9661f 2026-04-25T16:15:16.881Z monthly 0.6 https://detectionlint.org/library/kql-unusual-discovery-signal-alert-with-unusual-process-command--2a7af796 2026-04-25T16:15:16.632Z monthly 0.6 https://detectionlint.org/library/kql-enumeration-of-privileged-local-groups-membership-cdc00f3d 2026-04-25T16:15:16.376Z monthly 0.6 https://detectionlint.org/library/kql-powershell-suspicious-discovery-related-windows-api-function-39c4ab95 2026-04-25T16:15:16.123Z monthly 0.6 https://detectionlint.org/library/kql-powershell-share-enumeration-script-a98a9247 2026-04-25T16:15:15.859Z monthly 0.6 https://detectionlint.org/library/kql-potential-process-injection-via-powershell-3a7ec581 2026-04-25T16:15:11.529Z monthly 0.6 https://detectionlint.org/library/kql-deprecated---potential-powershell-obfuscated-script-bef43124 2026-04-25T16:15:10.449Z monthly 0.6 https://detectionlint.org/library/kql-potential-powershell-obfuscated-script-via-high-entropy-66d810f0 2026-04-25T16:15:10.188Z monthly 0.6 https://detectionlint.org/library/kql-powershell-script-with-encryptiondecryption-capabilities-60208fd7 2026-04-25T16:15:09.930Z monthly 0.6 https://detectionlint.org/library/kql-powershell-script-with-windows-defender-tampering-capabiliti-d8791712 2026-04-25T16:15:09.678Z monthly 0.6 https://detectionlint.org/library/kql-powershell-suspicious-payload-encoded-and-compressed-9d381ba4 2026-04-25T16:15:09.406Z monthly 0.6 https://detectionlint.org/library/kql-suspicious-net-reflection-via-powershell-4e715e81 2026-04-25T16:15:09.121Z monthly 0.6 https://detectionlint.org/library/kql-microsoft-build-engine-started-an-unusual-process-9a7976a5 2026-04-25T16:15:06.386Z monthly 0.6 https://detectionlint.org/library/kql-microsoft-build-engine-started-by-a-script-process-ae68a8c3 2026-04-25T16:15:05.989Z monthly 0.6 https://detectionlint.org/library/kql-windows-cryptoapi-spoofing-vulnerability-cve-2020-0601---cur-5eb257f4 2026-04-25T16:15:04.670Z monthly 0.6 https://detectionlint.org/library/kql-windows-event-logs-cleared-da2be6c5 2026-04-25T16:15:04.101Z monthly 0.6 https://detectionlint.org/library/kql-potential-antimalware-scan-interface-bypass-via-powershell-6d45f124 2026-04-25T16:15:03.555Z monthly 0.6 https://detectionlint.org/library/kql-unusual-web-config-file-access-f46c50b8 2026-04-25T16:15:03.097Z monthly 0.6 https://detectionlint.org/library/kql-potential-lsass-memory-dump-via-psscapturesnapshot-561163fa 2026-04-25T16:15:02.411Z monthly 0.6 https://detectionlint.org/library/kql-user-account-exposed-to-kerberoasting-e270c29a 2026-04-25T16:15:01.934Z monthly 0.6 https://detectionlint.org/library/kql-potential-shadow-credentials-added-to-ad-object-d9b0e1a6 2026-04-25T16:15:01.668Z monthly 0.6 https://detectionlint.org/library/kql-sensitive-privilege-seenabledelegationprivilege-assigned-to--bba04bb0 2026-04-25T16:15:01.404Z monthly 0.6 https://detectionlint.org/library/kql-powershell-script-with-veeam-credential-access-capabilities-7d74b1a0 2026-04-25T16:15:00.671Z monthly 0.6 https://detectionlint.org/library/kql-powershell-kerberos-ticket-request-335ea92a 2026-04-25T16:15:00.412Z monthly 0.6 https://detectionlint.org/library/kql-potential-powershell-pass-the-hashrelay-script-7e42c781 2026-04-25T16:15:00.154Z monthly 0.6 https://detectionlint.org/library/kql-powershell-minidump-script-2ec9767e 2026-04-25T16:14:59.883Z monthly 0.6 https://detectionlint.org/library/kql-powershell-kerberos-ticket-dump-29ef2347 2026-04-25T16:14:59.624Z monthly 0.6 https://detectionlint.org/library/kql-powershell-invoke-ninjacopy-script-7d0180b7 2026-04-25T16:14:59.363Z monthly 0.6 https://detectionlint.org/library/kql-potential-invoke-mimikatz-powershell-script-bea9e34f 2026-04-25T16:14:58.924Z monthly 0.6 https://detectionlint.org/library/kql-lsass-memory-dump-handle-access-a1dd0bc6 2026-04-25T16:14:58.469Z monthly 0.6 https://detectionlint.org/library/kql-potential-kerberos-coercion-via-dns-based-spn-spoofing-c06390cd 2026-04-25T16:14:57.837Z monthly 0.6 https://detectionlint.org/library/kql-potential-active-directory-replication-account-backdoor-70c3b32f 2026-04-25T16:14:56.786Z monthly 0.6 https://detectionlint.org/library/kql-potential-credential-access-via-dcsync-adee4334 2026-04-25T16:14:56.431Z monthly 0.6 https://detectionlint.org/library/kql-firsttime-seen-account-performing-dcsync-524b496b 2026-04-25T16:14:56.169Z monthly 0.6 https://detectionlint.org/library/kql-first-time-seen-remote-monitoring-and-management-tool-81f79230 2026-04-25T16:14:53.895Z monthly 0.6 https://detectionlint.org/library/kql-powershell-script-with-webcam-video-capture-capabilities-078cd3eb 2026-04-25T16:14:52.936Z monthly 0.6 https://detectionlint.org/library/kql-powershell-suspicious-script-with-screenshot-capabilities-764ca6d1 2026-04-25T16:14:52.678Z monthly 0.6 https://detectionlint.org/library/kql-powershell-mailbox-collection-script-13e8f5a3 2026-04-25T16:14:52.412Z monthly 0.6 https://detectionlint.org/library/kql-powershell-keylogging-script-f5740197 2026-04-25T16:14:52.142Z monthly 0.6 https://detectionlint.org/library/kql-powershell-suspicious-script-with-clipboard-retrieval-capabi-ab62cd1e 2026-04-25T16:14:51.894Z monthly 0.6 https://detectionlint.org/library/kql-powershell-suspicious-script-with-audio-capture-capabilities-57a0713d 2026-04-25T16:14:51.642Z monthly 0.6 https://detectionlint.org/library/kql-exchange-mailbox-export-via-powershell-2df065b2 2026-04-25T16:14:51.362Z monthly 0.6 https://detectionlint.org/library/kql-wazuh---large-number-of-web-errors-from-an-ip-c600834f 2026-04-25T16:14:49.706Z monthly 0.6 https://detectionlint.org/library/kql-time-series-anomaly-detection-for-total-volume-of-traffic-32e46764 2026-04-25T16:14:49.443Z monthly 0.6 https://detectionlint.org/library/kql-possible-contact-with-a-domain-generated-by-a-dga-ee10189e 2026-04-25T16:14:49.007Z monthly 0.6 https://detectionlint.org/library/kql-fortinet---beacon-pattern-detected-55f983f1 2026-04-25T16:14:48.752Z monthly 0.6 https://detectionlint.org/library/kql-runningrat-request-parameters-a5db4795 2026-04-25T16:14:48.489Z monthly 0.6 https://detectionlint.org/library/kql-creepydrive-urls-e47dd086 2026-04-25T16:14:48.223Z monthly 0.6 https://detectionlint.org/library/kql-creepydrive-request-url-sequence-6539149c 2026-04-25T16:14:47.973Z monthly 0.6 https://detectionlint.org/library/kql-pe-file-dropped-in-color-profile-folder-3a2ee2ed 2026-04-25T16:14:47.441Z monthly 0.6 https://detectionlint.org/library/kql-sunburst-suspicious-solarwinds-child-processes-4ee23cb0 2026-04-25T16:14:47.177Z monthly 0.6 https://detectionlint.org/library/kql-azure-vm-run-command-operations-executing-a-unique-powershel-6921d978 2026-04-25T16:14:46.139Z monthly 0.6 https://detectionlint.org/library/kql-azure-diagnostic-settings-removed-from-a-resource-4243d3e3 2026-04-25T16:14:45.339Z monthly 0.6 https://detectionlint.org/library/kql-nrt-multiple-users-email-forwarded-to-same-destination-e06e58ad 2026-04-25T16:14:44.397Z monthly 0.6 https://detectionlint.org/library/kql-nrt-malicious-inbox-rule-b78187a0 2026-04-25T16:14:44.133Z monthly 0.6 https://detectionlint.org/library/kql-user-account-created-without-expected-attributes-defined-d53a94e2 2026-04-25T16:14:43.264Z monthly 0.6 https://detectionlint.org/library/kql-user-state-changed-from-guest-to-member-e37efb12 2026-04-25T16:14:43.011Z monthly 0.6 https://detectionlint.org/library/kql-user-account-created-using-incorrect-naming-format-9cfa0d42 2026-04-25T16:14:42.627Z monthly 0.6 https://detectionlint.org/library/kql-url-added-to-application-from-unknown-domain-f546df83 2026-04-25T16:14:42.381Z monthly 0.6 https://detectionlint.org/library/kql-suspicious-linking-of-existing-user-to-external-user-7da15879 2026-04-25T16:14:42.005Z monthly 0.6 https://detectionlint.org/library/kql-service-principal-assigned-privileged-role-2bad49f5 2026-04-25T16:14:41.736Z monthly 0.6 https://detectionlint.org/library/kql-service-principal-assigned-app-role-with-sensitive-access-865a6dd7 2026-04-25T16:14:41.473Z monthly 0.6 https://detectionlint.org/library/kql-guest-users-invited-to-tenant-by-new-inviters-f95f529d 2026-04-25T16:14:40.096Z monthly 0.6 https://detectionlint.org/library/kql-end-user-consent-stopped-due-to-risk-based-consent-ffb0f72f 2026-04-25T16:14:39.700Z monthly 0.6 https://detectionlint.org/library/kql-conditional-access-policy-modified-by-new-user-0327c6e1 2026-04-25T16:14:38.970Z monthly 0.6 https://detectionlint.org/library/kql-changes-to-pim-settings-d5b04c32 2026-04-25T16:14:38.714Z monthly 0.6 https://detectionlint.org/library/kql-changes-to-application-ownership-51c7d88a 2026-04-25T16:14:38.462Z monthly 0.6 https://detectionlint.org/library/kql-changes-to-application-logout-url-e2a060cf 2026-04-25T16:14:38.212Z monthly 0.6 https://detectionlint.org/library/kql-application-redirect-url-update-ae16da78 2026-04-25T16:14:37.757Z monthly 0.6 https://detectionlint.org/library/kql-application-id-uri-changed-e080ec71 2026-04-25T16:14:37.502Z monthly 0.6 https://detectionlint.org/library/kql-addition-of-a-temporary-access-pass-to-a-privileged-account-e9d096e0 2026-04-25T16:14:37.174Z monthly 0.6 https://detectionlint.org/library/kql-service-principal-authentication-attempt-from-new-country-b892b948 2026-04-25T16:14:36.234Z monthly 0.6 https://detectionlint.org/library/kql-privileged-user-logon-from-new-asn-f9d03936 2026-04-25T16:14:35.910Z monthly 0.6 https://detectionlint.org/library/kql-new-country-signin-with-correct-password-55ee3f91 2026-04-25T16:14:35.646Z monthly 0.6 https://detectionlint.org/library/kql-authentications-of-privileged-accounts-outside-of-expected-c-f65656b9 2026-04-25T16:14:34.577Z monthly 0.6 https://detectionlint.org/library/kql-authentication-attempt-from-new-country-be18f03a 2026-04-25T16:14:34.318Z monthly 0.6 https://detectionlint.org/library/kql-anomalous-single-factor-signin-fe6efef7 2026-04-25T16:14:33.987Z monthly 0.6 https://detectionlint.org/library/kql-ad-account-with-dont-expire-password-636d7a6e 2026-04-25T16:14:33.512Z monthly 0.6 https://detectionlint.org/library/kql-failed-logon-attempts-by-valid-accounts-within-10-mins-4a6dce0a 2026-04-25T16:14:33.190Z monthly 0.6 https://detectionlint.org/library/kql-service-principal-name-spn-assigned-to-user-account-f54fea68 2026-04-25T16:14:32.587Z monthly 0.6 https://detectionlint.org/library/kql-new-user-created-and-added-to-the-built-in-administrators-gr-4dbc7fb0 2026-04-25T16:14:32.337Z monthly 0.6 https://detectionlint.org/library/kql-user-account-enabled-and-disabled-within-10-mins-1b03592c 2026-04-25T16:14:32.072Z monthly 0.6 https://detectionlint.org/library/kql-user-account-created-and-deleted-within-10-mins-ddf05d13 2026-04-25T16:14:31.823Z monthly 0.6 https://detectionlint.org/library/kql-user-account-added-to-built-in-domain-local-or-global-group-0c42a721 2026-04-25T16:14:31.578Z monthly 0.6 https://detectionlint.org/library/kql-account-added-and-removed-from-privileged-groups-c3552a13 2026-04-25T16:14:31.306Z monthly 0.6 https://detectionlint.org/library/kql-solorigate-named-pipe-5c0d6b73 2026-04-25T16:14:30.917Z monthly 0.6 https://detectionlint.org/library/kql-silk-typhoon-suspicious-um-service-error-075916c3 2026-04-25T16:14:30.651Z monthly 0.6 https://detectionlint.org/library/kql-silk-typhoon-new-um-service-child-process-e50900ec 2026-04-25T16:14:30.401Z monthly 0.6 https://detectionlint.org/library/kql-rare-rdp-connections-4f50b349 2026-04-25T16:14:29.779Z monthly 0.6 https://detectionlint.org/library/kql-rdp-nesting-ea5ed316 2026-04-25T16:14:29.517Z monthly 0.6 https://detectionlint.org/library/kql-multiple-rdp-connections-from-single-system-5fb1cad0 2026-04-25T16:14:29.240Z monthly 0.6 https://detectionlint.org/library/kql-potential-kerberoasting-52eb07fa 2026-04-25T16:14:28.853Z monthly 0.6 https://detectionlint.org/library/kql-potential-build-process-compromise-6010643a 2026-04-25T16:14:28.538Z monthly 0.6 https://detectionlint.org/library/kql-possible-resource-based-constrained-delegation-abuse-718823cf 2026-04-25T16:14:28.282Z monthly 0.6 https://detectionlint.org/library/kql-midnight-blizzard---script-payload-stored-in-registry-b8d06d50 2026-04-25T16:14:27.588Z monthly 0.6 https://detectionlint.org/library/kql-midnight-blizzard---suspicious-rundll32exe-execution-of-vbsc-00b1c73d 2026-04-25T16:14:27.321Z monthly 0.6 https://detectionlint.org/library/kql-group-created-then-added-to-built-in-domain-local-or-global--d80df7ae 2026-04-25T16:14:26.857Z monthly 0.6 https://detectionlint.org/library/kql-fake-computer-account-created-33716bca 2026-04-25T16:14:26.546Z monthly 0.6 https://detectionlint.org/library/kql-dsrm-account-abuse-d7ef6464 2026-04-25T16:14:26.095Z monthly 0.6 https://detectionlint.org/library/kql-com-event-system-loading-new-dll-0e0ed242 2026-04-25T16:14:25.717Z monthly 0.6 https://detectionlint.org/library/kql-adminsdholder-modifications-5eb1721a 2026-04-25T16:14:25.472Z monthly 0.6 https://detectionlint.org/library/kql-modification-of-accessibility-features-0d111e22 2026-04-25T16:14:25.218Z monthly 0.6 https://detectionlint.org/library/kql-ad-fs-abnormal-eku-object-identifier-attribute-c9e21e88 2026-04-25T16:14:24.682Z monthly 0.6 https://detectionlint.org/library/kql-microsoft-entra-id-health-service-agents-registry-keys-acces-92f69fe5 2026-04-25T16:14:24.431Z monthly 0.6 https://detectionlint.org/library/kql-microsoft-entra-id-health-monitoring-agent-registry-keys-acc-df4eaf44 2026-04-25T16:14:24.177Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-sql-query-00c30842 2026-04-25T16:14:22.862Z monthly 0.6 https://detectionlint.org/library/sigma-antivirus-web-shell-detection-19dd856e 2026-04-25T16:14:22.614Z monthly 0.6 https://detectionlint.org/library/sigma-antivirus-relevant-file-paths-alerts-024d55ff 2026-04-25T16:14:22.356Z monthly 0.6 https://detectionlint.org/library/sigma-antivirus-ransomware-detection-495145d9 2026-04-25T16:14:22.112Z monthly 0.6 https://detectionlint.org/library/sigma-antivirus-password-dumper-detection-f8ce7c08 2026-04-25T16:14:21.864Z monthly 0.6 https://detectionlint.org/library/sigma-antivirus-hacktool-detection-b8bb4e6b 2026-04-25T16:14:21.594Z monthly 0.6 https://detectionlint.org/library/sigma-antivirus-exploitation-framework-detection-73764c75 2026-04-25T16:14:21.352Z monthly 0.6 https://detectionlint.org/library/sigma-potential-server-side-template-injection-in-velocity-859dd6dc 2026-04-25T16:14:21.088Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-sql-error-messages-7da50bed 2026-04-25T16:14:20.802Z monthly 0.6 https://detectionlint.org/library/sigma-potential-spel-injection-in-spring-framework-d668b3c8 2026-04-25T16:14:20.557Z monthly 0.6 https://detectionlint.org/library/sigma-spring-framework-exceptions-4d7c9c97 2026-04-25T16:14:20.298Z monthly 0.6 https://detectionlint.org/library/sigma-ruby-on-rails-framework-exceptions-180fab7c 2026-04-25T16:14:20.034Z monthly 0.6 https://detectionlint.org/library/sigma-sharphound-recon-sessions-fa4d4df0 2026-04-25T16:14:19.773Z monthly 0.6 https://detectionlint.org/library/sigma-sharphound-recon-account-discovery-a16b6ec6 2026-04-25T16:14:19.520Z monthly 0.6 https://detectionlint.org/library/sigma-recon-activity-via-sasec-4b935da2 2026-04-25T16:14:19.264Z monthly 0.6 https://detectionlint.org/library/sigma-remote-schedule-task-lateral-movement-via-sasec-e15b0896 2026-04-25T16:14:19.012Z monthly 0.6 https://detectionlint.org/library/sigma-remote-server-service-abuse-for-lateral-movement-bca57a51 2026-04-25T16:14:18.753Z monthly 0.6 https://detectionlint.org/library/sigma-remote-server-service-abuse-26fc9d2a 2026-04-25T16:14:18.498Z monthly 0.6 https://detectionlint.org/library/sigma-remote-registry-recon-3b179a20 2026-04-25T16:14:18.248Z monthly 0.6 https://detectionlint.org/library/sigma-remote-registry-lateral-movement-65262ffb 2026-04-25T16:14:18.000Z monthly 0.6 https://detectionlint.org/library/sigma-remote-dcomwmi-lateral-movement-166acc35 2026-04-25T16:14:17.730Z monthly 0.6 https://detectionlint.org/library/sigma-remote-printing-abuse-for-lateral-movement-c6f69ccb 2026-04-25T16:14:17.479Z monthly 0.6 https://detectionlint.org/library/sigma-remote-schedule-task-recon-via-itaskschedulerservice-106e5b08 2026-04-25T16:14:17.219Z monthly 0.6 https://detectionlint.org/library/sigma-remote-schedule-task-lateral-movement-via-itaskschedulerserv-3444f031 2026-04-25T16:14:16.970Z monthly 0.6 https://detectionlint.org/library/sigma-remote-event-log-recon-8eef5cb1 2026-04-25T16:14:16.719Z monthly 0.6 https://detectionlint.org/library/sigma-remote-encrypting-file-system-abuse-73fe0254 2026-04-25T16:14:16.469Z monthly 0.6 https://detectionlint.org/library/sigma-possible-dcsync-attack-3a428d55 2026-04-25T16:14:16.196Z monthly 0.6 https://detectionlint.org/library/sigma-remote-schedule-task-recon-via-atscv-6a67478e 2026-04-25T16:14:15.930Z monthly 0.6 https://detectionlint.org/library/sigma-remote-schedule-task-lateral-movement-via-atsvc-ff084f63 2026-04-25T16:14:15.678Z monthly 0.6 https://detectionlint.org/library/sigma-python-sql-exceptions-68230e32 2026-04-25T16:14:15.424Z monthly 0.6 https://detectionlint.org/library/sigma-opencanary---vnc-connection-attempt-a942e43b 2026-04-25T16:14:15.158Z monthly 0.6 https://detectionlint.org/library/sigma-opencanary---tftp-request-4b66d3d9 2026-04-25T16:14:14.906Z monthly 0.6 https://detectionlint.org/library/sigma-opencanary---telnet-login-attempt-4adb13f3 2026-04-25T16:14:14.658Z monthly 0.6 https://detectionlint.org/library/sigma-opencanary---ssh-new-connection-attempt-80be93e8 2026-04-25T16:14:14.409Z monthly 0.6 https://detectionlint.org/library/sigma-opencanary---ssh-login-attempt-262e1e8d 2026-04-25T16:14:14.157Z monthly 0.6 https://detectionlint.org/library/sigma-opencanary---snmp-oid-request-b75e199d 2026-04-25T16:14:13.889Z monthly 0.6 https://detectionlint.org/library/sigma-opencanary---smb-file-open-request-12dcdf58 2026-04-25T16:14:13.593Z monthly 0.6 https://detectionlint.org/library/sigma-opencanary---sip-request-a7f17f17 2026-04-25T16:14:13.342Z monthly 0.6 https://detectionlint.org/library/sigma-opencanary---redis-action-command-attempt-1785801f 2026-04-25T16:14:13.092Z monthly 0.6 https://detectionlint.org/library/sigma-opencanary---rdp-new-connection-attempt-690ae2a1 2026-04-25T16:14:12.835Z monthly 0.6 https://detectionlint.org/library/sigma-opencanary---host-port-scan-syn-scan-d1126093 2026-04-25T16:14:12.582Z monthly 0.6 https://detectionlint.org/library/sigma-opencanary---nmap-xmas-scan-3eee6b66 2026-04-25T16:14:12.336Z monthly 0.6 https://detectionlint.org/library/sigma-opencanary---nmap-os-scan-748efb03 2026-04-25T16:14:12.064Z monthly 0.6 https://detectionlint.org/library/sigma-opencanary---nmap-null-scan-66eb6ffb 2026-04-25T16:14:11.804Z monthly 0.6 https://detectionlint.org/library/sigma-opencanary---nmap-fin-scan-1e701468 2026-04-25T16:14:11.534Z monthly 0.6 https://detectionlint.org/library/sigma-opencanary---ntp-monlist-request-a5fb4dc3 2026-04-25T16:14:11.288Z monthly 0.6 https://detectionlint.org/library/sigma-opencanary---mysql-login-attempt-cf79f4b4 2026-04-25T16:14:11.040Z monthly 0.6 https://detectionlint.org/library/sigma-opencanary---mssql-login-attempt-via-windows-authentication-5bd42554 2026-04-25T16:14:10.769Z monthly 0.6 https://detectionlint.org/library/sigma-opencanary---mssql-login-attempt-via-sqlauth-c7a487c1 2026-04-25T16:14:10.511Z monthly 0.6 https://detectionlint.org/library/sigma-opencanary---httpproxy-login-attempt-2eb216b1 2026-04-25T16:14:10.165Z monthly 0.6 https://detectionlint.org/library/sigma-opencanary---http-post-login-attempt-f0fd9330 2026-04-25T16:14:09.168Z monthly 0.6 https://detectionlint.org/library/sigma-opencanary---http-get-request-d30ef540 2026-04-25T16:14:08.920Z monthly 0.6 https://detectionlint.org/library/sigma-opencanary---git-clone-request-57740eb1 2026-04-25T16:14:08.677Z monthly 0.6 https://detectionlint.org/library/sigma-opencanary---ftp-login-attempt-913ee2fd 2026-04-25T16:14:08.423Z monthly 0.6 https://detectionlint.org/library/sigma-potential-rce-exploitation-attempt-in-nodejs-09d125f6 2026-04-25T16:14:08.140Z monthly 0.6 https://detectionlint.org/library/sigma-kubernetes-unauthorized-or-unauthenticated-access-fe09135f 2026-04-25T16:14:07.882Z monthly 0.6 https://detectionlint.org/library/sigma-potential-sidecar-injection-into-running-deployment-bfdf93c1 2026-04-25T16:14:07.638Z monthly 0.6 https://detectionlint.org/library/sigma-new-kubernetes-service-account-created-df11ac62 2026-04-25T16:14:07.396Z monthly 0.6 https://detectionlint.org/library/sigma-kubernetes-secrets-modified-or-deleted-d7432168 2026-04-25T16:14:07.147Z monthly 0.6 https://detectionlint.org/library/sigma-kubernetes-secrets-enumeration-d17df1b9 2026-04-25T16:14:06.900Z monthly 0.6 https://detectionlint.org/library/sigma-kubernetes-rolebinding-modification-cb79221c 2026-04-25T16:14:06.649Z monthly 0.6 https://detectionlint.org/library/sigma-rbac-permission-enumeration-attempt-ae1b5e89 2026-04-25T16:14:06.403Z monthly 0.6 https://detectionlint.org/library/sigma-privileged-container-deployed-e9b5c224 2026-04-25T16:14:06.153Z monthly 0.6 https://detectionlint.org/library/sigma-creation-of-pod-in-system-namespace-98b25d96 2026-04-25T16:14:05.908Z monthly 0.6 https://detectionlint.org/library/sigma-container-with-a-hostpath-mount-created-fac1fbdc 2026-04-25T16:14:05.653Z monthly 0.6 https://detectionlint.org/library/sigma-potential-remote-command-execution-in-pod-container-a8c4d01b 2026-04-25T16:14:05.395Z monthly 0.6 https://detectionlint.org/library/sigma-kubernetes-events-deleted-33cf0ce9 2026-04-25T16:14:05.139Z monthly 0.6 https://detectionlint.org/library/sigma-deployment-deleted-from-kubernetes-cluster-e558bd57 2026-04-25T16:14:04.885Z monthly 0.6 https://detectionlint.org/library/sigma-kubernetes-cronjobjob-modification-16b32058 2026-04-25T16:14:04.638Z monthly 0.6 https://detectionlint.org/library/sigma-kubernetes-admission-controller-modification-eb542973 2026-04-25T16:14:04.388Z monthly 0.6 https://detectionlint.org/library/sigma-potential-xxe-exploitation-attempt-in-jvm-based-application-16b5359c 2026-04-25T16:14:04.141Z monthly 0.6 https://detectionlint.org/library/sigma-process-execution-error-in-jvm-based-application-922b1ed4 2026-04-25T16:14:03.890Z monthly 0.6 https://detectionlint.org/library/sigma-potential-ognl-injection-exploitation-in-jvm-based-applicati-7582d0b5 2026-04-25T16:14:03.634Z monthly 0.6 https://detectionlint.org/library/sigma-potential-local-file-read-vulnerability-in-jvm-based-applica-9b319b36 2026-04-25T16:14:03.378Z monthly 0.6 https://detectionlint.org/library/sigma-potential-jndi-injection-exploitation-in-jvm-based-applicati-28226002 2026-04-25T16:14:03.133Z monthly 0.6 https://detectionlint.org/library/sigma-github-ssh-certificate-configuration-changed-1a393d7e 2026-04-25T16:14:02.887Z monthly 0.6 https://detectionlint.org/library/sigma-github-self-hosted-runner-changes-detected-55a3346d 2026-04-25T16:14:02.636Z monthly 0.6 https://detectionlint.org/library/sigma-github-secret-scanning-feature-disabled-895ff7c4 2026-04-25T16:14:02.383Z monthly 0.6 https://detectionlint.org/library/sigma-github-repository-archive-status-changed-6ba77cec 2026-04-25T16:14:02.134Z monthly 0.6 https://detectionlint.org/library/sigma-github-repositoryorganization-transferred-23ee97b6 2026-04-25T16:14:01.878Z monthly 0.6 https://detectionlint.org/library/sigma-github-push-protection-disabled-547fe93c 2026-04-25T16:14:01.626Z monthly 0.6 https://detectionlint.org/library/sigma-github-push-protection-bypass-detected-fc365f74 2026-04-25T16:14:01.370Z monthly 0.6 https://detectionlint.org/library/sigma-github-repository-pages-site-changed-to-public-f33efe94 2026-04-25T16:14:01.116Z monthly 0.6 https://detectionlint.org/library/sigma-github-outside-collaborator-detected-84feb937 2026-04-25T16:14:00.877Z monthly 0.6 https://detectionlint.org/library/sigma-github-new-secret-created-131f4a20 2026-04-25T16:14:00.622Z monthly 0.6 https://detectionlint.org/library/sigma-new-github-organization-member-added-cc0f547c 2026-04-25T16:14:00.372Z monthly 0.6 https://detectionlint.org/library/sigma-github-fork-private-repositories-setting-enabledcleared-94dca97f 2026-04-25T16:14:00.111Z monthly 0.6 https://detectionlint.org/library/sigma-outdated-dependency-or-vulnerability-alert-disabled-da09ffd8 2026-04-25T16:13:59.864Z monthly 0.6 https://detectionlint.org/library/sigma-github-high-risk-configuration-disabled-31425025 2026-04-25T16:13:59.615Z monthly 0.6 https://detectionlint.org/library/sigma-github-delete-action-invoked-0ed01a1c 2026-04-25T16:13:59.371Z monthly 0.6 https://detectionlint.org/library/sigma-django-framework-exceptions-ea4629a1 2026-04-25T16:13:59.124Z monthly 0.6 https://detectionlint.org/library/sigma-bitbucket-user-permissions-export-attempt-a1076b64 2026-04-25T16:13:58.844Z monthly 0.6 https://detectionlint.org/library/sigma-bitbucket-user-login-failure-via-ssh-3ba6488a 2026-04-25T16:13:58.600Z monthly 0.6 https://detectionlint.org/library/sigma-bitbucket-user-login-failure-da97e9eb 2026-04-25T16:13:58.356Z monthly 0.6 https://detectionlint.org/library/sigma-bitbucket-user-details-export-attempt-detected-953bbe59 2026-04-25T16:13:58.102Z monthly 0.6 https://detectionlint.org/library/sigma-bitbucket-unauthorized-full-data-export-triggered-4bd01602 2026-04-25T16:13:57.849Z monthly 0.6 https://detectionlint.org/library/sigma-bitbucket-unauthorized-access-to-a-resource-2e816d07 2026-04-25T16:13:57.605Z monthly 0.6 https://detectionlint.org/library/sigma-bitbucket-secret-scanning-rule-deleted-4616ce93 2026-04-25T16:13:57.262Z monthly 0.6 https://detectionlint.org/library/sigma-bitbucket-secret-scanning-exempt-repository-added-a63baa97 2026-04-25T16:13:56.995Z monthly 0.6 https://detectionlint.org/library/sigma-bitbucket-project-secret-scanning-allowlist-added-15df78da 2026-04-25T16:13:56.748Z monthly 0.6 https://detectionlint.org/library/sigma-bitbucket-audit-log-configuration-updated-020babb0 2026-04-25T16:13:56.482Z monthly 0.6 https://detectionlint.org/library/sigma-bitbucket-global-ssh-settings-changed-3efc4725 2026-04-25T16:13:56.234Z monthly 0.6 https://detectionlint.org/library/sigma-bitbucket-global-secret-scanning-rule-deleted-a56e1b3b 2026-04-25T16:13:55.981Z monthly 0.6 https://detectionlint.org/library/sigma-bitbucket-global-permission-changed-4922ef99 2026-04-25T16:13:55.710Z monthly 0.6 https://detectionlint.org/library/sigma-bitbucket-full-data-export-triggered-cb8d39b6 2026-04-25T16:13:55.450Z monthly 0.6 https://detectionlint.org/library/sigma-cross-site-scripting-strings-aecf13df 2026-04-25T16:13:55.205Z monthly 0.6 https://detectionlint.org/library/sigma-windows-webshell-strings-8d919a9c 2026-04-25T16:13:54.938Z monthly 0.6 https://detectionlint.org/library/sigma-webshell-regeorg-detection-via-web-logs-b76510bd 2026-04-25T16:13:54.681Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-windows-strings-in-uri-3dbc7459 2026-04-25T16:13:54.443Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-user-agents-related-to-recon-tools-9dc101a2 2026-04-25T16:13:54.188Z monthly 0.6 https://detectionlint.org/library/sigma-server-side-template-injection-strings-92e47314 2026-04-25T16:13:53.952Z monthly 0.6 https://detectionlint.org/library/sigma-sql-injection-strings-in-uri-47fb81be 2026-04-25T16:13:53.697Z monthly 0.6 https://detectionlint.org/library/sigma-source-code-enumeration-detection-by-keyword-800ce8ce 2026-04-25T16:13:53.451Z monthly 0.6 https://detectionlint.org/library/sigma-path-traversal-exploitation-attempts-ef44386f 2026-04-25T16:13:53.187Z monthly 0.6 https://detectionlint.org/library/sigma-jndiexploit-pattern-5dc8a77f 2026-04-25T16:13:52.932Z monthly 0.6 https://detectionlint.org/library/sigma-java-payload-strings-aba3624d 2026-04-25T16:13:52.684Z monthly 0.6 https://detectionlint.org/library/sigma-successful-iis-shortname-fuzzing-scan-f89c3b95 2026-04-25T16:13:52.428Z monthly 0.6 https://detectionlint.org/library/sigma-f5-big-ip-icontrol-rest-api-command-execution---webserver-f5ac1183 2026-04-25T16:13:52.177Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-external-webdav-execution-eddecfb0 2026-04-25T16:13:51.930Z monthly 0.6 https://detectionlint.org/library/sigma-potential-base64-encoded-user-agent-d909bdab 2026-04-25T16:13:51.676Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-user-agent-ff7d97cf 2026-04-25T16:13:51.420Z monthly 0.6 https://detectionlint.org/library/sigma-rclone-activity-via-proxy-3eadd02b 2026-04-25T16:13:51.165Z monthly 0.6 https://detectionlint.org/library/sigma-windows-powershell-user-agent-41ad5eb4 2026-04-25T16:13:50.925Z monthly 0.6 https://detectionlint.org/library/sigma-malware-user-agent-532035a4 2026-04-25T16:13:50.678Z monthly 0.6 https://detectionlint.org/library/sigma-hack-tool-user-agent-a6426507 2026-04-25T16:13:50.432Z monthly 0.6 https://detectionlint.org/library/sigma-exploit-framework-user-agent-892606b2 2026-04-25T16:13:50.198Z monthly 0.6 https://detectionlint.org/library/sigma-http-request-with-empty-user-agent-19226c65 2026-04-25T16:13:49.952Z monthly 0.6 https://detectionlint.org/library/sigma-crypto-miner-user-agent-a219bed6 2026-04-25T16:13:49.707Z monthly 0.6 https://detectionlint.org/library/sigma-bitsadmin-to-uncommon-tld-d455fdcd 2026-04-25T16:13:49.456Z monthly 0.6 https://detectionlint.org/library/sigma-bitsadmin-to-uncommon-ip-server-address-83021c5b 2026-04-25T16:13:49.221Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-base64-encoded-user-agent-ced7c614 2026-04-25T16:13:48.956Z monthly 0.6 https://detectionlint.org/library/sigma-apt-user-agent-41f2d322 2026-04-25T16:13:48.704Z monthly 0.6 https://detectionlint.org/library/sigma-telegram-api-access-42b1b6f5 2026-04-25T16:13:48.432Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-network-communication-with-ipfs-bcccd19e 2026-04-25T16:13:48.188Z monthly 0.6 https://detectionlint.org/library/sigma-flash-player-update-from-suspicious-location-705da3c2 2026-04-25T16:13:47.943Z monthly 0.6 https://detectionlint.org/library/sigma-raw-paste-service-access-78d218ef 2026-04-25T16:13:47.701Z monthly 0.6 https://detectionlint.org/library/sigma-pwndrp-access-ba3bd78a 2026-04-25T16:13:47.447Z monthly 0.6 https://detectionlint.org/library/sigma-pua---advanced-ipport-scanner-update-check-6c3b1ff3 2026-04-25T16:13:47.191Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---empire-useragent-uri-combo-1eff9067 2026-04-25T16:13:46.940Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---cobaltstrike-malleable-profile-patterns---proxy-0ac04410 2026-04-25T16:13:46.686Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---babyshark-agent-default-url-pattern-50ee6f6c 2026-04-25T16:13:46.443Z monthly 0.6 https://detectionlint.org/library/sigma-potential-hello-world-scraper-botnet-activity-9fd2b9fb 2026-04-25T16:13:46.178Z monthly 0.6 https://detectionlint.org/library/sigma-f5-big-ip-icontrol-rest-api-command-execution---proxy-cee64740 2026-04-25T16:13:45.928Z monthly 0.6 https://detectionlint.org/library/sigma-windows-webdav-user-agent-88d4afc0 2026-04-25T16:13:45.687Z monthly 0.6 https://detectionlint.org/library/sigma-download-from-suspicious-tld---whitelist-e2dec419 2026-04-25T16:13:45.448Z monthly 0.6 https://detectionlint.org/library/sigma-download-from-suspicious-tld---blacklist-3f331d3b 2026-04-25T16:13:45.207Z monthly 0.6 https://detectionlint.org/library/sigma-download-from-suspicious-dyndns-hosts-21aee08a 2026-04-25T16:13:44.961Z monthly 0.6 https://detectionlint.org/library/sigma-nginx-core-dump-b3a03dbe 2026-04-25T16:13:44.715Z monthly 0.6 https://detectionlint.org/library/sigma-apache-threading-error-257c6414 2026-04-25T16:13:44.475Z monthly 0.6 https://detectionlint.org/library/sigma-apache-segmentation-fault-89978017 2026-04-25T16:13:44.219Z monthly 0.6 https://detectionlint.org/library/sigma-kerberos-network-traffic-rc4-ticket-encryption-7cd43c7f 2026-04-25T16:13:43.978Z monthly 0.6 https://detectionlint.org/library/sigma-transferring-files-with-credential-data-via-network-shares---2f2ceb76 2026-04-25T16:13:43.740Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-access-to-sensitive-file-extensions---zeek-66274907 2026-04-25T16:13:43.490Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-psexec-execution---zeek-77394605 2026-04-25T16:13:43.244Z monthly 0.6 https://detectionlint.org/library/sigma-first-time-seen-remote-named-pipe---zeek-1462ea44 2026-04-25T16:13:43.005Z monthly 0.6 https://detectionlint.org/library/sigma-possible-impacket-secretdump-remote-activity---zeek-4bd6f405 2026-04-25T16:13:42.766Z monthly 0.6 https://detectionlint.org/library/sigma-remote-task-creation-via-atsvc-named-pipe---zeek-cd153533 2026-04-25T16:13:42.522Z monthly 0.6 https://detectionlint.org/library/sigma-publicly-accessible-rdp-service-62cf1e1b 2026-04-25T16:13:42.273Z monthly 0.6 https://detectionlint.org/library/sigma-webdav-put-request-ca22bd7c 2026-04-25T16:13:41.922Z monthly 0.6 https://detectionlint.org/library/sigma-http-request-to-low-reputation-tld-or-suspicious-file-extens-7b105590 2026-04-25T16:13:41.676Z monthly 0.6 https://detectionlint.org/library/sigma-executable-from-webdav-7267af9e 2026-04-25T16:13:41.433Z monthly 0.6 https://detectionlint.org/library/sigma-dns-tor-proxies-c7337db6 2026-04-25T16:13:41.184Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-dns-z-flag-bit-set-e7c8e24e 2026-04-25T16:13:40.922Z monthly 0.6 https://detectionlint.org/library/sigma-new-kind-of-network-nkn-detection-51509a67 2026-04-25T16:13:40.682Z monthly 0.6 https://detectionlint.org/library/sigma-dns-events-related-to-mining-pools-93c72290 2026-04-25T16:13:40.440Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-dns-query-indicating-kerberos-coercion-via-dns-ob-34912b2d 2026-04-25T16:13:40.196Z monthly 0.6 https://detectionlint.org/library/sigma-default-cobalt-strike-certificate-91a1055c 2026-04-25T16:13:39.946Z monthly 0.6 https://detectionlint.org/library/sigma-smb-spoolss-name-piped-usage-2228d3e1 2026-04-25T16:13:39.706Z monthly 0.6 https://detectionlint.org/library/sigma-potential-petitpotam-attack-via-efs-rpc-calls-a394c020 2026-04-25T16:13:39.451Z monthly 0.6 https://detectionlint.org/library/sigma-mitre-bzar-indicators-for-persistence-1f0f4f4e 2026-04-25T16:13:39.176Z monthly 0.6 https://detectionlint.org/library/sigma-mitre-bzar-indicators-for-execution-646105fe 2026-04-25T16:13:38.920Z monthly 0.6 https://detectionlint.org/library/sigma-juniper-bgp-missing-md5-f8df3a51 2026-04-25T16:13:38.671Z monthly 0.6 https://detectionlint.org/library/sigma-huawei-bgp-authentication-failures-2eb3bcfa 2026-04-25T16:13:38.436Z monthly 0.6 https://detectionlint.org/library/sigma-fortigate---vpn-ssl-settings-modified-0c5df7b6 2026-04-25T16:13:38.201Z monthly 0.6 https://detectionlint.org/library/sigma-fortigate---user-group-modified-e634e828 2026-04-25T16:13:37.955Z monthly 0.6 https://detectionlint.org/library/sigma-fortigate---new-vpn-ssl-web-portal-added-9ba53397 2026-04-25T16:13:37.708Z monthly 0.6 https://detectionlint.org/library/sigma-fortigate---new-local-user-created-e4af3e66 2026-04-25T16:13:37.456Z monthly 0.6 https://detectionlint.org/library/sigma-fortigate---new-firewall-policy-added-3bd31591 2026-04-25T16:13:37.186Z monthly 0.6 https://detectionlint.org/library/sigma-fortigate---firewall-address-object-added-73fe1bd0 2026-04-25T16:13:36.927Z monthly 0.6 https://detectionlint.org/library/sigma-fortigate---new-administrator-account-created-91c1c46a 2026-04-25T16:13:36.681Z monthly 0.6 https://detectionlint.org/library/sigma-cleartext-protocol-usage-d7034639 2026-04-25T16:13:36.426Z monthly 0.6 https://detectionlint.org/library/sigma-wannacry-killswitch-domain-ffe9f06f 2026-04-25T16:13:36.176Z monthly 0.6 https://detectionlint.org/library/sigma-dns-txt-answer-with-possible-execution-strings-9a5e44aa 2026-04-25T16:13:35.923Z monthly 0.6 https://detectionlint.org/library/sigma-telegram-bot-api-request-eb0887d2 2026-04-25T16:13:35.680Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-dns-query-with-b64-encoded-string-34bb92d5 2026-04-25T16:13:35.414Z monthly 0.6 https://detectionlint.org/library/sigma-monero-crypto-coin-mining-pool-lookup-dd87d217 2026-04-25T16:13:35.164Z monthly 0.6 https://detectionlint.org/library/sigma-cobalt-strike-dns-beaconing-427596be 2026-04-25T16:13:34.913Z monthly 0.6 https://detectionlint.org/library/sigma-dns-query-to-external-service-interaction-domains-275ca1c0 2026-04-25T16:13:34.674Z monthly 0.6 https://detectionlint.org/library/sigma-cisco-ldp-authentication-failures-87951fc7 2026-04-25T16:13:34.422Z monthly 0.6 https://detectionlint.org/library/sigma-cisco-bgp-authentication-failures-044da036 2026-04-25T16:13:34.173Z monthly 0.6 https://detectionlint.org/library/sigma-cisco-sniffing-abc17bce 2026-04-25T16:13:33.925Z monthly 0.6 https://detectionlint.org/library/sigma-cisco-stage-data-b649aafb 2026-04-25T16:13:33.679Z monthly 0.6 https://detectionlint.org/library/sigma-cisco-modify-configuration-e94d0366 2026-04-25T16:13:33.430Z monthly 0.6 https://detectionlint.org/library/sigma-cisco-local-accounts-8dc681bb 2026-04-25T16:13:33.175Z monthly 0.6 https://detectionlint.org/library/sigma-cisco-show-commands-input-9a620280 2026-04-25T16:13:32.924Z monthly 0.6 https://detectionlint.org/library/sigma-cisco-file-deletion-c76e378a 2026-04-25T16:13:32.681Z monthly 0.6 https://detectionlint.org/library/sigma-cisco-denial-of-service-9dbea36c 2026-04-25T16:13:32.399Z monthly 0.6 https://detectionlint.org/library/sigma-cisco-discovery-caaf3675 2026-04-25T16:13:32.154Z monthly 0.6 https://detectionlint.org/library/sigma-cisco-disabling-logging-90091b0b 2026-04-25T16:13:31.911Z monthly 0.6 https://detectionlint.org/library/sigma-cisco-crypto-commands-cda754ad 2026-04-25T16:13:31.650Z monthly 0.6 https://detectionlint.org/library/sigma-cisco-collect-data-7ff98f80 2026-04-25T16:13:31.404Z monthly 0.6 https://detectionlint.org/library/sigma-cisco-clear-logs-15c83908 2026-04-25T16:13:31.153Z monthly 0.6 https://detectionlint.org/library/sigma-microsoft-365---user-restricted-from-sending-email-8a8d6159 2026-04-25T16:13:30.914Z monthly 0.6 https://detectionlint.org/library/sigma-microsoft-365---unusual-volume-of-file-deletion-0121f896 2026-04-25T16:13:30.651Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-oauth-app-file-download-activities-59b0fc37 2026-04-25T16:13:30.405Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-inbox-forwarding-896c0db2 2026-04-25T16:13:30.154Z monthly 0.6 https://detectionlint.org/library/sigma-pst-export-alert-using-new-compliancesearchaction-bde39055 2026-04-25T16:13:29.865Z monthly 0.6 https://detectionlint.org/library/sigma-pst-export-alert-using-ediscovery-alert-cd3e91f5 2026-04-25T16:13:29.619Z monthly 0.6 https://detectionlint.org/library/sigma-microsoft-365---potential-ransomware-activity-0f49f02a 2026-04-25T16:13:29.375Z monthly 0.6 https://detectionlint.org/library/sigma-logon-from-a-risky-ip-address-514636f7 2026-04-25T16:13:29.131Z monthly 0.6 https://detectionlint.org/library/sigma-microsoft-365---impossible-travel-activity-3399ffbd 2026-04-25T16:13:28.868Z monthly 0.6 https://detectionlint.org/library/sigma-data-exfiltration-to-unsanctioned-apps-2192f79a 2026-04-25T16:13:28.624Z monthly 0.6 https://detectionlint.org/library/sigma-activity-from-infrequent-country-9b9fa469 2026-04-25T16:13:28.372Z monthly 0.6 https://detectionlint.org/library/sigma-activity-from-anonymous-ip-addresses-32794652 2026-04-25T16:13:28.128Z monthly 0.6 https://detectionlint.org/library/sigma-activity-performed-by-terminated-user-00235dae 2026-04-25T16:13:27.874Z monthly 0.6 https://detectionlint.org/library/sigma-activity-from-suspicious-ip-addresses-f7799957 2026-04-25T16:13:27.599Z monthly 0.6 https://detectionlint.org/library/sigma-new-federated-domain-added---exchange-97888086 2026-04-25T16:13:27.363Z monthly 0.6 https://detectionlint.org/library/sigma-new-federated-domain-added-db541ce9 2026-04-25T16:13:27.126Z monthly 0.6 https://detectionlint.org/library/sigma-disabling-multi-factor-authentication-f98986df 2026-04-25T16:13:26.797Z monthly 0.6 https://detectionlint.org/library/sigma-azure-login-bypassing-conditional-access-policies-a05ee3c4 2026-04-25T16:13:26.558Z monthly 0.6 https://detectionlint.org/library/sigma-google-workspace-user-granted-admin-privileges-96855645 2026-04-25T16:13:26.299Z monthly 0.6 https://detectionlint.org/library/sigma-google-workspace-role-privilege-deleted-d55fbc2e 2026-04-25T16:13:26.039Z monthly 0.6 https://detectionlint.org/library/sigma-google-workspace-role-modified-or-deleted-d0c3fe93 2026-04-25T16:13:25.780Z monthly 0.6 https://detectionlint.org/library/sigma-google-workspace-mfa-disabled-9cc97774 2026-04-25T16:13:25.542Z monthly 0.6 https://detectionlint.org/library/sigma-google-workspace-granted-domain-api-access-e5243c31 2026-04-25T16:13:25.300Z monthly 0.6 https://detectionlint.org/library/sigma-google-workspace-application-removed-57c22e8b 2026-04-25T16:13:25.053Z monthly 0.6 https://detectionlint.org/library/sigma-google-workspace-application-access-level-modified-5ca3a8bd 2026-04-25T16:13:24.813Z monthly 0.6 https://detectionlint.org/library/sigma-google-cloud-vpn-tunnel-modified-or-deleted-7dbd2c99 2026-04-25T16:13:24.551Z monthly 0.6 https://detectionlint.org/library/sigma-google-cloud-sql-database-modified-or-deleted-a0fdca29 2026-04-25T16:13:24.296Z monthly 0.6 https://detectionlint.org/library/sigma-google-cloud-service-account-modified-8dd623db 2026-04-25T16:13:24.061Z monthly 0.6 https://detectionlint.org/library/sigma-google-cloud-service-account-disabled-or-deleted-611f4ca4 2026-04-25T16:13:23.808Z monthly 0.6 https://detectionlint.org/library/sigma-google-cloud-kubernetes-secrets-modified-or-deleted-c483836a 2026-04-25T16:13:23.565Z monthly 0.6 https://detectionlint.org/library/sigma-google-cloud-kubernetes-rolebinding-274c8512 2026-04-25T16:13:23.314Z monthly 0.6 https://detectionlint.org/library/sigma-google-cloud-kubernetes-cronjob-55926362 2026-04-25T16:13:23.055Z monthly 0.6 https://detectionlint.org/library/sigma-google-cloud-kubernetes-admission-controller-82e9fbeb 2026-04-25T16:13:22.807Z monthly 0.6 https://detectionlint.org/library/sigma-google-full-network-traffic-packet-capture-bb72ea3c 2026-04-25T16:13:22.534Z monthly 0.6 https://detectionlint.org/library/sigma-google-cloud-firewall-modified-or-deleted-2ececaac 2026-04-25T16:13:22.278Z monthly 0.6 https://detectionlint.org/library/sigma-google-cloud-dns-zone-modified-or-deleted-8fb6d3a5 2026-04-25T16:13:22.037Z monthly 0.6 https://detectionlint.org/library/sigma-google-cloud-re-identifies-sensitive-information-3c0883bc 2026-04-25T16:13:21.777Z monthly 0.6 https://detectionlint.org/library/sigma-google-cloud-storage-buckets-modified-or-deleted-98b3ad9f 2026-04-25T16:13:21.535Z monthly 0.6 https://detectionlint.org/library/sigma-google-cloud-storage-buckets-enumeration-1d4ca628 2026-04-25T16:13:21.289Z monthly 0.6 https://detectionlint.org/library/sigma-gcp-break-glass-container-workload-deployed-35e60c47 2026-04-25T16:13:21.048Z monthly 0.6 https://detectionlint.org/library/sigma-gcp-access-policy-deleted-66e6bea1 2026-04-25T16:13:20.801Z monthly 0.6 https://detectionlint.org/library/sigma-users-authenticating-to-other-azure-ad-tenants-0679b71d 2026-04-25T16:13:20.557Z monthly 0.6 https://detectionlint.org/library/sigma-user-access-blocked-by-azure-conditional-access-b0466860 2026-04-25T16:13:20.303Z monthly 0.6 https://detectionlint.org/library/sigma-azure-unusual-authentication-interruption-d36c9080 2026-04-25T16:13:20.037Z monthly 0.6 https://detectionlint.org/library/sigma-multifactor-authentication-interrupted-3cde61fa 2026-04-25T16:13:19.775Z monthly 0.6 https://detectionlint.org/library/sigma-multifactor-authentication-denied-e6756049 2026-04-25T16:13:19.519Z monthly 0.6 https://detectionlint.org/library/sigma-login-to-disabled-account-34cae106 2026-04-25T16:13:19.236Z monthly 0.6 https://detectionlint.org/library/sigma-use-of-legacy-authentication-protocols-3eb3d923 2026-04-25T16:13:18.986Z monthly 0.6 https://detectionlint.org/library/sigma-sign-in-failure-due-to-conditional-access-requirements-not-m-acd2aed4 2026-04-25T16:13:18.719Z monthly 0.6 https://detectionlint.org/library/sigma-account-disabled-or-blocked-for-sign-in-attempts-b1fb9b92 2026-04-25T16:13:18.461Z monthly 0.6 https://detectionlint.org/library/sigma-applications-that-are-using-ropc-authentication-flow-9da07642 2026-04-25T16:13:18.218Z monthly 0.6 https://detectionlint.org/library/sigma-application-using-device-code-authentication-flow-3e1ac553 2026-04-25T16:13:17.966Z monthly 0.6 https://detectionlint.org/library/sigma-potential-mfa-bypass-using-legacy-client-authentication-488fc09c 2026-04-25T16:13:17.728Z monthly 0.6 https://detectionlint.org/library/sigma-sign-ins-by-unknown-devices-92a4f7fc 2026-04-25T16:13:17.479Z monthly 0.6 https://detectionlint.org/library/sigma-sign-ins-from-non-compliant-devices-8ca22f5e 2026-04-25T16:13:17.234Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-signins-from-a-non-registered-device-79eb866a 2026-04-25T16:13:16.988Z monthly 0.6 https://detectionlint.org/library/sigma-azure-ad-only-single-factor-authentication-required-7586ebfb 2026-04-25T16:13:16.740Z monthly 0.6 https://detectionlint.org/library/sigma-failed-authentications-from-countries-you-do-not-operate-out-640b1eb9 2026-04-25T16:13:16.461Z monthly 0.6 https://detectionlint.org/library/sigma-device-registration-or-join-without-mfa-b9ead242 2026-04-25T16:13:16.219Z monthly 0.6 https://detectionlint.org/library/sigma-discovery-using-azurehound-afaf7343 2026-04-25T16:13:15.977Z monthly 0.6 https://detectionlint.org/library/sigma-successful-authentications-from-countries-you-do-not-operate-96ddc47d 2026-04-25T16:13:15.714Z monthly 0.6 https://detectionlint.org/library/sigma-authentications-to-important-apps-using-single-factor-authen-46596798 2026-04-25T16:13:15.468Z monthly 0.6 https://detectionlint.org/library/sigma-measurable-increase-of-successful-authentications-b4cfc21f 2026-04-25T16:13:15.204Z monthly 0.6 https://detectionlint.org/library/sigma-increased-failed-authentications-of-any-type-ef7a8732 2026-04-25T16:13:14.964Z monthly 0.6 https://detectionlint.org/library/sigma-account-lockout-487d1f4a 2026-04-25T16:13:14.714Z monthly 0.6 https://detectionlint.org/library/sigma-too-many-global-admins-c713b07d 2026-04-25T16:13:14.478Z monthly 0.6 https://detectionlint.org/library/sigma-roles-are-not-being-used-37714727 2026-04-25T16:13:14.226Z monthly 0.6 https://detectionlint.org/library/sigma-roles-activation-doesnt-require-mfa-637ce8d6 2026-04-25T16:13:13.977Z monthly 0.6 https://detectionlint.org/library/sigma-roles-activated-too-frequently-f4b381d2 2026-04-25T16:13:13.718Z monthly 0.6 https://detectionlint.org/library/sigma-roles-assigned-outside-pim-3adfd213 2026-04-25T16:13:13.469Z monthly 0.6 https://detectionlint.org/library/sigma-invalid-pim-license-61042efa 2026-04-25T16:13:13.226Z monthly 0.6 https://detectionlint.org/library/sigma-stale-accounts-in-a-privileged-role-43036803 2026-04-25T16:13:12.988Z monthly 0.6 https://detectionlint.org/library/sigma-unfamiliar-sign-in-properties-980a76b3 2026-04-25T16:13:12.740Z monthly 0.6 https://detectionlint.org/library/sigma-saml-token-issuer-anomaly-59c97323 2026-04-25T16:13:12.493Z monthly 0.6 https://detectionlint.org/library/sigma-azure-ad-threat-intelligence-bf2c5e0e 2026-04-25T16:13:12.248Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-browser-activity-c1830edf 2026-04-25T16:13:11.982Z monthly 0.6 https://detectionlint.org/library/sigma-primary-refresh-token-access-attempt-e58f7475 2026-04-25T16:13:11.634Z monthly 0.6 https://detectionlint.org/library/sigma-password-spray-activity-e89f71ea 2026-04-25T16:13:11.380Z monthly 0.6 https://detectionlint.org/library/sigma-new-country-15ab8bff 2026-04-25T16:13:11.127Z monthly 0.6 https://detectionlint.org/library/sigma-sign-in-from-malware-infected-ip-834d289c 2026-04-25T16:13:10.864Z monthly 0.6 https://detectionlint.org/library/sigma-malicious-ip-address-sign-in-suspicious-5c0cc361 2026-04-25T16:13:10.597Z monthly 0.6 https://detectionlint.org/library/sigma-malicious-ip-address-sign-in-failure-rate-306495f1 2026-04-25T16:13:10.340Z monthly 0.6 https://detectionlint.org/library/sigma-azure-ad-account-credential-leaked-3260fe5b 2026-04-25T16:13:10.087Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-inbox-manipulation-rules-a9bc1925 2026-04-25T16:13:09.842Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-inbox-forwarding-identity-protection-749be749 2026-04-25T16:13:09.578Z monthly 0.6 https://detectionlint.org/library/sigma-impossible-travel-bec03255 2026-04-25T16:13:09.335Z monthly 0.6 https://detectionlint.org/library/sigma-atypical-travel-e542df6c 2026-04-25T16:13:09.085Z monthly 0.6 https://detectionlint.org/library/sigma-anonymous-ip-address-78d11161 2026-04-25T16:13:08.834Z monthly 0.6 https://detectionlint.org/library/sigma-activity-from-anonymous-ip-address-9fc809b8 2026-04-25T16:13:08.588Z monthly 0.6 https://detectionlint.org/library/sigma-anomalous-user-activity-ca0da9f5 2026-04-25T16:13:08.345Z monthly 0.6 https://detectionlint.org/library/sigma-anomalous-token-177c7609 2026-04-25T16:13:08.098Z monthly 0.6 https://detectionlint.org/library/sigma-password-reset-by-user-account-5a648dbd 2026-04-25T16:13:07.849Z monthly 0.6 https://detectionlint.org/library/sigma-multi-factor-authentication-disabled-for-user-account-5361e850 2026-04-25T16:13:07.597Z monthly 0.6 https://detectionlint.org/library/sigma-user-risk-and-mfa-registration-policy-updated-4aeed204 2026-04-25T16:13:07.347Z monthly 0.6 https://detectionlint.org/library/sigma-temporary-access-pass-added-to-an-account-41ca07a6 2026-04-25T16:13:07.104Z monthly 0.6 https://detectionlint.org/library/sigma-azure-subscription-permission-elevation-via-auditlogs-f664f58e 2026-04-25T16:13:06.832Z monthly 0.6 https://detectionlint.org/library/sigma-privileged-account-creation-14c7a589 2026-04-25T16:13:06.587Z monthly 0.6 https://detectionlint.org/library/sigma-bulk-deletion-changes-to-privileged-account-permissions-207ce2a2 2026-04-25T16:13:06.334Z monthly 0.6 https://detectionlint.org/library/sigma-user-added-to-privilege-role-9543278f 2026-04-25T16:13:06.064Z monthly 0.6 https://detectionlint.org/library/sigma-changes-to-pim-settings-cfc9c048 2026-04-25T16:13:05.820Z monthly 0.6 https://detectionlint.org/library/sigma-pim-alert-setting-changes-to-disabled-68afe6f6 2026-04-25T16:13:05.579Z monthly 0.6 https://detectionlint.org/library/sigma-pim-approvals-and-deny-elevation-52e256ee 2026-04-25T16:13:05.341Z monthly 0.6 https://detectionlint.org/library/sigma-user-state-changed-from-guest-to-member-e4100085 2026-04-25T16:13:05.089Z monthly 0.6 https://detectionlint.org/library/sigma-guest-user-invited-by-non-approved-inviters-d1e7d672 2026-04-25T16:13:04.839Z monthly 0.6 https://detectionlint.org/library/sigma-user-removed-from-group-with-ca-policy-modification-access-f21ddf59 2026-04-25T16:13:04.596Z monthly 0.6 https://detectionlint.org/library/sigma-user-added-to-group-with-ca-policy-modification-access-f7b1c4b1 2026-04-25T16:13:04.349Z monthly 0.6 https://detectionlint.org/library/sigma-azure-domain-federation-settings-modified-9276c952 2026-04-25T16:13:04.101Z monthly 0.6 https://detectionlint.org/library/sigma-change-to-authentication-method-8858d8fd 2026-04-25T16:13:03.826Z monthly 0.6 https://detectionlint.org/library/sigma-windows-laps-credential-dump-from-entra-id-14a84721 2026-04-25T16:13:03.565Z monthly 0.6 https://detectionlint.org/library/sigma-application-uri-configuration-changes-cf786816 2026-04-25T16:13:03.303Z monthly 0.6 https://detectionlint.org/library/sigma-app-assigned-to-azure-rbacmicrosoft-entra-role-04dfbea3 2026-04-25T16:13:03.045Z monthly 0.6 https://detectionlint.org/library/sigma-app-granted-privileged-delegated-or-app-permissions-eb003f83 2026-04-25T16:13:02.779Z monthly 0.6 https://detectionlint.org/library/sigma-app-granted-microsoft-permissions-8055f739 2026-04-25T16:13:02.524Z monthly 0.6 https://detectionlint.org/library/sigma-added-owner-to-application-aa2734d5 2026-04-25T16:13:02.267Z monthly 0.6 https://detectionlint.org/library/sigma-end-user-consent-blocked-e1c92ee4 2026-04-25T16:13:02.018Z monthly 0.6 https://detectionlint.org/library/sigma-end-user-consent-c09f9225 2026-04-25T16:13:01.760Z monthly 0.6 https://detectionlint.org/library/sigma-delegated-permissions-granted-for-all-users-9fad4684 2026-04-25T16:13:01.502Z monthly 0.6 https://detectionlint.org/library/sigma-added-credentials-to-existing-application-eeb9f4d1 2026-04-25T16:13:01.254Z monthly 0.6 https://detectionlint.org/library/sigma-application-appid-uri-configuration-changes-929f0072 2026-04-25T16:13:01.001Z monthly 0.6 https://detectionlint.org/library/sigma-users-added-to-global-or-device-admin-roles-3b027631 2026-04-25T16:13:00.769Z monthly 0.6 https://detectionlint.org/library/sigma-new-root-certificate-authority-added-610e2262 2026-04-25T16:13:00.529Z monthly 0.6 https://detectionlint.org/library/sigma-guest-users-invited-to-tenant-by-non-approved-inviters-2d66aad9 2026-04-25T16:13:00.274Z monthly 0.6 https://detectionlint.org/library/sigma-changes-to-device-registration-policy-18a22d75 2026-04-25T16:13:00.009Z monthly 0.6 https://detectionlint.org/library/sigma-certificate-based-authentication-enabled-6bc85713 2026-04-25T16:12:59.762Z monthly 0.6 https://detectionlint.org/library/sigma-bitlocker-key-retrieval-3c1fe211 2026-04-25T16:12:59.509Z monthly 0.6 https://detectionlint.org/library/sigma-account-created-and-deleted-within-a-close-time-frame-a2847171 2026-04-25T16:12:59.250Z monthly 0.6 https://detectionlint.org/library/sigma-new-ca-policy-by-non-approved-actor-e508406e 2026-04-25T16:12:59.001Z monthly 0.6 https://detectionlint.org/library/sigma-ca-policy-updated-by-non-approved-actor-232a549c 2026-04-25T16:12:58.742Z monthly 0.6 https://detectionlint.org/library/sigma-ca-policy-removed-by-non-approved-actor-c3a52315 2026-04-25T16:12:58.496Z monthly 0.6 https://detectionlint.org/library/sigma-azure-vpn-connection-modified-or-deleted-5e520057 2026-04-25T16:12:58.246Z monthly 0.6 https://detectionlint.org/library/sigma-azure-virtual-network-modified-or-deleted-08dab8e1 2026-04-25T16:12:57.994Z monthly 0.6 https://detectionlint.org/library/sigma-azure-suppression-rule-created-4d4c8afa 2026-04-25T16:12:57.755Z monthly 0.6 https://detectionlint.org/library/sigma-azure-subscription-permission-elevation-via-activitylogs-030f2a3b 2026-04-25T16:12:57.514Z monthly 0.6 https://detectionlint.org/library/sigma-azure-service-principal-removed-5aa4bb99 2026-04-25T16:12:57.276Z monthly 0.6 https://detectionlint.org/library/sigma-azure-service-principal-created-be8cd743 2026-04-25T16:12:57.030Z monthly 0.6 https://detectionlint.org/library/sigma-rare-subscription-level-operations-in-azure-d69c7822 2026-04-25T16:12:56.777Z monthly 0.6 https://detectionlint.org/library/sigma-azure-owner-removed-from-application-or-service-principal-273e7add 2026-04-25T16:12:56.447Z monthly 0.6 https://detectionlint.org/library/sigma-azure-new-cloudshell-created-f16f35a6 2026-04-25T16:12:56.199Z monthly 0.6 https://detectionlint.org/library/sigma-azure-virtual-network-device-modified-or-deleted-7ac9a2e7 2026-04-25T16:12:55.942Z monthly 0.6 https://detectionlint.org/library/sigma-azure-network-security-configuration-modified-or-deleted-bfe60782 2026-04-25T16:12:55.697Z monthly 0.6 https://detectionlint.org/library/sigma-azure-point-to-site-vpn-modified-or-deleted-09c37567 2026-04-25T16:12:55.445Z monthly 0.6 https://detectionlint.org/library/sigma-azure-firewall-rule-configuration-modified-or-deleted-4540ca4c 2026-04-25T16:12:55.196Z monthly 0.6 https://detectionlint.org/library/sigma-azure-network-firewall-policy-modified-or-deleted-664fee81 2026-04-25T16:12:54.954Z monthly 0.6 https://detectionlint.org/library/sigma-disabled-mfa-to-bypass-authentication-mechanisms-6527024d 2026-04-25T16:12:54.706Z monthly 0.6 https://detectionlint.org/library/sigma-azure-kubernetes-service-account-modified-or-deleted-c50841d2 2026-04-25T16:12:54.456Z monthly 0.6 https://detectionlint.org/library/sigma-azure-kubernetes-secret-or-config-object-access-e08d5d85 2026-04-25T16:12:54.154Z monthly 0.6 https://detectionlint.org/library/sigma-azure-kubernetes-rolebindingclusterrolebinding-modified-and--31a9d404 2026-04-25T16:12:53.906Z monthly 0.6 https://detectionlint.org/library/sigma-azure-kubernetes-sensitive-role-access-1d63b3cf 2026-04-25T16:12:53.659Z monthly 0.6 https://detectionlint.org/library/sigma-azure-kubernetes-pods-deleted-ef72a056 2026-04-25T16:12:53.409Z monthly 0.6 https://detectionlint.org/library/sigma-azure-kubernetes-network-policy-change-36459040 2026-04-25T16:12:53.156Z monthly 0.6 https://detectionlint.org/library/sigma-azure-kubernetes-events-deleted-02771811 2026-04-25T16:12:52.907Z monthly 0.6 https://detectionlint.org/library/sigma-azure-kubernetes-cronjob-eb9b3491 2026-04-25T16:12:52.663Z monthly 0.6 https://detectionlint.org/library/sigma-azure-kubernetes-cluster-created-or-deleted-9686b394 2026-04-25T16:12:52.416Z monthly 0.6 https://detectionlint.org/library/sigma-azure-kubernetes-admission-controller-7c6bad7c 2026-04-25T16:12:52.177Z monthly 0.6 https://detectionlint.org/library/sigma-azure-keyvault-secrets-modified-or-deleted-ed8343f8 2026-04-25T16:12:51.935Z monthly 0.6 https://detectionlint.org/library/sigma-azure-key-vault-modified-or-deleted-aa9b5229 2026-04-25T16:12:51.666Z monthly 0.6 https://detectionlint.org/library/sigma-azure-keyvault-key-modified-or-deleted-356a6c80 2026-04-25T16:12:51.428Z monthly 0.6 https://detectionlint.org/library/sigma-granting-of-permissions-to-an-account-e8729d09 2026-04-25T16:12:51.176Z monthly 0.6 https://detectionlint.org/library/sigma-azure-firewall-rule-collection-modified-or-deleted-ebb1e541 2026-04-25T16:12:50.933Z monthly 0.6 https://detectionlint.org/library/sigma-azure-firewall-modified-or-deleted-1dc8e9f1 2026-04-25T16:12:50.697Z monthly 0.6 https://detectionlint.org/library/sigma-azure-dns-zone-modified-or-deleted-f754f1ad 2026-04-25T16:12:50.430Z monthly 0.6 https://detectionlint.org/library/sigma-azure-device-or-configuration-modified-or-deleted-b7eba6d5 2026-04-25T16:12:50.182Z monthly 0.6 https://detectionlint.org/library/sigma-azure-device-no-longer-managed-or-compliant-1bb289bc 2026-04-25T16:12:49.942Z monthly 0.6 https://detectionlint.org/library/sigma-number-of-resource-creation-or-deployment-activities-70cc765e 2026-04-25T16:12:49.697Z monthly 0.6 https://detectionlint.org/library/sigma-azure-container-registry-created-or-deleted-f654813a 2026-04-25T16:12:49.450Z monthly 0.6 https://detectionlint.org/library/sigma-azure-application-security-group-modified-or-deleted-39bc3d8f 2026-04-25T16:12:49.199Z monthly 0.6 https://detectionlint.org/library/sigma-azure-application-gateway-modified-or-deleted-0f86dd14 2026-04-25T16:12:48.950Z monthly 0.6 https://detectionlint.org/library/sigma-azure-application-deleted-fe7de120 2026-04-25T16:12:48.705Z monthly 0.6 https://detectionlint.org/library/sigma-user-added-to-an-administrators-azure-ad-role-42038783 2026-04-25T16:12:48.458Z monthly 0.6 https://detectionlint.org/library/sigma-azure-active-directory-hybrid-health-ad-fs-service-delete-4047f3a6 2026-04-25T16:12:48.215Z monthly 0.6 https://detectionlint.org/library/sigma-azure-active-directory-hybrid-health-ad-fs-new-server-4b4283ac 2026-04-25T16:12:47.967Z monthly 0.6 https://detectionlint.org/library/sigma-aws-user-login-profile-was-modified-d29c5712 2026-04-25T16:12:47.724Z monthly 0.6 https://detectionlint.org/library/sigma-aws-suspicious-saml-activity-327a7c19 2026-04-25T16:12:47.477Z monthly 0.6 https://detectionlint.org/library/sigma-aws-sts-getsessiontoken-misuse-f151a22f 2026-04-25T16:12:47.223Z monthly 0.6 https://detectionlint.org/library/sigma-aws-sts-getcalleridentity-enumeration-via-trufflehog-0ac6ba13 2026-04-25T16:12:46.974Z monthly 0.6 https://detectionlint.org/library/sigma-aws-sts-assumerole-misuse-7e34e55f 2026-04-25T16:12:46.718Z monthly 0.6 https://detectionlint.org/library/sigma-aws-identity-center-identity-provider-change-57d10070 2026-04-25T16:12:46.479Z monthly 0.6 https://detectionlint.org/library/sigma-aws-snapshot-backup-exfiltration-f51c4544 2026-04-25T16:12:46.236Z monthly 0.6 https://detectionlint.org/library/sigma-aws-securityhub-findings-evasion-bced615f 2026-04-25T16:12:45.990Z monthly 0.6 https://detectionlint.org/library/sigma-aws-s3-data-management-tampering-880d32e8 2026-04-25T16:12:45.746Z monthly 0.6 https://detectionlint.org/library/sigma-aws-route-53-domain-transferred-to-another-account-85653edb 2026-04-25T16:12:45.506Z monthly 0.6 https://detectionlint.org/library/sigma-aws-route-53-domain-transfer-lock-disabled-01ef8430 2026-04-25T16:12:45.260Z monthly 0.6 https://detectionlint.org/library/sigma-aws-root-credentials-a4a22f4d 2026-04-25T16:12:45.005Z monthly 0.6 https://detectionlint.org/library/sigma-restore-public-aws-rds-instance-b15f0a86 2026-04-25T16:12:44.746Z monthly 0.6 https://detectionlint.org/library/sigma-modification-or-deletion-of-an-aws-rds-cluster-7be9df2d 2026-04-25T16:12:44.469Z monthly 0.6 https://detectionlint.org/library/sigma-aws-rds-master-password-change-0656eb07 2026-04-25T16:12:44.216Z monthly 0.6 https://detectionlint.org/library/sigma-aws-glue-development-endpoint-activity-e1cf2282 2026-04-25T16:12:43.949Z monthly 0.6 https://detectionlint.org/library/sigma-aws-new-lambda-layer-attached-47301c0a 2026-04-25T16:12:43.697Z monthly 0.6 https://detectionlint.org/library/sigma-new-aws-lambda-function-url-configuration-created-0650f816 2026-04-25T16:12:43.458Z monthly 0.6 https://detectionlint.org/library/sigma-aws-kms-imported-key-material-usage-1f189644 2026-04-25T16:12:43.209Z monthly 0.6 https://detectionlint.org/library/sigma-aws-iam-s3browser-user-or-accesskey-creation-240d8e75 2026-04-25T16:12:42.946Z monthly 0.6 https://detectionlint.org/library/sigma-aws-iam-s3browser-templated-s3-bucket-policy-creation-78d32a90 2026-04-25T16:12:42.696Z monthly 0.6 https://detectionlint.org/library/sigma-aws-iam-s3browser-loginprofile-creation-2a15e26d 2026-04-25T16:12:42.449Z monthly 0.6 https://detectionlint.org/library/sigma-aws-iam-backdoor-users-keys-3dd4fe36 2026-04-25T16:12:42.210Z monthly 0.6 https://detectionlint.org/library/sigma-aws-guardduty-important-change-fba5595b 2026-04-25T16:12:41.969Z monthly 0.6 https://detectionlint.org/library/sigma-potential-bucket-enumeration-on-aws-9aa68b0f 2026-04-25T16:12:41.726Z monthly 0.6 https://detectionlint.org/library/sigma-aws-elasticache-security-group-modified-or-deleted-6a4cb1cd 2026-04-25T16:12:41.391Z monthly 0.6 https://detectionlint.org/library/sigma-aws-elasticache-security-group-created-027461e0 2026-04-25T16:12:41.135Z monthly 0.6 https://detectionlint.org/library/sigma-aws-eks-cluster-created-or-deleted-14feca5a 2026-04-25T16:12:40.897Z monthly 0.6 https://detectionlint.org/library/sigma-aws-efs-fileshare-mount-modified-or-deleted-ee799695 2026-04-25T16:12:40.650Z monthly 0.6 https://detectionlint.org/library/sigma-aws-efs-fileshare-modified-or-deleted-e699bbac 2026-04-25T16:12:40.397Z monthly 0.6 https://detectionlint.org/library/sigma-aws-ecs-task-definition-that-queries-the-credential-endpoint-4af2f599 2026-04-25T16:12:40.117Z monthly 0.6 https://detectionlint.org/library/sigma-aws-ec2-vm-export-failure-85fb35c3 2026-04-25T16:12:39.875Z monthly 0.6 https://detectionlint.org/library/sigma-aws-ec2-startup-shell-script-change-8b58ce74 2026-04-25T16:12:39.626Z monthly 0.6 https://detectionlint.org/library/sigma-aws-key-pair-import-activity-3eb0be9d 2026-04-25T16:12:39.366Z monthly 0.6 https://detectionlint.org/library/sigma-aws-ec2-disable-ebs-encryption-32d77e9f 2026-04-25T16:12:39.120Z monthly 0.6 https://detectionlint.org/library/sigma-aws-s3-bucket-versioning-disable-d8878bcf 2026-04-25T16:12:38.875Z monthly 0.6 https://detectionlint.org/library/sigma-aws-saml-provider-deletion-activity-ed86afc5 2026-04-25T16:12:38.628Z monthly 0.6 https://detectionlint.org/library/sigma-ses-identity-has-been-deleted-440cf3d2 2026-04-25T16:12:38.366Z monthly 0.6 https://detectionlint.org/library/sigma-aws-console-getsignintoken-potential-abuse-0bfc5c95 2026-04-25T16:12:38.114Z monthly 0.6 https://detectionlint.org/library/sigma-aws-config-disabling-channelrecorder-396135c6 2026-04-25T16:12:37.876Z monthly 0.6 https://detectionlint.org/library/sigma-aws-vpc-flow-logs-deleted-26ed17f9 2026-04-25T16:12:37.621Z monthly 0.6 https://detectionlint.org/library/sigma-potential-malicious-usage-of-cloudtrail-system-manager-3d394a4a 2026-04-25T16:12:37.377Z monthly 0.6 https://detectionlint.org/library/sigma-rds-database-security-group-modification-7d556a29 2026-04-25T16:12:37.135Z monthly 0.6 https://detectionlint.org/library/sigma-loadbalancer-security-group-modification-5e263454 2026-04-25T16:12:36.894Z monthly 0.6 https://detectionlint.org/library/sigma-ingressegress-security-group-modification-c23b903d 2026-04-25T16:12:36.657Z monthly 0.6 https://detectionlint.org/library/sigma-aws-enableregion-command-monitoring-bcbb8f7b 2026-04-25T16:12:36.415Z monthly 0.6 https://detectionlint.org/library/sigma-pua---aws-trufflehog-execution-a31d1b5e 2026-04-25T16:12:36.157Z monthly 0.6 https://detectionlint.org/library/sigma-new-network-route-added-537bd7b3 2026-04-25T16:12:35.869Z monthly 0.6 https://detectionlint.org/library/sigma-new-network-acl-entry-added-d22109af 2026-04-25T16:12:35.617Z monthly 0.6 https://detectionlint.org/library/sigma-malicious-usage-of-imds-credentials-outside-of-aws-infrastru-866bd39c 2026-04-25T16:12:35.369Z monthly 0.6 https://detectionlint.org/library/sigma-aws-guardduty-detector-deleted-or-updated-727fcbfc 2026-04-25T16:12:35.097Z monthly 0.6 https://detectionlint.org/library/sigma-aws-cloudtrail-important-change-320e9b12 2026-04-25T16:12:34.860Z monthly 0.6 https://detectionlint.org/library/sigma-aws-successful-console-login-without-mfa-c3d85db9 2026-04-25T16:12:34.619Z monthly 0.6 https://detectionlint.org/library/sigma-aws-consolelogin-failed-authentication-ca814c8c 2026-04-25T16:12:34.365Z monthly 0.6 https://detectionlint.org/library/sigma-aws-bucket-deleted-0f9bf442 2026-04-25T16:12:34.126Z monthly 0.6 https://detectionlint.org/library/sigma-potential-xcsset-malware-infection-c6f9bb83 2026-04-25T16:12:33.877Z monthly 0.6 https://detectionlint.org/library/sigma-gatekeeper-bypass-via-xattr-ecf9f57e 2026-04-25T16:12:33.625Z monthly 0.6 https://detectionlint.org/library/sigma-potential-wizardupdate-malware-infection-38f7f197 2026-04-25T16:12:33.385Z monthly 0.6 https://detectionlint.org/library/sigma-new-file-exclusion-added-to-time-machine-via-tmutil---macos-2caf7d23 2026-04-25T16:12:33.134Z monthly 0.6 https://detectionlint.org/library/sigma-time-machine-backup-disabled-via-tmutil---macos-47aeb8c7 2026-04-25T16:12:32.880Z monthly 0.6 https://detectionlint.org/library/sigma-time-machine-backup-deletion-attempt-via-tmutil---macos-25da3a8d 2026-04-25T16:12:32.637Z monthly 0.6 https://detectionlint.org/library/sigma-potential-base64-decoded-from-images-dd1919f7 2026-04-25T16:12:32.387Z monthly 0.6 https://detectionlint.org/library/sigma-system-shutdownreboot---macos-aca52ed8 2026-04-25T16:12:32.128Z monthly 0.6 https://detectionlint.org/library/sigma-system-information-discovery-using-system_profiler-2ac592ff 2026-04-25T16:12:31.882Z monthly 0.6 https://detectionlint.org/library/sigma-system-network-connections-discovery---macos-d61dd9d9 2026-04-25T16:12:31.636Z monthly 0.6 https://detectionlint.org/library/sigma-system-information-discovery-via-sysctl---macos-f5d6b728 2026-04-25T16:12:31.385Z monthly 0.6 https://detectionlint.org/library/sigma-guest-account-enabled-via-sysadminctl-86e29d15 2026-04-25T16:12:31.137Z monthly 0.6 https://detectionlint.org/library/sigma-user-added-to-admin-group-via-sysadminctl-23b13982 2026-04-25T16:12:30.886Z monthly 0.6 https://detectionlint.org/library/sigma-system-information-discovery-using-sw_vers-efa00710 2026-04-25T16:12:30.608Z monthly 0.6 https://detectionlint.org/library/sigma-osacompile-execution-by-potentially-suspicious-appletosascri-ce02ee87 2026-04-25T16:12:30.361Z monthly 0.6 https://detectionlint.org/library/sigma-system-network-discovery---macos-dc1b4572 2026-04-25T16:12:30.091Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-macos-firmware-activity-16da0593 2026-04-25T16:12:29.858Z monthly 0.6 https://detectionlint.org/library/sigma-potential-in-memory-download-and-compile-of-payloads-68d652f7 2026-04-25T16:12:29.608Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-history-file-operations-45bc9044 2026-04-25T16:12:29.363Z monthly 0.6 https://detectionlint.org/library/sigma-potential-discovery-activity-using-find---macos-c58efc57 2026-04-25T16:12:29.117Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-execution-via-macos-script-editor-8aadc238 2026-04-25T16:12:28.855Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-browser-child-process---macos-3aa8fef6 2026-04-25T16:12:28.609Z monthly 0.6 https://detectionlint.org/library/sigma-split-a-file-into-pieces-df5ed43f 2026-04-25T16:12:28.361Z monthly 0.6 https://detectionlint.org/library/sigma-space-after-filename---macos-a0cd7153 2026-04-25T16:12:28.105Z monthly 0.6 https://detectionlint.org/library/sigma-security-software-discovery---macos-394714d2 2026-04-25T16:12:27.857Z monthly 0.6 https://detectionlint.org/library/sigma-screen-capture---macos-f981cd89 2026-04-25T16:12:27.593Z monthly 0.6 https://detectionlint.org/library/sigma-scheduled-cron-taskjob---macos-c3d5daf4 2026-04-25T16:12:27.347Z monthly 0.6 https://detectionlint.org/library/sigma-macos-remote-system-discovery-abf54436 2026-04-25T16:12:27.094Z monthly 0.6 https://detectionlint.org/library/sigma-remote-access-tool---team-viewer-session-started-on-macos-ho-5b8689be 2026-04-25T16:12:26.836Z monthly 0.6 https://detectionlint.org/library/sigma-remote-access-tool---renamed-meshagent-execution---macos-98ac58af 2026-04-25T16:12:26.579Z monthly 0.6 https://detectionlint.org/library/sigma-remote-access-tool---potential-meshagent-execution---macos-b4e0fc89 2026-04-25T16:12:26.246Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-via-plistbuddy-cfe2a922 2026-04-25T16:12:25.991Z monthly 0.6 https://detectionlint.org/library/sigma-payload-decoded-and-decrypted-via-built-in-utilities-cab9a71c 2026-04-25T16:12:25.749Z monthly 0.6 https://detectionlint.org/library/sigma-osacompile-run-only-execution-3e26c1f8 2026-04-25T16:12:25.502Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-microsoft-office-child-process---macos-6c705380 2026-04-25T16:12:25.262Z monthly 0.6 https://detectionlint.org/library/sigma-file-download-via-nscurl---macos-6a353f7d 2026-04-25T16:12:24.994Z monthly 0.6 https://detectionlint.org/library/sigma-network-sniffing---macos-09b3eb3f 2026-04-25T16:12:24.743Z monthly 0.6 https://detectionlint.org/library/sigma-macos-network-service-scanning-73b23229 2026-04-25T16:12:24.494Z monthly 0.6 https://detectionlint.org/library/sigma-local-groups-discovery---macos-a9259a44 2026-04-25T16:12:24.241Z monthly 0.6 https://detectionlint.org/library/sigma-local-system-accounts-discovery---macos-05f99670 2026-04-25T16:12:24.000Z monthly 0.6 https://detectionlint.org/library/sigma-launch-agentdaemon-execution-via-launchctl-335a4a0f 2026-04-25T16:12:23.755Z monthly 0.6 https://detectionlint.org/library/sigma-jxa-in-memory-execution-via-osascript-0a44f3d2 2026-04-25T16:12:23.510Z monthly 0.6 https://detectionlint.org/library/sigma-jamf-mdm-execution-ac638efb 2026-04-25T16:12:23.267Z monthly 0.6 https://detectionlint.org/library/sigma-jamf-mdm-potential-suspicious-child-process-ed6fa5b9 2026-04-25T16:12:23.031Z monthly 0.6 https://detectionlint.org/library/sigma-system-information-discovery-using-ioreg-a9736d6a 2026-04-25T16:12:22.780Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-installer-package-child-process-d47430a6 2026-04-25T16:12:22.525Z monthly 0.6 https://detectionlint.org/library/sigma-disk-image-mounting-via-hdiutil---macos-2a80735b 2026-04-25T16:12:22.279Z monthly 0.6 https://detectionlint.org/library/sigma-disk-image-creation-via-hdiutil---macos-25040801 2026-04-25T16:12:22.023Z monthly 0.6 https://detectionlint.org/library/sigma-gui-input-capture---macos-f88a09d3 2026-04-25T16:12:21.758Z monthly 0.6 https://detectionlint.org/library/sigma-credentials-in-files-fcf27ee3 2026-04-25T16:12:21.513Z monthly 0.6 https://detectionlint.org/library/sigma-file-and-directory-discovery---macos-3d53ad19 2026-04-25T16:12:21.271Z monthly 0.6 https://detectionlint.org/library/sigma-root-account-enable-via-dsenableroot-af02f9c2 2026-04-25T16:12:21.027Z monthly 0.6 https://detectionlint.org/library/sigma-user-added-to-admin-group-via-dseditgroup-5b3b7b5c 2026-04-25T16:12:20.780Z monthly 0.6 https://detectionlint.org/library/sigma-user-added-to-admin-group-via-dscl-11ae9da1 2026-04-25T16:12:20.534Z monthly 0.6 https://detectionlint.org/library/sigma-disable-security-tools-d22d0356 2026-04-25T16:12:20.296Z monthly 0.6 https://detectionlint.org/library/sigma-system-integrity-protection-sip-enumeration-b80e7e9d 2026-04-25T16:12:20.048Z monthly 0.6 https://detectionlint.org/library/sigma-system-integrity-protection-sip-disabled-d4911967 2026-04-25T16:12:19.786Z monthly 0.6 https://detectionlint.org/library/sigma-credentials-from-password-stores---keychain-adca6af8 2026-04-25T16:12:19.538Z monthly 0.6 https://detectionlint.org/library/sigma-hidden-user-creation-6c995857 2026-04-25T16:12:19.286Z monthly 0.6 https://detectionlint.org/library/sigma-creation-of-a-local-user-account-dead2ec0 2026-04-25T16:12:19.032Z monthly 0.6 https://detectionlint.org/library/sigma-clipboard-data-collection-via-osascript-285a7d0c 2026-04-25T16:12:18.777Z monthly 0.6 https://detectionlint.org/library/sigma-indicator-removal-on-host---clear-mac-system-logs-62d5b16a 2026-04-25T16:12:18.529Z monthly 0.6 https://detectionlint.org/library/sigma-hidden-flag-set-on-filedirectory-via-chflags---macos-8ec1ad53 2026-04-25T16:12:18.288Z monthly 0.6 https://detectionlint.org/library/sigma-file-time-attribute-change-7f11664b 2026-04-25T16:12:18.038Z monthly 0.6 https://detectionlint.org/library/sigma-binary-padding---macos-4233f005 2026-04-25T16:12:17.795Z monthly 0.6 https://detectionlint.org/library/sigma-decode-base64-encoded-text--macos-d8d6fa25 2026-04-25T16:12:17.542Z monthly 0.6 https://detectionlint.org/library/sigma-macos-scripting-interpreter-applescript-994588ec 2026-04-25T16:12:17.288Z monthly 0.6 https://detectionlint.org/library/sigma-webshell-remote-command-execution-9ef1058a 2026-04-25T16:12:17.028Z monthly 0.6 https://detectionlint.org/library/sigma-special-file-creation-via-mknod-syscall-ed033360 2026-04-25T16:12:16.779Z monthly 0.6 https://detectionlint.org/library/sigma-program-executions-in-suspicious-folders-39e008ca 2026-04-25T16:12:16.536Z monthly 0.6 https://detectionlint.org/library/sigma-system-info-discovery-via-sysinfo-syscall-db335a70 2026-04-25T16:12:16.276Z monthly 0.6 https://detectionlint.org/library/sigma-split-a-file-into-pieces---linux-34ee1fbf 2026-04-25T16:12:16.023Z monthly 0.6 https://detectionlint.org/library/sigma-linux-network-service-scanning---auditd-1cf8f8bd 2026-04-25T16:12:15.764Z monthly 0.6 https://detectionlint.org/library/sigma-loading-of-kernel-module-via-insmod-ffc1793c 2026-04-25T16:12:15.505Z monthly 0.6 https://detectionlint.org/library/sigma-creation-of-an-user-account-b65ae8b3 2026-04-25T16:12:15.257Z monthly 0.6 https://detectionlint.org/library/sigma-clear-or-disable-kernel-ring-buffer-logs-via-syslog-syscall-7c299efb 2026-04-25T16:12:15.006Z monthly 0.6 https://detectionlint.org/library/sigma-disable-system-firewall-51ce5736 2026-04-25T16:12:14.735Z monthly 0.6 https://detectionlint.org/library/sigma-unix-shell-configuration-modification-42c68957 2026-04-25T16:12:14.482Z monthly 0.6 https://detectionlint.org/library/sigma-systemd-service-creation-f32bb99c 2026-04-25T16:12:14.239Z monthly 0.6 https://detectionlint.org/library/sigma-system-and-hardware-information-discovery-9d6a2f70 2026-04-25T16:12:13.980Z monthly 0.6 https://detectionlint.org/library/sigma-potential-abuse-of-linux-magic-system-request-key-5fc56197 2026-04-25T16:12:13.713Z monthly 0.6 https://detectionlint.org/library/sigma-logging-configuration-changes-on-linux-host-14a553ba 2026-04-25T16:12:13.457Z monthly 0.6 https://detectionlint.org/library/sigma-modification-of-ldsopreload-30f84dca 2026-04-25T16:12:13.215Z monthly 0.6 https://detectionlint.org/library/sigma-use-of-hidden-paths-or-files-b0ebd2c7 2026-04-25T16:12:12.945Z monthly 0.6 https://detectionlint.org/library/sigma-bpfdoor-abnormal-process-id-or-lock-file-accessed-ec14ad2f 2026-04-25T16:12:12.686Z monthly 0.6 https://detectionlint.org/library/sigma-auditing-configuration-changes-on-linux-host-bf5b786c 2026-04-25T16:12:12.438Z monthly 0.6 https://detectionlint.org/library/sigma-system-information-discovery---auditd-cc31eeb6 2026-04-25T16:12:12.162Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-c2-activities-f40b2f71 2026-04-25T16:12:11.918Z monthly 0.6 https://detectionlint.org/library/sigma-password-policy-discovery---linux-6946c579 2026-04-25T16:12:11.666Z monthly 0.6 https://detectionlint.org/library/sigma-linux-keylogging-with-pamd-6d8c2117 2026-04-25T16:12:11.425Z monthly 0.6 https://detectionlint.org/library/sigma-aslr-disabled-via-sysctl-or-direct-syscall---linux-f2c00c61 2026-04-25T16:12:11.088Z monthly 0.6 https://detectionlint.org/library/sigma-audio-capture-37d202d9 2026-04-25T16:12:10.840Z monthly 0.6 https://detectionlint.org/library/sigma-system-owner-or-user-discovery---linux-6a7f81c3 2026-04-25T16:12:10.597Z monthly 0.6 https://detectionlint.org/library/sigma-steganography-unzip-hidden-information-from-picture-file-a0252ac8 2026-04-25T16:12:10.340Z monthly 0.6 https://detectionlint.org/library/sigma-system-shutdownreboot---linux-b18af783 2026-04-25T16:12:10.099Z monthly 0.6 https://detectionlint.org/library/sigma-service-reload-or-start---linux-5246ff79 2026-04-25T16:12:09.851Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-history-file-operations---linux-6e1a3550 2026-04-25T16:12:09.535Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-commands-linux-f46bcb8b 2026-04-25T16:12:09.289Z monthly 0.6 https://detectionlint.org/library/sigma-steganography-extract-files-with-steghide-d15f5d4e 2026-04-25T16:12:08.962Z monthly 0.6 https://detectionlint.org/library/sigma-steganography-hide-files-with-steghide-793c93de 2026-04-25T16:12:08.710Z monthly 0.6 https://detectionlint.org/library/sigma-screen-capture-with-xwd-f31872b2 2026-04-25T16:12:08.465Z monthly 0.6 https://detectionlint.org/library/sigma-screen-capture-with-import-tool-83f91d59 2026-04-25T16:12:08.225Z monthly 0.6 https://detectionlint.org/library/sigma-network-sniffing---linux-2d5c98de 2026-04-25T16:12:07.955Z monthly 0.6 https://detectionlint.org/library/sigma-modify-system-firewall-35b0529d 2026-04-25T16:12:07.710Z monthly 0.6 https://detectionlint.org/library/sigma-masquerading-as-linux-crond-process-6092aba5 2026-04-25T16:12:07.439Z monthly 0.6 https://detectionlint.org/library/sigma-steganography-hide-zip-information-in-picture-file-55d8c364 2026-04-25T16:12:07.186Z monthly 0.6 https://detectionlint.org/library/sigma-hidden-files-and-directories-b6e389ca 2026-04-25T16:12:06.945Z monthly 0.6 https://detectionlint.org/library/sigma-credentials-in-files---linux-fcdff3b0 2026-04-25T16:12:06.690Z monthly 0.6 https://detectionlint.org/library/sigma-file-or-folder-permissions-change-36b02ad1 2026-04-25T16:12:06.445Z monthly 0.6 https://detectionlint.org/library/sigma-overwriting-the-file-with-dev-zero-or-null-52b3ce61 2026-04-25T16:12:06.183Z monthly 0.6 https://detectionlint.org/library/sigma-data-exfiltration-with-wget-f0b69072 2026-04-25T16:12:05.938Z monthly 0.6 https://detectionlint.org/library/sigma-data-compressed-128191e5 2026-04-25T16:12:05.686Z monthly 0.6 https://detectionlint.org/library/sigma-possible-coin-miner-cpu-priority-param-0b3493e3 2026-04-25T16:12:05.437Z monthly 0.6 https://detectionlint.org/library/sigma-clipboard-collection-of-image-data-with-xclip-tool-e8e66d9c 2026-04-25T16:12:05.196Z monthly 0.6 https://detectionlint.org/library/sigma-clipboard-collection-with-xclip-tool---auditd-ca55e716 2026-04-25T16:12:04.945Z monthly 0.6 https://detectionlint.org/library/sigma-remove-immutable-file-attribute---auditd-b5d26da2 2026-04-25T16:12:04.689Z monthly 0.6 https://detectionlint.org/library/sigma-file-time-attribute-change---linux-46f8f46c 2026-04-25T16:12:04.431Z monthly 0.6 https://detectionlint.org/library/sigma-linux-capabilities-discovery-71fcd48b 2026-04-25T16:12:04.172Z monthly 0.6 https://detectionlint.org/library/sigma-bpfdoor-tcp-ports-redirect-22dbfba7 2026-04-25T16:12:03.925Z monthly 0.6 https://detectionlint.org/library/sigma-binary-padding---linux-d4b04043 2026-04-25T16:12:03.670Z monthly 0.6 https://detectionlint.org/library/sigma-potential-xterm-reverse-shell-55ba5926 2026-04-25T16:12:03.427Z monthly 0.6 https://detectionlint.org/library/sigma-download-file-to-potentially-suspicious-directory-via-wget-14737602 2026-04-25T16:12:03.180Z monthly 0.6 https://detectionlint.org/library/sigma-linux-webshell-indicators-f06ebe51 2026-04-25T16:12:02.921Z monthly 0.6 https://detectionlint.org/library/sigma-vim-gtfobin-abuse---linux-4455a563 2026-04-25T16:12:02.655Z monthly 0.6 https://detectionlint.org/library/sigma-user-added-to-rootsudoers-group-using-usermod-5058084b 2026-04-25T16:12:02.402Z monthly 0.6 https://detectionlint.org/library/sigma-user-has-been-deleted-via-userdel-9e496bef 2026-04-25T16:12:02.144Z monthly 0.6 https://detectionlint.org/library/sigma-triple-cross-ebpf-rootkit-install-commands-3343555d 2026-04-25T16:12:01.902Z monthly 0.6 https://detectionlint.org/library/sigma-triple-cross-ebpf-rootkit-execve-hijack-70cd33c6 2026-04-25T16:12:01.659Z monthly 0.6 https://detectionlint.org/library/sigma-touch-suspicious-service-file-fc23880d 2026-04-25T16:12:01.409Z monthly 0.6 https://detectionlint.org/library/sigma-mask-system-power-settings-via-systemctl-aec63f66 2026-04-25T16:12:01.166Z monthly 0.6 https://detectionlint.org/library/sigma-system-network-discovery---linux-a7b4fa79 2026-04-25T16:12:00.876Z monthly 0.6 https://detectionlint.org/library/sigma-system-network-connections-discovery---linux-d7a66b5f 2026-04-25T16:12:00.629Z monthly 0.6 https://detectionlint.org/library/sigma-system-information-discovery-b9ab4e09 2026-04-25T16:12:00.364Z monthly 0.6 https://detectionlint.org/library/sigma-execution-of-script-located-in-potentially-suspicious-direct-5e19a8ba 2026-04-25T16:12:00.100Z monthly 0.6 https://detectionlint.org/library/sigma-shell-execution-of-process-located-in-tmp-directory-295c097b 2026-04-25T16:11:59.814Z monthly 0.6 https://detectionlint.org/library/sigma-potential-suspicious-change-to-sensitivecritical-files-9fd7bb7e 2026-04-25T16:11:59.557Z monthly 0.6 https://detectionlint.org/library/sigma-script-interpreter-spawning-credential-scanner---linux-298071e0 2026-04-25T16:11:59.313Z monthly 0.6 https://detectionlint.org/library/sigma-linux-recon-indicators-dfe97623 2026-04-25T16:11:59.070Z monthly 0.6 https://detectionlint.org/library/sigma-access-of-sudoers-file-content-2e9a5c54 2026-04-25T16:11:58.826Z monthly 0.6 https://detectionlint.org/library/sigma-linux-shell-pipe-to-shell-6313cb57 2026-04-25T16:11:58.589Z monthly 0.6 https://detectionlint.org/library/sigma-linux-network-service-scanning-tools-execution-5fa056ac 2026-04-25T16:11:58.336Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-java-children-processes-0c4b2328 2026-04-25T16:11:58.062Z monthly 0.6 https://detectionlint.org/library/sigma-interactive-bash-suspicious-children-22b76a74 2026-04-25T16:11:57.811Z monthly 0.6 https://detectionlint.org/library/sigma-potential-container-discovery-via-inodes-listing-c92b7b7a 2026-04-25T16:11:57.535Z monthly 0.6 https://detectionlint.org/library/sigma-linux-hacktool-execution-a2feefb4 2026-04-25T16:11:57.290Z monthly 0.6 https://detectionlint.org/library/sigma-print-history-file-contents-dff05231 2026-04-25T16:11:57.050Z monthly 0.6 https://detectionlint.org/library/sigma-history-file-deletion-9c3bf792 2026-04-25T16:11:56.803Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-git-clone---linux-70b61cf2 2026-04-25T16:11:56.553Z monthly 0.6 https://detectionlint.org/library/sigma-potential-discovery-activity-using-find---linux-507cdcdb 2026-04-25T16:11:56.307Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-execution-from-tmp-folder-04e044d4 2026-04-25T16:11:55.959Z monthly 0.6 https://detectionlint.org/library/sigma-docker-container-discovery-via-dockerenv-listing-47eda222 2026-04-25T16:11:55.719Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-curl-change-user-agents---linux-fe850c31 2026-04-25T16:11:55.444Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-curl-file-upload---linux-d4e05d83 2026-04-25T16:11:55.198Z monthly 0.6 https://detectionlint.org/library/sigma-container-residence-discovery-via-proc-virtual-fs-9bc91159 2026-04-25T16:11:54.949Z monthly 0.6 https://detectionlint.org/library/sigma-chmod-suspicious-directory-2d14b134 2026-04-25T16:11:54.636Z monthly 0.6 https://detectionlint.org/library/sigma-potential-linux-amazon-ssm-agent-hijacking-a9dbff5d 2026-04-25T16:11:54.384Z monthly 0.6 https://detectionlint.org/library/sigma-shell-invocation-via-ssh---linux-ffc31b99 2026-04-25T16:11:54.141Z monthly 0.6 https://detectionlint.org/library/sigma-setuid-and-setgid-d26d29c1 2026-04-25T16:11:53.891Z monthly 0.6 https://detectionlint.org/library/sigma-disable-or-stop-services-b21aa1c2 2026-04-25T16:11:53.642Z monthly 0.6 https://detectionlint.org/library/sigma-disabling-security-tools-f129b384 2026-04-25T16:11:53.399Z monthly 0.6 https://detectionlint.org/library/sigma-security-software-discovery---linux-10acbe8b 2026-04-25T16:11:53.156Z monthly 0.6 https://detectionlint.org/library/sigma-scheduled-cron-taskjob---linux-f5e630f3 2026-04-25T16:11:52.914Z monthly 0.6 https://detectionlint.org/library/sigma-potential-ruby-reverse-shell-3b3a7c51 2026-04-25T16:11:52.666Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-invocation-of-shell-via-rsync-ad374726 2026-04-25T16:11:52.426Z monthly 0.6 https://detectionlint.org/library/sigma-shell-execution-via-rsync---linux-7e112d12 2026-04-25T16:11:52.191Z monthly 0.6 https://detectionlint.org/library/sigma-linux-package-uninstall-0f6f84bb 2026-04-25T16:11:51.936Z monthly 0.6 https://detectionlint.org/library/sigma-linux-remote-system-discovery-8b48e90f 2026-04-25T16:11:51.688Z monthly 0.6 https://detectionlint.org/library/sigma-remote-access-tool---team-viewer-session-started-on-linux-ho-e635367d 2026-04-25T16:11:51.441Z monthly 0.6 https://detectionlint.org/library/sigma-inline-python-execution---spawn-shell-via-os-system-library-069a5038 2026-04-25T16:11:51.196Z monthly 0.6 https://detectionlint.org/library/sigma-python-reverse-shell-execution-via-pty-and-socket-modules-4fab8055 2026-04-25T16:11:50.946Z monthly 0.6 https://detectionlint.org/library/sigma-python-spawning-pretty-tty-via-pty-module-f8ca2969 2026-04-25T16:11:50.698Z monthly 0.6 https://detectionlint.org/library/sigma-python-webserver-execution---linux-f91fbaf8 2026-04-25T16:11:50.453Z monthly 0.6 https://detectionlint.org/library/sigma-python-one-liners-with-base64-decoding---linux-a46c712b 2026-04-25T16:11:50.172Z monthly 0.6 https://detectionlint.org/library/sigma-pua---trufflehog-execution---linux-39a4e3fe 2026-04-25T16:11:49.923Z monthly 0.6 https://detectionlint.org/library/sigma-connection-proxy-4452c56f 2026-04-25T16:11:49.673Z monthly 0.6 https://detectionlint.org/library/sigma-pnscan-binary-data-transmission-activity-f7131fc2 2026-04-25T16:11:49.427Z monthly 0.6 https://detectionlint.org/library/sigma-potential-php-reverse-shell-0585ef7a 2026-04-25T16:11:49.181Z monthly 0.6 https://detectionlint.org/library/sigma-potential-perl-reverse-shell-execution-1f7e2b2f 2026-04-25T16:11:48.940Z monthly 0.6 https://detectionlint.org/library/sigma-omigod-scx-runasprovider-executeshellcommand-140dab57 2026-04-25T16:11:48.689Z monthly 0.6 https://detectionlint.org/library/sigma-omigod-scx-runasprovider-executescript-1a561192 2026-04-25T16:11:48.448Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-nohup-execution-70d4b79d 2026-04-25T16:11:48.185Z monthly 0.6 https://detectionlint.org/library/sigma-nohup-execution-f08acf39 2026-04-25T16:11:47.931Z monthly 0.6 https://detectionlint.org/library/sigma-shell-execution-via-nice---linux-6beba1bc 2026-04-25T16:11:47.680Z monthly 0.6 https://detectionlint.org/library/sigma-potential-netcat-reverse-shell-execution-b3d8c9ea 2026-04-25T16:11:47.420Z monthly 0.6 https://detectionlint.org/library/sigma-mount-execution-with-hidepid-parameter-bf48b91e 2026-04-25T16:11:47.161Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-named-pipe-created-via-mkfifo-520f24f4 2026-04-25T16:11:46.911Z monthly 0.6 https://detectionlint.org/library/sigma-named-pipe-created-via-mkfifo-b8661f6d 2026-04-25T16:11:46.671Z monthly 0.6 https://detectionlint.org/library/sigma-potential-gobrat-file-discovery-via-grep-3e29e82c 2026-04-25T16:11:46.429Z monthly 0.6 https://detectionlint.org/library/sigma-local-groups-discovery---linux-82ebbe2e 2026-04-25T16:11:46.185Z monthly 0.6 https://detectionlint.org/library/sigma-local-system-accounts-discovery---linux-2288be23 2026-04-25T16:11:45.935Z monthly 0.6 https://detectionlint.org/library/sigma-flush-iptables-ufw-chain-0ae9d53c 2026-04-25T16:11:45.681Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-package-installed---linux-b7538f9b 2026-04-25T16:11:45.427Z monthly 0.6 https://detectionlint.org/library/sigma-install-root-certificate-bb032f83 2026-04-25T16:11:45.185Z monthly 0.6 https://detectionlint.org/library/sigma-group-has-been-deleted-via-groupdel-15f27a5a 2026-04-25T16:11:44.941Z monthly 0.6 https://detectionlint.org/library/sigma-os-architecture-discovery-via-grep-0f2b9c81 2026-04-25T16:11:44.691Z monthly 0.6 https://detectionlint.org/library/sigma-shell-execution-via-git---linux-d4b5ccea 2026-04-25T16:11:44.434Z monthly 0.6 https://detectionlint.org/library/sigma-shell-execution-gcc---linux-f9ecc685 2026-04-25T16:11:44.173Z monthly 0.6 https://detectionlint.org/library/sigma-shell-execution-via-flock---linux-30eab4b6 2026-04-25T16:11:43.918Z monthly 0.6 https://detectionlint.org/library/sigma-shell-execution-via-find---linux-c4cfb631 2026-04-25T16:11:43.678Z monthly 0.6 https://detectionlint.org/library/sigma-file-deletion-11fcd016 2026-04-25T16:11:43.439Z monthly 0.6 https://detectionlint.org/library/sigma-file-and-directory-discovery---linux-1cdabc93 2026-04-25T16:11:43.191Z monthly 0.6 https://detectionlint.org/library/sigma-esxi-vsan-information-discovery-via-esxcli-2ad83ae8 2026-04-25T16:11:42.942Z monthly 0.6 https://detectionlint.org/library/sigma-esxi-vm-kill-via-esxcli-9052329d 2026-04-25T16:11:42.669Z monthly 0.6 https://detectionlint.org/library/sigma-esxi-vm-list-discovery-via-esxcli-f67cdcb6 2026-04-25T16:11:42.433Z monthly 0.6 https://detectionlint.org/library/sigma-esxi-account-creation-via-esxcli-487a4c1c 2026-04-25T16:11:42.192Z monthly 0.6 https://detectionlint.org/library/sigma-esxi-system-information-discovery-via-esxcli-0070047c 2026-04-25T16:11:41.949Z monthly 0.6 https://detectionlint.org/library/sigma-esxi-syslog-configuration-change-via-esxcli-c365e65f 2026-04-25T16:11:41.702Z monthly 0.6 https://detectionlint.org/library/sigma-esxi-storage-information-discovery-via-esxcli-fba45d48 2026-04-25T16:11:41.452Z monthly 0.6 https://detectionlint.org/library/sigma-esxi-admin-permission-assigned-to-account-via-esxcli-00717464 2026-04-25T16:11:41.188Z monthly 0.6 https://detectionlint.org/library/sigma-esxi-network-configuration-discovery-via-esxcli-7da17388 2026-04-25T16:11:40.839Z monthly 0.6 https://detectionlint.org/library/sigma-shell-invocation-via-env-command---linux-c3c83587 2026-04-25T16:11:40.578Z monthly 0.6 https://detectionlint.org/library/sigma-linux-doas-tool-execution-9acd64f9 2026-04-25T16:11:40.329Z monthly 0.6 https://detectionlint.org/library/sigma-ufw-force-stop-using-ufw-init-67c288b8 2026-04-25T16:11:40.068Z monthly 0.6 https://detectionlint.org/library/sigma-potential-linux-process-code-injection-via-dd-utility-1380fcc3 2026-04-25T16:11:39.817Z monthly 0.6 https://detectionlint.org/library/sigma-dd-file-overwrite-864cc354 2026-04-25T16:11:39.566Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-download-and-execute-pattern-via-curlwget-5260e1f6 2026-04-25T16:11:39.321Z monthly 0.6 https://detectionlint.org/library/sigma-curl-usage-on-linux-e12fced7 2026-04-25T16:11:39.069Z monthly 0.6 https://detectionlint.org/library/sigma-linux-crypto-mining-indicators-5e6041f1 2026-04-25T16:11:38.811Z monthly 0.6 https://detectionlint.org/library/sigma-remove-scheduled-cron-taskjob-048299ac 2026-04-25T16:11:38.567Z monthly 0.6 https://detectionlint.org/library/sigma-crontab-enumeration-26afa648 2026-04-25T16:11:38.328Z monthly 0.6 https://detectionlint.org/library/sigma-copy-passwd-or-shadow-from-tmp-path-fdf0a32b 2026-04-25T16:11:38.078Z monthly 0.6 https://detectionlint.org/library/sigma-clipboard-collection-with-xclip-tool-0bf5c63d 2026-04-25T16:11:37.824Z monthly 0.6 https://detectionlint.org/library/sigma-syslog-clearing-or-removal-via-system-utilities-acf84eac 2026-04-25T16:11:37.584Z monthly 0.6 https://detectionlint.org/library/sigma-clear-linux-logs-72303baf 2026-04-25T16:11:37.350Z monthly 0.6 https://detectionlint.org/library/sigma-linux-sudo-chroot-execution-db8911e3 2026-04-25T16:11:37.094Z monthly 0.6 https://detectionlint.org/library/sigma-remove-immutable-file-attribute-ef475db3 2026-04-25T16:11:36.835Z monthly 0.6 https://detectionlint.org/library/sigma-capsh-shell-invocation---linux-e2f8ca06 2026-04-25T16:11:36.577Z monthly 0.6 https://detectionlint.org/library/sigma-capabilities-discovery---linux-cc46db8b 2026-04-25T16:11:36.341Z monthly 0.6 https://detectionlint.org/library/sigma-linux-setuid-capability-set-on-a-binary-via-setcap-utility-f9aea03b 2026-04-25T16:11:36.098Z monthly 0.6 https://detectionlint.org/library/sigma-linux-setgid-capability-set-on-a-binary-via-setcap-utility-dbf7f735 2026-04-25T16:11:35.857Z monthly 0.6 https://detectionlint.org/library/sigma-bpftrace-unsafe-option-usage-15bedde7 2026-04-25T16:11:35.610Z monthly 0.6 https://detectionlint.org/library/sigma-enable-bpf-kprobes-tracing-417a5b50 2026-04-25T16:11:35.359Z monthly 0.6 https://detectionlint.org/library/sigma-bash-interactive-shell-99121a43 2026-04-25T16:11:35.109Z monthly 0.6 https://detectionlint.org/library/sigma-linux-base64-encoded-shebang-in-cli-0b7d2776 2026-04-25T16:11:34.857Z monthly 0.6 https://detectionlint.org/library/sigma-linux-base64-encoded-pipe-to-shell-3bca56b6 2026-04-25T16:11:34.594Z monthly 0.6 https://detectionlint.org/library/sigma-decode-base64-encoded-text-603792a4 2026-04-25T16:11:34.341Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-invocation-of-shell-via-awk---linux-e79ec9f1 2026-04-25T16:11:34.096Z monthly 0.6 https://detectionlint.org/library/sigma-kaspersky-endpoint-security-stopped-via-commandline---linux-6c49e173 2026-04-25T16:11:33.832Z monthly 0.6 https://detectionlint.org/library/sigma-audit-rules-deleted-via-auditctl-001ccae2 2026-04-25T16:11:33.581Z monthly 0.6 https://detectionlint.org/library/sigma-scheduled-taskjob-at-07b42b8e 2026-04-25T16:11:33.336Z monthly 0.6 https://detectionlint.org/library/sigma-shell-invocation-via-apt---linux-5e753ae1 2026-04-25T16:11:33.091Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-xml-execute-command-14b5cb6d 2026-04-25T16:11:32.842Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-x509enrollment---ps-script-ff20050a 2026-04-25T16:11:32.557Z monthly 0.6 https://detectionlint.org/library/sigma-wmimplant-hack-tool-8a9a2854 2026-04-25T16:11:32.318Z monthly 0.6 https://detectionlint.org/library/sigma-wmic-unquoted-services-path-lookup---powershell-0097243a 2026-04-25T16:11:32.073Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-wmi-persistence-c26e86fc 2026-04-25T16:11:31.814Z monthly 0.6 https://detectionlint.org/library/sigma-winlogon-helper-dll-5190e979 2026-04-25T16:11:31.572Z monthly 0.6 https://detectionlint.org/library/sigma-windows-firewall-profile-disabled-82a2c691 2026-04-25T16:11:31.320Z monthly 0.6 https://detectionlint.org/library/sigma-windows-defender-exclusions-added---powershell-33c7095a 2026-04-25T16:11:31.078Z monthly 0.6 https://detectionlint.org/library/sigma-potential-winapi-calls-via-powershell-scripts-c0081bb2 2026-04-25T16:11:30.827Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-wmi-win32_product-install-msi-49de00ca 2026-04-25T16:11:30.579Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-call-to-win32_nteventlogfile-class----e0c52e1b 2026-04-25T16:11:30.334Z monthly 0.6 https://detectionlint.org/library/sigma-usage-of-web-request-commands-and-cmdlets---scriptblock-5ee23f49 2026-04-25T16:11:30.079Z monthly 0.6 https://detectionlint.org/library/sigma-veeam-backup-servers-credential-dumping-script-execution-cbff2f92 2026-04-25T16:11:29.840Z monthly 0.6 https://detectionlint.org/library/sigma-registry-modification-attempt-via-vbscript---powershell-cf69bd42 2026-04-25T16:11:29.585Z monthly 0.6 https://detectionlint.org/library/sigma-abuse-of-service-permissions-to-hide-services-via-set-servic-5ca40d0a 2026-04-25T16:11:29.349Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-via-powershell-user-profile-using-add--d6834f8e 2026-04-25T16:11:29.092Z monthly 0.6 https://detectionlint.org/library/sigma-user-discovery-and-export-via-get-aduser-cmdlet---powershell-1d902a45 2026-04-25T16:11:28.844Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-timestomp-bdc10cee 2026-04-25T16:11:28.596Z monthly 0.6 https://detectionlint.org/library/sigma-testing-usage-of-uncommonly-used-port-8febac78 2026-04-25T16:11:28.347Z monthly 0.6 https://detectionlint.org/library/sigma-tamper-windows-defender---scriptblocklogging-ade7b67a 2026-04-25T16:11:28.102Z monthly 0.6 https://detectionlint.org/library/sigma-tamper-windows-defender-remove-mppreference---scriptblocklog-558223e0 2026-04-25T16:11:27.866Z monthly 0.6 https://detectionlint.org/library/sigma-syncappvpublishingserver-execution-to-bypass-powershell-rest-14fe623d 2026-04-25T16:11:27.613Z monthly 0.6 https://detectionlint.org/library/sigma-zip-a-folder-with-powershell-for-staging-in-temp---powershel-912b9f1a 2026-04-25T16:11:27.362Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-write-eventlog-usage-da62ddf7 2026-04-25T16:11:27.117Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-powershell-windowstyle-option-13b69eae 2026-04-25T16:11:26.866Z monthly 0.6 https://detectionlint.org/library/sigma-deletion-of-volume-shadow-copies-via-wmi-with-powershell---p-721cb0a6 2026-04-25T16:11:26.592Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-suspicious-win32_pnpentity-d2574fc1 2026-04-25T16:11:26.349Z monthly 0.6 https://detectionlint.org/library/sigma-replace-desktop-wallpaper-by-powershell-66ead16a 2026-04-25T16:11:26.098Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-unblock-file-266582a9 2026-04-25T16:11:25.841Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-start-process-passthru-0f575af6 2026-04-25T16:11:25.510Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-ssl-connection-a5b7e19b 2026-04-25T16:11:25.265Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-get-information-for-smb-share-230a4d90 2026-04-25T16:11:25.022Z monthly 0.6 https://detectionlint.org/library/sigma-potential-powershell-obfuscation-using-alias-cmdlets-00b68147 2026-04-25T16:11:24.773Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-service-dacl-modification-via-set-service-cmdlet--298127fc 2026-04-25T16:11:24.532Z monthly 0.6 https://detectionlint.org/library/sigma-remove-account-from-domain-admin-group-039c163f 2026-04-25T16:11:24.272Z monthly 0.6 https://detectionlint.org/library/sigma-recon-information-for-export-with-powershell-22eb9521 2026-04-25T16:11:24.027Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-tcp-tunnel-via-powershell-script-8b93f93f 2026-04-25T16:11:23.740Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-new-psdrive-to-admin-share-eb48c5db 2026-04-25T16:11:23.499Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-connection-to-remote-account-835eb5fa 2026-04-25T16:11:23.241Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-deleted-mounted-share-8c2d02c6 2026-04-25T16:11:22.995Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-mount-diskimage-ae427ae9 2026-04-25T16:11:22.732Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-local-email-collection-3f2eacce 2026-04-25T16:11:22.485Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-get-local-groups-information---powershell-1cf1b2a0 2026-04-25T16:11:22.237Z monthly 0.6 https://detectionlint.org/library/sigma-potential-suspicious-powershell-keywords-7c244db1 2026-04-25T16:11:21.965Z monthly 0.6 https://detectionlint.org/library/sigma-potential-keylogger-activity-b98325e9 2026-04-25T16:11:21.708Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-iofilestream-01d7d599 2026-04-25T16:11:21.458Z monthly 0.6 https://detectionlint.org/library/sigma-change-user-agents-with-webrequest-8b4b7641 2026-04-25T16:11:21.215Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-powershell-invocations---specific-b951802e 2026-04-25T16:11:20.966Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-powershell-invocations---generic-54a102fa 2026-04-25T16:11:20.705Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-hyper-v-cmdlets-20e12138 2026-04-25T16:11:20.457Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-gettypefromclsid-shellexecute-3e601566 2026-04-25T16:11:20.215Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-get-process-lsass-in-scriptblock-abb5e825 2026-04-25T16:11:19.965Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-process-discovery-with-get-process-fc05a6f8 2026-04-25T16:11:19.705Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-gpo-discovery-with-get-gpo-fcb9aee5 2026-04-25T16:11:19.458Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-powershell-get-current-user-1b7cf01d 2026-04-25T16:11:19.206Z monthly 0.6 https://detectionlint.org/library/sigma-password-policy-discovery-with-get-addefaultdomainpasswordpo-5e88b036 2026-04-25T16:11:18.956Z monthly 0.6 https://detectionlint.org/library/sigma-troubleshooting-pack-cmdlet-execution-707b2f86 2026-04-25T16:11:18.708Z monthly 0.6 https://detectionlint.org/library/sigma-extracting-information-with-powershell-1cf114f5 2026-04-25T16:11:18.472Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-execute-batch-script-3522cc21 2026-04-25T16:11:18.222Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-powershell-download---powershell-script-3f76608f 2026-04-25T16:11:17.967Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-directory-enumeration-4cbe5af4 2026-04-25T16:11:17.716Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-eventlog-clear-9a86da6d 2026-04-25T16:11:17.467Z monthly 0.6 https://detectionlint.org/library/sigma-potential-powershell-obfuscation-using-character-join-0e0ef5c8 2026-04-25T16:11:17.213Z monthly 0.6 https://detectionlint.org/library/sigma-ad-groups-or-users-enumeration-using-powershell---scriptbloc-695b84b0 2026-04-25T16:11:16.978Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-via-security-descriptors---scriptblock-a44aa654 2026-04-25T16:11:16.735Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-store-file-in-alternate-data-stream-ac7e771b 2026-04-25T16:11:16.493Z monthly 0.6 https://detectionlint.org/library/sigma-detected-windows-software-discovery---powershell-959354ea 2026-04-25T16:11:16.242Z monthly 0.6 https://detectionlint.org/library/sigma-malicious-shellintel-powershell-commandlets-1ad131b7 2026-04-25T16:11:15.992Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-shellcode-ff77d543 2026-04-25T16:11:15.746Z monthly 0.6 https://detectionlint.org/library/sigma-change-powershell-policies-to-an-insecure-level---powershell-6b22b572 2026-04-25T16:11:15.478Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-set-acl-on-windows-folder---psscript-bed67c02 2026-04-25T16:11:15.212Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-script-change-permission-via-set-acl---psscript-db4829d6 2026-04-25T16:11:14.966Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-sensitive-file-discovery-beabde6d 2026-04-25T16:11:14.707Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-script-with-file-upload-capabilities-227a8809 2026-04-25T16:11:14.463Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-invoke-item-from-mount-diskimage-f0c8524b 2026-04-25T16:11:14.220Z monthly 0.6 https://detectionlint.org/library/sigma-root-certificate-installed---powershell-e951a55d 2026-04-25T16:11:13.978Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-script-with-file-hostname-resolving-capabilities-d404b803 2026-04-25T16:11:13.738Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-kerberos-ticket-request-via-powershell-script---s-bf1771f8 2026-04-25T16:11:13.482Z monthly 0.6 https://detectionlint.org/library/sigma-potential-remotefxvgpudisablementexe-abuse---powershell-scri-ade27529 2026-04-25T16:11:13.231Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-remote-session-creation-0452efd9 2026-04-25T16:11:12.970Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-psattack-72299ccf 2026-04-25T16:11:12.728Z monthly 0.6 https://detectionlint.org/library/sigma-psasyncshell---asynchronous-tcp-reverse-shell-d21602cc 2026-04-25T16:11:12.480Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-credential-prompt-19493adc 2026-04-25T16:11:12.239Z monthly 0.6 https://detectionlint.org/library/sigma-powerview-powershell-cmdlets---scriptblock-130330cd 2026-04-25T16:11:11.974Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-web-access-installation---psscript-995bb2ba 2026-04-25T16:11:11.706Z monthly 0.6 https://detectionlint.org/library/sigma-potential-unconstrained-delegation-discovery-via-get-adcompu-a1ef22b7 2026-04-25T16:11:11.461Z monthly 0.6 https://detectionlint.org/library/sigma-potential-invoke-mimikatz-powershell-script-69247510 2026-04-25T16:11:11.213Z monthly 0.6 https://detectionlint.org/library/sigma-potential-packet-capture-activity-via-start-neteventsession--ff6893ac 2026-04-25T16:11:10.949Z monthly 0.6 https://detectionlint.org/library/sigma-code-executed-via-office-add-in-xll-file-1eef0f77 2026-04-25T16:11:10.691Z monthly 0.6 https://detectionlint.org/library/sigma-ntfs-alternate-data-stream-a4010730 2026-04-25T16:11:10.347Z monthly 0.6 https://detectionlint.org/library/sigma-malicious-nishang-powershell-commandlets-9b745ee7 2026-04-25T16:11:10.088Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-msxml-com-object-ceee9e0f 2026-04-25T16:11:09.848Z monthly 0.6 https://detectionlint.org/library/sigma-modify-group-policy-settings---scriptblocklogging-f42d366f 2026-04-25T16:11:09.596Z monthly 0.6 https://detectionlint.org/library/sigma-dmsa-link-attributes-modified-2ee89019 2026-04-25T16:11:09.346Z monthly 0.6 https://detectionlint.org/library/sigma-live-memory-dump-using-powershell-5fb92954 2026-04-25T16:11:09.085Z monthly 0.6 https://detectionlint.org/library/sigma-malicious-powershell-keywords-0154e848 2026-04-25T16:11:08.842Z monthly 0.6 https://detectionlint.org/library/sigma-malicious-powershell-commandlets---scriptblock-a637b4f5 2026-04-25T16:11:08.592Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-powershell-mailbox-export-to-share---ps-2c46108e 2026-04-25T16:11:08.341Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-localaccount-manipulation-813cb90c 2026-04-25T16:11:08.056Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-keylogging-dd24faf4 2026-04-25T16:11:07.799Z monthly 0.6 https://detectionlint.org/library/sigma-invoke-obfuscation-var-launcher-obfuscation---powershell-cb2a44f3 2026-04-25T16:11:07.562Z monthly 0.6 https://detectionlint.org/library/sigma-invoke-obfuscation-via-use-rundll32---powershell-05bce5d2 2026-04-25T16:11:07.304Z monthly 0.6 https://detectionlint.org/library/sigma-invoke-obfuscation-via-use-mshta---powershell-99e42124 2026-04-25T16:11:07.051Z monthly 0.6 https://detectionlint.org/library/sigma-invoke-obfuscation-via-use-clip---powershell-63fff7c0 2026-04-25T16:11:06.800Z monthly 0.6 https://detectionlint.org/library/sigma-invoke-obfuscation-via-stdin---powershell-143fefaa 2026-04-25T16:11:06.548Z monthly 0.6 https://detectionlint.org/library/sigma-invoke-obfuscation-rundll-launcher---powershell-726eaa70 2026-04-25T16:11:06.287Z monthly 0.6 https://detectionlint.org/library/sigma-invoke-obfuscation-compress-obfuscation---powershell-6648e411 2026-04-25T16:11:06.048Z monthly 0.6 https://detectionlint.org/library/sigma-invoke-obfuscation-var-launcher---powershell-3e96a272 2026-04-25T16:11:05.795Z monthly 0.6 https://detectionlint.org/library/sigma-invoke-obfuscation-stdin-launcher---powershell-a69eb3b2 2026-04-25T16:11:05.547Z monthly 0.6 https://detectionlint.org/library/sigma-invoke-obfuscation-obfuscated-iex-invocation---powershell-9c509ec1 2026-04-25T16:11:05.303Z monthly 0.6 https://detectionlint.org/library/sigma-invoke-obfuscation-clip-launcher---powershell-b69fe40d 2026-04-25T16:11:05.061Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-dnsexfiltration-6512497a 2026-04-25T16:11:04.819Z monthly 0.6 https://detectionlint.org/library/sigma-execute-invoke-command-on-remote-host-aaad15c6 2026-04-25T16:11:04.568Z monthly 0.6 https://detectionlint.org/library/sigma-unsigned-appx-installation-attempt-using-add-appxpackage---p-c7fa3b9b 2026-04-25T16:11:04.328Z monthly 0.6 https://detectionlint.org/library/sigma-import-powershell-modules-from-suspicious-directories-2ea8a175 2026-04-25T16:11:04.072Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-icmp-exfiltration-53d84dc0 2026-04-25T16:11:03.825Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-hotfix-enumeration-66d34c25 2026-04-25T16:11:03.568Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---winpwn-execution---scriptblock-3cfaba80 2026-04-25T16:11:03.323Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---rubeus-execution---scriptblock-c980a655 2026-04-25T16:11:03.072Z monthly 0.6 https://detectionlint.org/library/sigma-security-software-discovery-via-powershell-script-2bd6e3fc 2026-04-25T16:11:02.822Z monthly 0.6 https://detectionlint.org/library/sigma-automated-collection-bookmarks-using-get-childitem-powershel-4f285fe9 2026-04-25T16:11:02.562Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-get-adreplaccount-644ee411 2026-04-25T16:11:02.326Z monthly 0.6 https://detectionlint.org/library/sigma-active-directory-group-enumeration-with-get-adgroup-76606aa1 2026-04-25T16:11:02.072Z monthly 0.6 https://detectionlint.org/library/sigma-active-directory-computers-enumeration-with-get-adcomputer-8abff1b3 2026-04-25T16:11:01.822Z monthly 0.6 https://detectionlint.org/library/sigma-service-registry-permissions-weakness-check-0c403fa4 2026-04-25T16:11:01.577Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-frombase64string-usage-on-gzip-archive---ps-scrip-9f64b371 2026-04-25T16:11:01.326Z monthly 0.6 https://detectionlint.org/library/sigma-certificate-exported-via-powershell---scriptblock-cf02a05b 2026-04-25T16:11:01.070Z monthly 0.6 https://detectionlint.org/library/sigma-disable-of-etw-trace---powershell-feb9ea2f 2026-04-25T16:11:00.810Z monthly 0.6 https://detectionlint.org/library/sigma-enumerate-credentials-from-windows-credential-manager-with-p-6895d157 2026-04-25T16:11:00.559Z monthly 0.6 https://detectionlint.org/library/sigma-potential-suspicious-windows-feature-enabled-c25eb9e4 2026-04-25T16:11:00.320Z monthly 0.6 https://detectionlint.org/library/sigma-enable-windows-remote-management-5b196e01 2026-04-25T16:11:00.057Z monthly 0.6 https://detectionlint.org/library/sigma-dump-credentials-from-windows-credential-manager-with-powers-1c0ca2b7 2026-04-25T16:10:59.776Z monthly 0.6 https://detectionlint.org/library/sigma-dsinternals-suspicious-powershell-cmdlets---scriptblock-b29d67eb 2026-04-25T16:10:59.513Z monthly 0.6 https://detectionlint.org/library/sigma-potential-com-objects-download-cradles-usage---ps-script-3733cb69 2026-04-25T16:10:59.269Z monthly 0.6 https://detectionlint.org/library/sigma-potential-in-memory-execution-using-reflectionassembly-7a9fb8ed 2026-04-25T16:10:59.023Z monthly 0.6 https://detectionlint.org/library/sigma-disable-windowsoptionalfeature-command-powershell-14aa0083 2026-04-25T16:10:58.748Z monthly 0.6 https://detectionlint.org/library/sigma-disable-powershell-command-history-1a38bd2b 2026-04-25T16:10:58.500Z monthly 0.6 https://detectionlint.org/library/sigma-manipulation-of-user-computer-or-group-security-principals-a-f78740bf 2026-04-25T16:10:58.242Z monthly 0.6 https://detectionlint.org/library/sigma-directorysearcher-powershell-exploitation-a141d1f4 2026-04-25T16:10:57.994Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-detect-virtualization-environment-d43b6636 2026-04-25T16:10:57.750Z monthly 0.6 https://detectionlint.org/library/sigma-create-volume-shadow-copy-with-powershell-dc853cce 2026-04-25T16:10:57.486Z monthly 0.6 https://detectionlint.org/library/sigma-dmsa-service-account-created-in-specific-ous---powershell-541aa78a 2026-04-25T16:10:57.232Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-create-local-user-fd7dd1cb 2026-04-25T16:10:56.978Z monthly 0.6 https://detectionlint.org/library/sigma-registry-free-process-scope-cor_profiler-6ed1ba44 2026-04-25T16:10:56.717Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-install-a-dll-in-system-directory-74f7a5a3 2026-04-25T16:10:56.477Z monthly 0.6 https://detectionlint.org/library/sigma-computer-discovery-and-export-via-get-adcomputer-cmdlet---po-5f9592ee 2026-04-25T16:10:56.236Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-create-scheduled-task-ecb1db69 2026-04-25T16:10:55.988Z monthly 0.6 https://detectionlint.org/library/sigma-clearing-windows-console-history-70266005 2026-04-25T16:10:55.738Z monthly 0.6 https://detectionlint.org/library/sigma-clear-powershell-history---powershell-e0585c6b 2026-04-25T16:10:55.397Z monthly 0.6 https://detectionlint.org/library/sigma-windows-screen-capture-with-copyfromscreen-3d93ad51 2026-04-25T16:10:55.144Z monthly 0.6 https://detectionlint.org/library/sigma-automated-collection-command-powershell-b843c0fc 2026-04-25T16:10:54.889Z monthly 0.6 https://detectionlint.org/library/sigma-potential-data-exfiltration-via-audio-file-09165f3c 2026-04-25T16:10:54.640Z monthly 0.6 https://detectionlint.org/library/sigma-get-aduser-enumeration-using-useraccountcontrol-flags-637bec57 2026-04-25T16:10:54.400Z monthly 0.6 https://detectionlint.org/library/sigma-silenceeda-detection-73a67d10 2026-04-25T16:10:54.154Z monthly 0.6 https://detectionlint.org/library/sigma-potential-amsi-bypass-script-using-null-bits-b501bd8c 2026-04-25T16:10:53.913Z monthly 0.6 https://detectionlint.org/library/sigma-amsi-bypass-pattern-assembly-gettype-50a83c2f 2026-04-25T16:10:53.660Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-adrecon-execution-7632545c 2026-04-25T16:10:53.407Z monthly 0.6 https://detectionlint.org/library/sigma-add-windows-capability-via-powershell-script-7d54af0f 2026-04-25T16:10:53.165Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-add-name-resolution-policy-table-rule-45b49889 2026-04-25T16:10:52.929Z monthly 0.6 https://detectionlint.org/library/sigma-potential-active-directory-enumeration-using-ad-module---pss-34df927f 2026-04-25T16:10:52.691Z monthly 0.6 https://detectionlint.org/library/sigma-access-to-browser-login-data-72034c79 2026-04-25T16:10:52.447Z monthly 0.6 https://detectionlint.org/library/sigma-aadinternals-powershell-cmdlets-execution---psscript-3b25182b 2026-04-25T16:10:52.201Z monthly 0.6 https://detectionlint.org/library/sigma-syncappvpublishingserver-bypass-powershell-restriction---ps--508ec319 2026-04-25T16:10:51.959Z monthly 0.6 https://detectionlint.org/library/sigma-zip-a-folder-with-powershell-for-staging-in-temp---powershel-009ea69d 2026-04-25T16:10:51.711Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-get-information-for-smb-share---powershell-module-6d40beb1 2026-04-25T16:10:51.450Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-computer-machine-password-by-powershell-9f49d9ac 2026-04-25T16:10:51.207Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-get-local-groups-information-ccc02f66 2026-04-25T16:10:50.944Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-powershell-invocations---specific---powershell-mo-76d15abc 2026-04-25T16:10:50.694Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-powershell-invocations---generic---powershell-mod-07fa9c04 2026-04-25T16:10:50.452Z monthly 0.6 https://detectionlint.org/library/sigma-use-get-nettcpconnection---powershell-module-cc16b386 2026-04-25T16:10:50.213Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-powershell-download---poshmodule-5da5813a 2026-04-25T16:10:49.958Z monthly 0.6 https://detectionlint.org/library/sigma-ad-groups-or-users-enumeration-using-powershell---poshmodule-429d6f73 2026-04-25T16:10:49.713Z monthly 0.6 https://detectionlint.org/library/sigma-potential-remotefxvgpudisablementexe-abuse---powershell-modu-b58ef812 2026-04-25T16:10:49.460Z monthly 0.6 https://detectionlint.org/library/sigma-remote-powershell-session-ps-module-a2956dd6 2026-04-25T16:10:49.220Z monthly 0.6 https://detectionlint.org/library/sigma-malicious-powershell-commandlets---poshmodule-984dfcdf 2026-04-25T16:10:48.975Z monthly 0.6 https://detectionlint.org/library/sigma-invoke-obfuscation-var-launcher-obfuscation---powershell-mod-86375d84 2026-04-25T16:10:48.721Z monthly 0.6 https://detectionlint.org/library/sigma-invoke-obfuscation-via-use-rundll32---powershell-module-e92434a3 2026-04-25T16:10:48.477Z monthly 0.6 https://detectionlint.org/library/sigma-invoke-obfuscation-via-use-mshta---powershell-module-92b808ef 2026-04-25T16:10:48.226Z monthly 0.6 https://detectionlint.org/library/sigma-invoke-obfuscation-via-use-clip---powershell-module-7c10836e 2026-04-25T16:10:47.978Z monthly 0.6 https://detectionlint.org/library/sigma-invoke-obfuscation-via-stdin---powershell-module-cc20c83a 2026-04-25T16:10:47.732Z monthly 0.6 https://detectionlint.org/library/sigma-invoke-obfuscation-rundll-launcher---powershell-module-59c9280c 2026-04-25T16:10:47.484Z monthly 0.6 https://detectionlint.org/library/sigma-invoke-obfuscation-compress-obfuscation---powershell-module-9389964f 2026-04-25T16:10:47.227Z monthly 0.6 https://detectionlint.org/library/sigma-invoke-obfuscation-var-launcher---powershell-module-d5dc1c83 2026-04-25T16:10:46.949Z monthly 0.6 https://detectionlint.org/library/sigma-invoke-obfuscation-stdin-launcher---powershell-module-4a967e38 2026-04-25T16:10:46.689Z monthly 0.6 https://detectionlint.org/library/sigma-invoke-obfuscation-obfuscated-iex-invocation---powershell-mo-141b3330 2026-04-25T16:10:46.445Z monthly 0.6 https://detectionlint.org/library/sigma-invoke-obfuscation-clip-launcher---powershell-module-ed47b829 2026-04-25T16:10:46.200Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---evil-winrm-execution---powershell-module-5f9962f6 2026-04-25T16:10:45.960Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-get-clipboard-88254f9c 2026-04-25T16:10:45.716Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-get-addbaccount-usage-5f44f97a 2026-04-25T16:10:45.465Z monthly 0.6 https://detectionlint.org/library/sigma-malicious-powershell-scripts---poshmodule-0805f4f0 2026-04-25T16:10:45.202Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-decompress-commands-484afad7 2026-04-25T16:10:44.955Z monthly 0.6 https://detectionlint.org/library/sigma-clear-powershell-history---powershell-module-f1f0ed8b 2026-04-25T16:10:44.710Z monthly 0.6 https://detectionlint.org/library/sigma-bad-opsec-powershell-code-artifacts-2395f144 2026-04-25T16:10:44.459Z monthly 0.6 https://detectionlint.org/library/sigma-alternate-powershell-hosts---powershell-module-8896c908 2026-04-25T16:10:44.222Z monthly 0.6 https://detectionlint.org/library/sigma-potential-active-directory-enumeration-using-ad-module---psm-dfdc9c6c 2026-04-25T16:10:43.978Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-non-powershell-wsman-com-provider-7fd60d2d 2026-04-25T16:10:43.715Z monthly 0.6 https://detectionlint.org/library/sigma-tamper-windows-defender---psclassic-9f696edf 2026-04-25T16:10:43.459Z monthly 0.6 https://detectionlint.org/library/sigma-zip-a-folder-with-powershell-for-staging-in-temp---powershel-bbe6188e 2026-04-25T16:10:43.217Z monthly 0.6 https://detectionlint.org/library/sigma-use-get-nettcpconnection-5aaea336 2026-04-25T16:10:42.971Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-powershell-download-f17ec405 2026-04-25T16:10:42.727Z monthly 0.6 https://detectionlint.org/library/sigma-renamed-powershell-under-powershell-channel-8543bbad 2026-04-25T16:10:42.490Z monthly 0.6 https://detectionlint.org/library/sigma-potential-remotefxvgpudisablementexe-abuse-1ad54b27 2026-04-25T16:10:42.223Z monthly 0.6 https://detectionlint.org/library/sigma-remote-powershell-session-ps-classic-bfa7734f 2026-04-25T16:10:41.976Z monthly 0.6 https://detectionlint.org/library/sigma-netcat-the-powershell-version-5a5bb4a9 2026-04-25T16:10:41.737Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-called-from-an-executable-version-mismatch-68dd66f1 2026-04-25T16:10:41.477Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-downgrade-attack---powershell-ab0fe7d4 2026-04-25T16:10:41.202Z monthly 0.6 https://detectionlint.org/library/sigma-delete-volume-shadow-copies-via-wmi-with-powershell-a841dc84 2026-04-25T16:10:40.959Z monthly 0.6 https://detectionlint.org/library/sigma-nslookup-powershell-download-cradle-201b6e3b 2026-04-25T16:10:40.715Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-wsman-provider-image-loads-9015c1d0 2026-04-25T16:10:40.456Z monthly 0.6 https://detectionlint.org/library/sigma-wmiprvse-wbemcomn-dll-hijack-f6edb7f6 2026-04-25T16:10:40.111Z monthly 0.6 https://detectionlint.org/library/sigma-wmic-loading-scripting-libraries-70c482ca 2026-04-25T16:10:39.862Z monthly 0.6 https://detectionlint.org/library/sigma-wmi-persistence---command-line-event-consumer-357b643e 2026-04-25T16:10:39.616Z monthly 0.6 https://detectionlint.org/library/sigma-trusted-path-bypass-via-windows-directory-spoofing-b61da999 2026-04-25T16:10:39.346Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-loading-of-dbgcoredbghelp-dlls-from-uncommon-loca-16c29eb5 2026-04-25T16:10:39.089Z monthly 0.6 https://detectionlint.org/library/sigma-mmc-loading-script-engines-dlls-fe8ee700 2026-04-25T16:10:38.842Z monthly 0.6 https://detectionlint.org/library/sigma-uac-bypass-with-fake-dll-e43aba4f 2026-04-25T16:10:38.577Z monthly 0.6 https://detectionlint.org/library/sigma-uac-bypass-using-iscsicpl---imageload-dbdae13b 2026-04-25T16:10:38.329Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-unsigned-thor-scanner-execution-0dd9e216 2026-04-25T16:10:38.086Z monthly 0.6 https://detectionlint.org/library/sigma-unsigned-dll-loaded-by-windows-utility-3a3316af 2026-04-25T16:10:37.828Z monthly 0.6 https://detectionlint.org/library/sigma-dotnet-clr-dll-loaded-by-scripting-applications-08cfc0a6 2026-04-25T16:10:37.598Z monthly 0.6 https://detectionlint.org/library/sigma-python-image-load-by-non-python-process-ef21ecf9 2026-04-25T16:10:37.338Z monthly 0.6 https://detectionlint.org/library/sigma-dll-load-by-system-process-from-suspicious-locations-0b0459d5 2026-04-25T16:10:37.079Z monthly 0.6 https://detectionlint.org/library/sigma-unsigned-module-loaded-by-clickonce-application-20012203 2026-04-25T16:10:36.836Z monthly 0.6 https://detectionlint.org/library/sigma-baaupdateexe-suspicious-dll-load-58bf3ae6 2026-04-25T16:10:36.596Z monthly 0.6 https://detectionlint.org/library/sigma-potential-wwlibdll-sideloading-c1551400 2026-04-25T16:10:36.323Z monthly 0.6 https://detectionlint.org/library/sigma-potential-mpclientdll-sideloading-7bc7774d 2026-04-25T16:10:36.091Z monthly 0.6 https://detectionlint.org/library/sigma-potential-wazuh-security-platform-dll-sideloading-549e20f4 2026-04-25T16:10:35.837Z monthly 0.6 https://detectionlint.org/library/sigma-potential-waveeditdll-sideloading-631b95e4 2026-04-25T16:10:35.556Z monthly 0.6 https://detectionlint.org/library/sigma-potential-dll-sideloading-via-vmware-xfer-4301467f 2026-04-25T16:10:35.310Z monthly 0.6 https://detectionlint.org/library/sigma-vmmap-unsigned-dbghelpdll-potential-sideloading-a479fb2b 2026-04-25T16:10:35.069Z monthly 0.6 https://detectionlint.org/library/sigma-vmmap-signed-dbghelpdll-potential-sideloading-d52642c6 2026-04-25T16:10:34.826Z monthly 0.6 https://detectionlint.org/library/sigma-vmguestlib-dll-sideload-b2d66fa4 2026-04-25T16:10:34.568Z monthly 0.6 https://detectionlint.org/library/sigma-potential-vivaldi_elfdll-sideloading-f22e4ea1 2026-04-25T16:10:34.317Z monthly 0.6 https://detectionlint.org/library/sigma-fax-service-dll-search-order-hijack-3e971f9b 2026-04-25T16:10:34.074Z monthly 0.6 https://detectionlint.org/library/sigma-third-party-software-dll-sideloading-8bc8cdee 2026-04-25T16:10:33.828Z monthly 0.6 https://detectionlint.org/library/sigma-potential-solidpdfcreatordll-sideloading-0d9482fd 2026-04-25T16:10:33.575Z monthly 0.6 https://detectionlint.org/library/sigma-potential-smadhookdll-sideloading-824f4c36 2026-04-25T16:10:33.315Z monthly 0.6 https://detectionlint.org/library/sigma-potential-shelldispatchdll-sideloading-49c310f1 2026-04-25T16:10:33.073Z monthly 0.6 https://detectionlint.org/library/sigma-dll-sideloading-of-shellchromeapidll-ab50fd80 2026-04-25T16:10:32.824Z monthly 0.6 https://detectionlint.org/library/sigma-potential-roboformdll-sideloading-12ed1921 2026-04-25T16:10:32.578Z monthly 0.6 https://detectionlint.org/library/sigma-potential-rjvplatformdll-sideloading-from-non-default-locati-f0d5286c 2026-04-25T16:10:32.318Z monthly 0.6 https://detectionlint.org/library/sigma-potential-rjvplatformdll-sideloading-from-default-location-3908c6b6 2026-04-25T16:10:32.066Z monthly 0.6 https://detectionlint.org/library/sigma-potential-rcdlldll-sideloading-6c5a7aef 2026-04-25T16:10:31.825Z monthly 0.6 https://detectionlint.org/library/sigma-potential-python-dll-sideloading-6a8d6e90 2026-04-25T16:10:31.579Z monthly 0.6 https://detectionlint.org/library/sigma-microsoft-office-dll-sideload-130e77d9 2026-04-25T16:10:31.326Z monthly 0.6 https://detectionlint.org/library/sigma-potential-dll-sideloading-of-non-existent-dlls-from-system-f-bb4841d7 2026-04-25T16:10:31.075Z monthly 0.6 https://detectionlint.org/library/sigma-potential-dll-sideloading-of-mscorsvcdll-e4293979 2026-04-25T16:10:30.824Z monthly 0.6 https://detectionlint.org/library/sigma-potential-dll-sideloading-of-mpsvcdll-79c4f356 2026-04-25T16:10:30.583Z monthly 0.6 https://detectionlint.org/library/sigma-unsigned-mfdetoursdll-sideloading-66eb8dfa 2026-04-25T16:10:30.332Z monthly 0.6 https://detectionlint.org/library/sigma-potential-mfdetoursdll-sideloading-bb4dd3cb 2026-04-25T16:10:30.085Z monthly 0.6 https://detectionlint.org/library/sigma-potential-libvlcdll-sideloading-9f22dce2 2026-04-25T16:10:29.811Z monthly 0.6 https://detectionlint.org/library/sigma-potential-dll-sideloading-of-keyscrambleriedll-via-keyscramb-7d32c887 2026-04-25T16:10:29.554Z monthly 0.6 https://detectionlint.org/library/sigma-potential-dll-sideloading-via-jsschhlp-0b11514f 2026-04-25T16:10:29.315Z monthly 0.6 https://detectionlint.org/library/sigma-potential-jlidll-side-loading-47925463 2026-04-25T16:10:29.066Z monthly 0.6 https://detectionlint.org/library/sigma-potential-iviewersdll-sideloading-945a364a 2026-04-25T16:10:28.819Z monthly 0.6 https://detectionlint.org/library/sigma-potential-dll-sideloading-of-libcurldll-via-gupexe-3592e31b 2026-04-25T16:10:28.571Z monthly 0.6 https://detectionlint.org/library/sigma-potential-goopdatedll-sideloading-b7c3bcdd 2026-04-25T16:10:28.323Z monthly 0.6 https://detectionlint.org/library/sigma-potential-system-dll-sideloading-from-non-system-locations-3e18cd5d 2026-04-25T16:10:28.073Z monthly 0.6 https://detectionlint.org/library/sigma-potential-edputildll-sideloading-35cf8dce 2026-04-25T16:10:27.819Z monthly 0.6 https://detectionlint.org/library/sigma-potential-eacoredll-sideloading-e9a77584 2026-04-25T16:10:27.573Z monthly 0.6 https://detectionlint.org/library/sigma-potential-dll-sideloading-of-dbgmodeldll-99c9881d 2026-04-25T16:10:27.335Z monthly 0.6 https://detectionlint.org/library/sigma-potential-dll-sideloading-of-dbghelpdll-21208667 2026-04-25T16:10:27.083Z monthly 0.6 https://detectionlint.org/library/sigma-potential-dll-sideloading-of-dbgcoredll-e926bf7a 2026-04-25T16:10:26.813Z monthly 0.6 https://detectionlint.org/library/sigma-system-control-panel-item-loaded-from-uncommon-location-d92b91ce 2026-04-25T16:10:26.558Z monthly 0.6 https://detectionlint.org/library/sigma-potential-dll-sideloading-using-coregenexe-fa8e4046 2026-04-25T16:10:26.319Z monthly 0.6 https://detectionlint.org/library/sigma-potential-dll-sideloading-via-comctl32dll-ff079053 2026-04-25T16:10:26.077Z monthly 0.6 https://detectionlint.org/library/sigma-potential-dll-sideloading-via-classicexplorer32dll-566fbaad 2026-04-25T16:10:25.818Z monthly 0.6 https://detectionlint.org/library/sigma-potential-chrome-frame-helper-dll-sideloading-fc18f215 2026-04-25T16:10:25.560Z monthly 0.6 https://detectionlint.org/library/sigma-potential-ccleanerreactivatordll-sideloading-f46f56ad 2026-04-25T16:10:25.316Z monthly 0.6 https://detectionlint.org/library/sigma-potential-ccleanerdudll-sideloading-28c68df9 2026-04-25T16:10:24.973Z monthly 0.6 https://detectionlint.org/library/sigma-potential-avkkiddll-sideloading-a56ec608 2026-04-25T16:10:24.719Z monthly 0.6 https://detectionlint.org/library/sigma-aruba-network-service-potential-dll-sideloading-9b7861b7 2026-04-25T16:10:24.469Z monthly 0.6 https://detectionlint.org/library/sigma-potential-appverifuidll-sideloading-51da26cc 2026-04-25T16:10:24.212Z monthly 0.6 https://detectionlint.org/library/sigma-potential-antivirus-software-dll-sideloading-056b5743 2026-04-25T16:10:23.956Z monthly 0.6 https://detectionlint.org/library/sigma-abusable-dll-potential-sideloading-from-suspicious-location-903acc81 2026-04-25T16:10:23.699Z monthly 0.6 https://detectionlint.org/library/sigma-potential-7zadll-sideloading-175b2577 2026-04-25T16:10:23.444Z monthly 0.6 https://detectionlint.org/library/sigma-wmi-activescripteventconsumers-activity-via-scrconsexe-dll-l-7396aeee 2026-04-25T16:10:23.200Z monthly 0.6 https://detectionlint.org/library/sigma-remote-dll-load-via-rundll32exe-76500868 2026-04-25T16:10:22.949Z monthly 0.6 https://detectionlint.org/library/sigma-vba-dll-loaded-via-office-application-3d9d836a 2026-04-25T16:10:22.705Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-core-dll-loaded-via-office-application-610f59ca 2026-04-25T16:10:22.458Z monthly 0.6 https://detectionlint.org/library/sigma-microsoft-vba-for-outlook-addin-loaded-via-outlook-2ee5f7ce 2026-04-25T16:10:22.211Z monthly 0.6 https://detectionlint.org/library/sigma-microsoft-excel-add-in-loaded-from-uncommon-location-8f40a6c1 2026-04-25T16:10:21.965Z monthly 0.6 https://detectionlint.org/library/sigma-gac-dll-loaded-via-office-applications-7b12046e 2026-04-25T16:10:21.723Z monthly 0.6 https://detectionlint.org/library/sigma-clr-dll-loaded-via-office-applications-dcc0e789 2026-04-25T16:10:21.463Z monthly 0.6 https://detectionlint.org/library/sigma-dotnet-assembly-dll-loaded-via-office-application-6de5b92b 2026-04-25T16:10:21.220Z monthly 0.6 https://detectionlint.org/library/sigma-unsigned-image-loaded-into-lsass-process-42753796 2026-04-25T16:10:20.970Z monthly 0.6 https://detectionlint.org/library/sigma-potential-dcom-internetexplorerapplication-dll-hijack---imag-fab10bac 2026-04-25T16:10:20.730Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---silenttrinity-stager-dll-load-758b428e 2026-04-25T16:10:20.488Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---sharpevtmute-dll-load-b136a10c 2026-04-25T16:10:20.251Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-volume-shadow-copy-vsstracedll-load-005d28a6 2026-04-25T16:10:20.006Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-volume-shadow-copy-vssapidll-load-ecf58c0f 2026-04-25T16:10:19.767Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-volume-shadow-copy-vss_psdll-load-825561ba 2026-04-25T16:10:19.517Z monthly 0.6 https://detectionlint.org/library/sigma-unsigned-node-file-loaded-dcbc2bdf 2026-04-25T16:10:19.266Z monthly 0.6 https://detectionlint.org/library/sigma-time-travel-debugging-utility-usage---image-229cee59 2026-04-25T16:10:19.007Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-core-dll-loaded-by-non-powershell-process-414446e4 2026-04-25T16:10:18.736Z monthly 0.6 https://detectionlint.org/library/sigma-diagnostic-library-sdiagengdll-loaded-by-msdtexe-0b9efb56 2026-04-25T16:10:18.494Z monthly 0.6 https://detectionlint.org/library/sigma-load-of-rstrtmgrdll-by-an-uncommon-process-222e6403 2026-04-25T16:10:18.237Z monthly 0.6 https://detectionlint.org/library/sigma-load-of-rstrtmgrdll-by-a-suspicious-process-e0b62157 2026-04-25T16:10:17.981Z monthly 0.6 https://detectionlint.org/library/sigma-pcrenet-package-image-load-a8eb2014 2026-04-25T16:10:17.729Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-unsigned-dbghelpdbgcore-dll-loaded-91c335e2 2026-04-25T16:10:17.483Z monthly 0.6 https://detectionlint.org/library/sigma-creduidll-loaded-by-uncommon-process-703b6bbf 2026-04-25T16:10:17.248Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-renamed-comsvcs-dll-loaded-by-rundll32-a2071438 2026-04-25T16:10:16.980Z monthly 0.6 https://detectionlint.org/library/sigma-potential-azure-browser-sso-abuse-1c624b06 2026-04-25T16:10:16.733Z monthly 0.6 https://detectionlint.org/library/sigma-amsidll-loaded-via-lolbin-process-b09b6935 2026-04-25T16:10:16.488Z monthly 0.6 https://detectionlint.org/library/sigma-dll-loaded-from-suspicious-location-via-cmsptexe-631c30f0 2026-04-25T16:10:16.230Z monthly 0.6 https://detectionlint.org/library/sigma-clfssys-loaded-by-process-located-in-a-potential-suspicious--0d973b24 2026-04-25T16:10:15.974Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-wuauclt-network-connection-9213e7f5 2026-04-25T16:10:15.729Z monthly 0.6 https://detectionlint.org/library/sigma-outbound-network-connection-initiated-by-script-interpreter-127f2122 2026-04-25T16:10:15.473Z monthly 0.6 https://detectionlint.org/library/sigma-local-network-connection-initiated-by-script-interpreter-71d30e10 2026-04-25T16:10:15.228Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-wordpad-outbound-connections-df3c363b 2026-04-25T16:10:14.967Z monthly 0.6 https://detectionlint.org/library/sigma-outbound-network-connection-to-public-ip-via-winlogon-6ae4554b 2026-04-25T16:10:14.717Z monthly 0.6 https://detectionlint.org/library/sigma-potential-remote-powershell-session-initiated-8d4e9927 2026-04-25T16:10:14.471Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-outbound-smtp-connections-4b00aa10 2026-04-25T16:10:14.220Z monthly 0.6 https://detectionlint.org/library/sigma-microsoft-sync-center-suspicious-network-connections-24e28f7c 2026-04-25T16:10:13.969Z monthly 0.6 https://detectionlint.org/library/sigma-uncommon-outbound-kerberos-connection-96284fa1 2026-04-25T16:10:13.702Z monthly 0.6 https://detectionlint.org/library/sigma-communication-to-uncommon-destination-ports-00317526 2026-04-25T16:10:13.438Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-malware-callback-communication-9ab8a3da 2026-04-25T16:10:13.182Z monthly 0.6 https://detectionlint.org/library/sigma-network-connection-initiated-from-process-located-in-potenti-3446d67e 2026-04-25T16:10:12.910Z monthly 0.6 https://detectionlint.org/library/sigma-network-communication-initiated-to-file-sharing-domains-from-20a672b1 2026-04-25T16:10:12.660Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-network-connection-binary-no-commandline-46c0682f 2026-04-25T16:10:12.408Z monthly 0.6 https://detectionlint.org/library/sigma-silenttrinity-stager-msbuild-activity-6cbdba2d 2026-04-25T16:10:12.157Z monthly 0.6 https://detectionlint.org/library/sigma-rundll32-internet-connection-1db875d3 2026-04-25T16:10:11.902Z monthly 0.6 https://detectionlint.org/library/sigma-remote-access-tool---anydesk-incoming-connection-241b4a8d 2026-04-25T16:10:11.646Z monthly 0.6 https://detectionlint.org/library/sigma-network-connection-initiated-by-regsvr32exe-86bb5609 2026-04-25T16:10:11.385Z monthly 0.6 https://detectionlint.org/library/sigma-regasmexe-initiating-network-connection-to-public-ip-94e6fe93 2026-04-25T16:10:11.137Z monthly 0.6 https://detectionlint.org/library/sigma-rdp-to-http-or-https-target-ports-ba82d2a5 2026-04-25T16:10:10.875Z monthly 0.6 https://detectionlint.org/library/sigma-rdp-over-reverse-ssh-tunnel-ba1f6039 2026-04-25T16:10:10.620Z monthly 0.6 https://detectionlint.org/library/sigma-outbound-rdp-connections-over-non-standard-tools-412709e0 2026-04-25T16:10:10.370Z monthly 0.6 https://detectionlint.org/library/sigma-python-initiated-connection-ceababc0 2026-04-25T16:10:10.115Z monthly 0.6 https://detectionlint.org/library/sigma-office-application-initiated-network-connection-over-uncommo-14c0bf53 2026-04-25T16:10:09.776Z monthly 0.6 https://detectionlint.org/library/sigma-office-application-initiated-network-connection-to-non-local-d68cc47e 2026-04-25T16:10:09.485Z monthly 0.6 https://detectionlint.org/library/sigma-network-connection-initiated-via-notepadexe-0f28ee6f 2026-04-25T16:10:09.215Z monthly 0.6 https://detectionlint.org/library/sigma-network-connection-initiated-by-imewdbldexe-7035864b 2026-04-25T16:10:08.959Z monthly 0.6 https://detectionlint.org/library/sigma-network-connection-initiated-via-fingerexe-90d0f0aa 2026-04-25T16:10:08.708Z monthly 0.6 https://detectionlint.org/library/sigma-network-connection-initiated-by-eqnedt32exe-b048bb87 2026-04-25T16:10:08.452Z monthly 0.6 https://detectionlint.org/library/sigma-network-connection-initiated-to-visual-studio-code-tunnels-d-031628e1 2026-04-25T16:10:08.207Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-non-browser-network-communication-with-telegram-a-47e200ea 2026-04-25T16:10:07.947Z monthly 0.6 https://detectionlint.org/library/sigma-network-communication-initiated-to-portmapio-domain-0ee49ec4 2026-04-25T16:10:07.667Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-network-connection-to-notion-api-d7d719b1 2026-04-25T16:10:07.425Z monthly 0.6 https://detectionlint.org/library/sigma-communication-to-ngrok-tunneling-service-initiated-4ce74f56 2026-04-25T16:10:07.156Z monthly 0.6 https://detectionlint.org/library/sigma-process-initiated-network-connection-to-ngrok-domain-bc90fa17 2026-04-25T16:10:06.911Z monthly 0.6 https://detectionlint.org/library/sigma-network-connection-initiated-to-meganz-82c67957 2026-04-25T16:10:06.645Z monthly 0.6 https://detectionlint.org/library/sigma-communication-to-localtonet-tunneling-service-initiated-a4a6e09c 2026-04-25T16:10:06.390Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-non-browser-network-communication-with-google-api-492381df 2026-04-25T16:10:06.139Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-network-connection-to-ip-lookup-service-apis-ee3d6955 2026-04-25T16:10:05.878Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-dropbox-api-usage-8cd27f9c 2026-04-25T16:10:05.625Z monthly 0.6 https://detectionlint.org/library/sigma-network-connection-initiated-to-devtunnels-domain-517daf61 2026-04-25T16:10:05.372Z monthly 0.6 https://detectionlint.org/library/sigma-new-connection-initiated-to-potential-dead-drop-resolver-dom-d1e43659 2026-04-25T16:10:05.120Z monthly 0.6 https://detectionlint.org/library/sigma-network-communication-with-crypto-mining-pool-6a2be3ca 2026-04-25T16:10:04.864Z monthly 0.6 https://detectionlint.org/library/sigma-network-connection-initiated-to-cloudflared-tunnels-domains-8b538457 2026-04-25T16:10:04.618Z monthly 0.6 https://detectionlint.org/library/sigma-network-connection-initiated-to-btunnels-domains-69d76c9e 2026-04-25T16:10:04.329Z monthly 0.6 https://detectionlint.org/library/sigma-network-connection-initiated-to-azurewebsitesnet-by-non-brow-1488a4d0 2026-04-25T16:10:04.049Z monthly 0.6 https://detectionlint.org/library/sigma-outbound-network-connection-initiated-by-microsoft-dialer-9c13969b 2026-04-25T16:10:03.801Z monthly 0.6 https://detectionlint.org/library/sigma-outbound-network-connection-initiated-by-cmstpexe-0d58625d 2026-04-25T16:10:03.540Z monthly 0.6 https://detectionlint.org/library/sigma-uncommon-network-connection-initiated-by-certutilexe-2f3c61de 2026-04-25T16:10:03.292Z monthly 0.6 https://detectionlint.org/library/sigma-uncommon-connection-to-active-directory-web-services-4ae56560 2026-04-25T16:10:03.029Z monthly 0.6 https://detectionlint.org/library/sigma-network-connection-initiated-by-addinutilexe-57991019 2026-04-25T16:10:02.759Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-appended-extension-d0661276 2026-04-25T16:10:02.511Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-self-extraction-directive-file-create-74a8ca46 2026-04-25T16:10:02.243Z monthly 0.6 https://detectionlint.org/library/sigma-writing-local-admin-share-3c40cb4e 2026-04-25T16:10:01.981Z monthly 0.6 https://detectionlint.org/library/sigma-uefi-persistence-via-wpbbin---filecreation-86868907 2026-04-25T16:10:01.721Z monthly 0.6 https://detectionlint.org/library/sigma-wmiprvse-wbemcomn-dll-hijack---file-c3754c06 2026-04-25T16:10:01.454Z monthly 0.6 https://detectionlint.org/library/sigma-wmiexec-default-output-file-ca93d942 2026-04-25T16:10:01.189Z monthly 0.6 https://detectionlint.org/library/sigma-wmi-persistence---script-event-consumer-file-write-1f31f134 2026-04-25T16:10:00.936Z monthly 0.6 https://detectionlint.org/library/sigma-awl-bypass-with-winrmvbs-and-malicious-wsmptyxslwsmtxtxsl----a7c19aac 2026-04-25T16:10:00.689Z monthly 0.6 https://detectionlint.org/library/sigma-winrar-creating-files-in-startup-locations-2d290b5e 2026-04-25T16:10:00.428Z monthly 0.6 https://detectionlint.org/library/sigma-creation-of-werfaultexewerdll-in-unusual-folder-7e337604 2026-04-25T16:10:00.184Z monthly 0.6 https://detectionlint.org/library/sigma-potential-webshell-creation-on-static-website-1ef5bd95 2026-04-25T16:09:59.933Z monthly 0.6 https://detectionlint.org/library/sigma-renamed-vscode-code-tunnel-execution---file-indicator-35d70fec 2026-04-25T16:09:59.685Z monthly 0.6 https://detectionlint.org/library/sigma-visual-studio-code-tunnel-remote-file-creation-c083c36b 2026-04-25T16:09:59.443Z monthly 0.6 https://detectionlint.org/library/sigma-vhd-image-download-via-browser-f5dc8618 2026-04-25T16:09:59.202Z monthly 0.6 https://detectionlint.org/library/sigma-uac-bypass-using-windows-media-player---file-9f5cf927 2026-04-25T16:09:58.936Z monthly 0.6 https://detectionlint.org/library/sigma-uac-bypass-abusing-winsat-path-parsing---file-b483bd75 2026-04-25T16:09:58.692Z monthly 0.6 https://detectionlint.org/library/sigma-uac-bypass-using-ntfs-reparse-point---file-65dee815 2026-04-25T16:09:58.449Z monthly 0.6 https://detectionlint.org/library/sigma-uac-bypass-using-msconfig-token-modification---file-9f067bae 2026-04-25T16:09:58.206Z monthly 0.6 https://detectionlint.org/library/sigma-uac-bypass-using-ieinstal---file-772a6411 2026-04-25T16:09:57.938Z monthly 0.6 https://detectionlint.org/library/sigma-uac-bypass-using-idiagnostic-profile---file-b8c3c9ea 2026-04-25T16:09:57.677Z monthly 0.6 https://detectionlint.org/library/sigma-uac-bypass-using-eventvwr-a0818c4d 2026-04-25T16:09:57.423Z monthly 0.6 https://detectionlint.org/library/sigma-uac-bypass-using-net-code-profiler-on-mmc-01c24f81 2026-04-25T16:09:57.176Z monthly 0.6 https://detectionlint.org/library/sigma-uac-bypass-using-consent-and-comctl32---file-184c8d4f 2026-04-25T16:09:56.918Z monthly 0.6 https://detectionlint.org/library/sigma-hijack-legit-rdp-session-to-move-laterally-35628d17 2026-04-25T16:09:56.648Z monthly 0.6 https://detectionlint.org/library/sigma-lsass-process-memory-dump-creation-via-taskmgrexe-73247aaa 2026-04-25T16:09:56.371Z monthly 0.6 https://detectionlint.org/library/sigma-potential-privilege-escalation-attempt-via-exelocal-techniqu-fd52dc57 2026-04-25T16:09:56.103Z monthly 0.6 https://detectionlint.org/library/sigma-psexec-remote-execution-file-artefact-b742e33e 2026-04-25T16:09:55.860Z monthly 0.6 https://detectionlint.org/library/sigma-psexec-service-file-creation-1ec5a841 2026-04-25T16:09:55.612Z monthly 0.6 https://detectionlint.org/library/sigma-process-monitor-driver-creation-by-non-sysinternals-binary-0a88d7e4 2026-04-25T16:09:55.356Z monthly 0.6 https://detectionlint.org/library/sigma-process-explorer-driver-creation-by-non-sysinternals-binary-a22fd85e 2026-04-25T16:09:55.113Z monthly 0.6 https://detectionlint.org/library/sigma-livekd-driver-creation-by-uncommon-process-930f6521 2026-04-25T16:09:54.867Z monthly 0.6 https://detectionlint.org/library/sigma-livekd-driver-creation-7c00b306 2026-04-25T16:09:54.501Z monthly 0.6 https://detectionlint.org/library/sigma-livekd-kernel-memory-dump-file-created-8c2bb714 2026-04-25T16:09:54.260Z monthly 0.6 https://detectionlint.org/library/sigma-adexplorer-writing-complete-ad-snapshot-into-dat-file-5d9b565e 2026-04-25T16:09:54.001Z monthly 0.6 https://detectionlint.org/library/sigma-winsxs-executable-file-creation-by-non-system-process-aa87bdbe 2026-04-25T16:09:53.740Z monthly 0.6 https://detectionlint.org/library/sigma-windows-terminal-profile-settings-modification-by-uncommon-p-9ef90cea 2026-04-25T16:09:53.472Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-wdac-policy-file-creation-6a976a08 2026-04-25T16:09:53.210Z monthly 0.6 https://detectionlint.org/library/sigma-vscode-powershell-profile-modification-76c2a443 2026-04-25T16:09:52.955Z monthly 0.6 https://detectionlint.org/library/sigma-teamviewer-remote-session-cb8f647b 2026-04-25T16:09:52.700Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-scheduled-task-write-to-system32-tasks-82313978 2026-04-25T16:09:52.457Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-interactive-powershell-as-system-0536b147 2026-04-25T16:09:52.215Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-startup-folder-persistence-f9dae1cc 2026-04-25T16:09:51.963Z monthly 0.6 https://detectionlint.org/library/sigma-drop-binaries-into-spool-drivers-color-folder-0915026b 2026-04-25T16:09:51.713Z monthly 0.6 https://detectionlint.org/library/sigma-potential-file-extension-spoofing-using-right-to-left-overri-c3e5fcd8 2026-04-25T16:09:51.460Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-file-creation-activity-from-fake-recyclebin-folde-7bbd4ff9 2026-04-25T16:09:51.221Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-binaries-and-scripts-in-public-folder-a583bf93 2026-04-25T16:09:50.974Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-procexp152sys-file-created-in-tmp-5cdfe3dc 2026-04-25T16:09:50.712Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-profile-modification-eb79c243 2026-04-25T16:09:50.454Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-lnk-double-extension-file-created-93c5efde 2026-04-25T16:09:50.210Z monthly 0.6 https://detectionlint.org/library/sigma-legitimate-application-dropped-script-fa659bb5 2026-04-25T16:09:49.960Z monthly 0.6 https://detectionlint.org/library/sigma-legitimate-application-writing-files-in-uncommon-location-49842054 2026-04-25T16:09:49.710Z monthly 0.6 https://detectionlint.org/library/sigma-legitimate-application-dropped-executable-8433d914 2026-04-25T16:09:49.451Z monthly 0.6 https://detectionlint.org/library/sigma-legitimate-application-dropped-archive-abcb9df3 2026-04-25T16:09:49.201Z monthly 0.6 https://detectionlint.org/library/sigma-potential-homoglyph-attack-using-lookalike-characters-in-fil-5a418f26 2026-04-25T16:09:48.912Z monthly 0.6 https://detectionlint.org/library/sigma-potential-hidden-directory-creation-via-ntfs-index_allocatio-1cfc2d32 2026-04-25T16:09:48.650Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-get-variableexe-creation-75a5e02e 2026-04-25T16:09:48.406Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-file-write-to-sharepoint-layouts-directory-97253451 2026-04-25T16:09:48.156Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-file-write-to-webapps-root-directory-e3836ebb 2026-04-25T16:09:47.903Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-executable-file-creation-44d7ae9a 2026-04-25T16:09:47.640Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-msexchangemailboxreplication-aspx-write-588911a8 2026-04-25T16:09:47.390Z monthly 0.6 https://detectionlint.org/library/sigma-dpapi-backup-keys-and-certificate-export-activity-ioc-bec6c923 2026-04-25T16:09:47.124Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-double-extension-files-eb63abab 2026-04-25T16:09:46.885Z monthly 0.6 https://detectionlint.org/library/sigma-creation-of-a-diagcab-9f01a5b1 2026-04-25T16:09:46.642Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-desktopimgdownldr-target-file-737a364c 2026-04-25T16:09:46.401Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-creation-txt-file-in-user-desktop-b76ecec8 2026-04-25T16:09:46.134Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-files-in-default-gpo-folder-5ced9e03 2026-04-25T16:09:45.890Z monthly 0.6 https://detectionlint.org/library/sigma-created-files-by-microsoft-sync-center-fe9f9ce2 2026-04-25T16:09:45.647Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-creation-with-colorcpl-e31b0fc0 2026-04-25T16:09:45.399Z monthly 0.6 https://detectionlint.org/library/sigma-startup-folder-file-write-651a2ccd 2026-04-25T16:09:45.134Z monthly 0.6 https://detectionlint.org/library/sigma-windows-binaries-write-suspicious-extensions-fa895af4 2026-04-25T16:09:44.883Z monthly 0.6 https://detectionlint.org/library/sigma-windows-shellscripting-application-file-write-to-suspicious--fbaac75b 2026-04-25T16:09:44.638Z monthly 0.6 https://detectionlint.org/library/sigma-self-extraction-directive-file-created-in-potentially-suspic-99c3882b 2026-04-25T16:09:44.392Z monthly 0.6 https://detectionlint.org/library/sigma-potential-sam-database-dump-bf6eb68d 2026-04-25T16:09:44.135Z monthly 0.6 https://detectionlint.org/library/sigma-potential-ripzip-attack-on-startup-folder-c4a6c889 2026-04-25T16:09:43.891Z monthly 0.6 https://detectionlint.org/library/sigma-remote-access-tool---screenconnect-temporary-file-cfafb638 2026-04-25T16:09:43.638Z monthly 0.6 https://detectionlint.org/library/sigma-screenconnect-temporary-installation-artefact-9a2aad91 2026-04-25T16:09:43.396Z monthly 0.6 https://detectionlint.org/library/sigma-remcom-service-file-creation-5fc05c04 2026-04-25T16:09:43.153Z monthly 0.6 https://detectionlint.org/library/sigma-pdf-file-created-by-regeditexe-d9013726 2026-04-25T16:09:42.905Z monthly 0.6 https://detectionlint.org/library/sigma-potential-winnti-dropper-activity-11ba7376 2026-04-25T16:09:42.651Z monthly 0.6 https://detectionlint.org/library/sigma-rdp-file-created-by-uncommon-application-ac2ff62d 2026-04-25T16:09:42.396Z monthly 0.6 https://detectionlint.org/library/sigma-rclone-config-file-creation-0c4cc525 2026-04-25T16:09:42.160Z monthly 0.6 https://detectionlint.org/library/sigma-psscriptpolicytest-creation-by-uncommon-process-2459712b 2026-04-25T16:09:41.913Z monthly 0.6 https://detectionlint.org/library/sigma-potential-startup-shortcut-persistence-via-powershellexe-a93b60d7 2026-04-25T16:09:41.664Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-module-file-created-by-non-powershell-process-b0d01e59 2026-04-25T16:09:41.417Z monthly 0.6 https://detectionlint.org/library/sigma-potential-suspicious-powershell-module-file-created-4f33b518 2026-04-25T16:09:41.168Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-module-file-created-fbb27a66 2026-04-25T16:09:40.928Z monthly 0.6 https://detectionlint.org/library/sigma-malicious-powershell-scripts---filecreation-1e7bdc7d 2026-04-25T16:09:40.676Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-script-dropped-via-powershellexe-b8f55695 2026-04-25T16:09:40.425Z monthly 0.6 https://detectionlint.org/library/sigma-potential-binary-or-script-dropper-via-powershell-280d8212 2026-04-25T16:09:40.166Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-file-created-in-perflogs-ee5db7ab 2026-04-25T16:09:39.902Z monthly 0.6 https://detectionlint.org/library/sigma-pcrenet-package-temp-files-dc5ea59d 2026-04-25T16:09:39.650Z monthly 0.6 https://detectionlint.org/library/sigma-uncommon-file-created-in-office-startup-folder-6188b8ab 2026-04-25T16:09:39.293Z monthly 0.6 https://detectionlint.org/library/sigma-file-with-uncommon-extension-created-by-an-office-applicatio-558f11b8 2026-04-25T16:09:39.046Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-via-microsoft-office-startup-folder-e1ed1306 2026-04-25T16:09:38.794Z monthly 0.6 https://detectionlint.org/library/sigma-publisher-attachment-file-dropped-in-suspicious-location-60873a34 2026-04-25T16:09:38.530Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-outlook-macro-created-665cf89b 2026-04-25T16:09:38.285Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-file-created-in-outlook-temporary-directory-e3ffc5b7 2026-04-25T16:09:38.016Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-via-outlook-form-6bb5da8f 2026-04-25T16:09:37.776Z monthly 0.6 https://detectionlint.org/library/sigma-new-outlook-macro-created-5635721d 2026-04-25T16:09:37.538Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-file-created-via-onenote-application-e315a144 2026-04-25T16:09:37.280Z monthly 0.6 https://detectionlint.org/library/sigma-onenote-attachment-file-dropped-in-suspicious-location-580d4114 2026-04-25T16:09:37.035Z monthly 0.6 https://detectionlint.org/library/sigma-office-macro-file-creation-from-suspicious-process-eaeb0dc4 2026-04-25T16:09:36.795Z monthly 0.6 https://detectionlint.org/library/sigma-office-macro-file-download-51e427a9 2026-04-25T16:09:36.545Z monthly 0.6 https://detectionlint.org/library/sigma-office-macro-file-creation-c1615956 2026-04-25T16:09:36.299Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-via-microsoft-office-add-in-25269f0e 2026-04-25T16:09:36.052Z monthly 0.6 https://detectionlint.org/library/sigma-ntds-exfiltration-filename-patterns-bb32b9c7 2026-04-25T16:09:35.811Z monthly 0.6 https://detectionlint.org/library/sigma-ntdsdit-creation-by-uncommon-process-4436b490 2026-04-25T16:09:35.561Z monthly 0.6 https://detectionlint.org/library/sigma-ntdsdit-creation-by-uncommon-parent-process-7d93bc1e 2026-04-25T16:09:35.310Z monthly 0.6 https://detectionlint.org/library/sigma-ntdsdit-created-d264d04f 2026-04-25T16:09:35.078Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-via-notepad-plugins-c1f41c62 2026-04-25T16:09:34.831Z monthly 0.6 https://detectionlint.org/library/sigma-scr-file-write-event-b07d9683 2026-04-25T16:09:34.578Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-file-creation-in-uncommon-appdata-folder-ba48d803 2026-04-25T16:09:34.334Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-dotnet-clr-usage-log-artifact-f73493df 2026-04-25T16:09:34.066Z monthly 0.6 https://detectionlint.org/library/sigma-uncommon-file-creation-by-mysql-daemon-process-6d357abe 2026-04-25T16:09:33.820Z monthly 0.6 https://detectionlint.org/library/sigma-file-creation-in-suspicious-directory-by-msdtexe-b593ddd0 2026-04-25T16:09:33.576Z monthly 0.6 https://detectionlint.org/library/sigma-octopus-scanner-malware-f103ee38 2026-04-25T16:09:33.324Z monthly 0.6 https://detectionlint.org/library/sigma-adwind-rat-jrat-file-artifact-7f667d4d 2026-04-25T16:09:33.067Z monthly 0.6 https://detectionlint.org/library/sigma-werfault-lsass-process-memory-dump-5d4c0289 2026-04-25T16:09:32.803Z monthly 0.6 https://detectionlint.org/library/sigma-lsass-process-dump-artefact-in-crashdumps-folder-0f0c52cf 2026-04-25T16:09:32.560Z monthly 0.6 https://detectionlint.org/library/sigma-lsass-process-memory-dump-files-d93454fa 2026-04-25T16:09:32.322Z monthly 0.6 https://detectionlint.org/library/sigma-gathernetworkinfovbs-reconnaissance-script-output-f1da9f02 2026-04-25T16:09:32.085Z monthly 0.6 https://detectionlint.org/library/sigma-iso-or-image-mount-indicator-in-recent-files-b1494df6 2026-04-25T16:09:31.846Z monthly 0.6 https://detectionlint.org/library/sigma-iso-file-created-within-temp-folders-876543fc 2026-04-25T16:09:31.594Z monthly 0.6 https://detectionlint.org/library/sigma-malicious-dll-file-dropped-in-the-teams-or-onedrive-folder-e49d375f 2026-04-25T16:09:31.338Z monthly 0.6 https://detectionlint.org/library/sigma-installation-of-teamviewer-desktop-54089877 2026-04-25T16:09:31.102Z monthly 0.6 https://detectionlint.org/library/sigma-potential-initial-access-via-dll-search-order-hijacking-3a808cb9 2026-04-25T16:09:30.855Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---impacket-file-indicators-f2fd3128 2026-04-25T16:09:30.608Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---safetykatz-dump-indicator-25bef85f 2026-04-25T16:09:30.359Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---potential-remote-credential-dumping-activity-via--f04dd54e 2026-04-25T16:09:30.100Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---quarkspwdump-dump-file-8a8c1180 2026-04-25T16:09:29.861Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---powerup-write-hijack-dll-4892aaea 2026-04-25T16:09:29.610Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---nppspy-hacktool-usage-b006a826 2026-04-25T16:09:29.365Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---netexec-file-indicators-654816e0 2026-04-25T16:09:29.116Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---mimikatz-kirbi-file-creation-0f6eeec7 2026-04-25T16:09:28.861Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---remotekrbrelay-smb-relay-secrets-dump-module-indi-512638a2 2026-04-25T16:09:28.617Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---inveigh-execution-artefacts-f8db50c4 2026-04-25T16:09:28.373Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---typical-hivenightmare-sam-file-export-b538dbf6 2026-04-25T16:09:28.090Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---dumpert-process-dumper-default-file-b41a801c 2026-04-25T16:09:27.818Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---crackmapexec-file-indicators-541397b6 2026-04-25T16:09:27.573Z monthly 0.6 https://detectionlint.org/library/sigma-uncommon-file-created-by-notepad-updater-gupexe-10ddee12 2026-04-25T16:09:27.321Z monthly 0.6 https://detectionlint.org/library/sigma-gotoassist-temporary-installation-artefact-2ca16551 2026-04-25T16:09:27.069Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-file-drop-by-exchange-43826999 2026-04-25T16:09:26.809Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-aspx-file-drop-by-exchange-6d0f0573 2026-04-25T16:09:26.559Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-attempt-via-errorhandlercmd-bc459a99 2026-04-25T16:09:26.299Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-dmphdmp-file-creation-93251b69 2026-04-25T16:09:26.048Z monthly 0.6 https://detectionlint.org/library/sigma-dll-search-order-hijackig-via-additional-space-in-path-a4fdfaf6 2026-04-25T16:09:25.797Z monthly 0.6 https://detectionlint.org/library/sigma-desktopini-created-by-uncommon-process-158e6e85 2026-04-25T16:09:25.535Z monthly 0.6 https://detectionlint.org/library/sigma-potential-dcom-internetexplorerapplication-dll-hijack-5e8dbb71 2026-04-25T16:09:25.279Z monthly 0.6 https://detectionlint.org/library/sigma-dynamic-csharp-compile-artefact-d7ce390b 2026-04-25T16:09:25.036Z monthly 0.6 https://detectionlint.org/library/sigma-csexec-service-file-creation-67b851d2 2026-04-25T16:09:24.786Z monthly 0.6 https://detectionlint.org/library/sigma-wscript-or-cscript-dropper---file-56888a03 2026-04-25T16:09:24.535Z monthly 0.6 https://detectionlint.org/library/sigma-cred-dump-tools-dropped-files-10b4b792 2026-04-25T16:09:24.200Z monthly 0.6 https://detectionlint.org/library/sigma-creation-exe-for-service-with-unquoted-path-fefb63f7 2026-04-25T16:09:23.957Z monthly 0.6 https://detectionlint.org/library/sigma-files-with-system-process-name-in-unsuspected-locations-a15b995e 2026-04-25T16:09:23.699Z monthly 0.6 https://detectionlint.org/library/sigma-files-with-system-dll-name-in-unsuspected-locations-f248de19 2026-04-25T16:09:23.454Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-screensaver-binary-file-creation-8903c7ca 2026-04-25T16:09:23.205Z monthly 0.6 https://detectionlint.org/library/sigma-new-custom-shim-database-created-edb704b6 2026-04-25T16:09:22.959Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-deno-file-written-from-remote-source-0f078e59 2026-04-25T16:09:22.703Z monthly 0.6 https://detectionlint.org/library/sigma-creation-of-non-existent-system-dll-526585ca 2026-04-25T16:09:22.453Z monthly 0.6 https://detectionlint.org/library/sigma-evtx-created-in-uncommon-location-36f530d3 2026-04-25T16:09:22.213Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-file-creation-by-openedrs-itsmservice-6878f8cc 2026-04-25T16:09:21.964Z monthly 0.6 https://detectionlint.org/library/sigma-bloodhound-collection-files-9a10039f 2026-04-25T16:09:21.708Z monthly 0.6 https://detectionlint.org/library/sigma-assembly-dll-creation-via-aspnetcompiler-edf0e91c 2026-04-25T16:09:21.470Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-file-created-by-arcsocexe-c28d3b0a 2026-04-25T16:09:21.227Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-binary-writes-via-anydesk-a34368f6 2026-04-25T16:09:20.982Z monthly 0.6 https://detectionlint.org/library/sigma-anydesk-temporary-artefact-eab1f0ab 2026-04-25T16:09:20.740Z monthly 0.6 https://detectionlint.org/library/sigma-advanced-ip-scanner---file-event-f9983674 2026-04-25T16:09:20.496Z monthly 0.6 https://detectionlint.org/library/sigma-adsi-cache-file-creation-by-uncommon-tool-1c35b755 2026-04-25T16:09:20.258Z monthly 0.6 https://detectionlint.org/library/sigma-ads-zoneidentifier-deleted-by-uncommon-application-3a3c5dba 2026-04-25T16:09:20.016Z monthly 0.6 https://detectionlint.org/library/sigma-unusual-file-deletion-by-dnsexe-94256741 2026-04-25T16:09:19.770Z monthly 0.6 https://detectionlint.org/library/sigma-file-deleted-via-sysinternals-sdelete-0f298620 2026-04-25T16:09:19.530Z monthly 0.6 https://detectionlint.org/library/sigma-tomcat-webserver-logs-deleted-686de725 2026-04-25T16:09:19.282Z monthly 0.6 https://detectionlint.org/library/sigma-teamviewer-log-file-deleted-594877e0 2026-04-25T16:09:19.010Z monthly 0.6 https://detectionlint.org/library/sigma-prefetch-file-deleted-4cec2685 2026-04-25T16:09:18.775Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-console-history-logs-deleted-41677c21 2026-04-25T16:09:18.485Z monthly 0.6 https://detectionlint.org/library/sigma-process-deletion-of-its-own-executable-a3329c5b 2026-04-25T16:09:18.241Z monthly 0.6 https://detectionlint.org/library/sigma-iis-webserver-access-logs-deleted-6ecb2f0d 2026-04-25T16:09:18.003Z monthly 0.6 https://detectionlint.org/library/sigma-exchange-powershell-cmdlet-history-deleted-0ab458dd 2026-04-25T16:09:17.759Z monthly 0.6 https://detectionlint.org/library/sigma-eventlog-evtx-file-deleted-9219da4a 2026-04-25T16:09:17.505Z monthly 0.6 https://detectionlint.org/library/sigma-backup-files-deleted-db1ccbca 2026-04-25T16:09:17.264Z monthly 0.6 https://detectionlint.org/library/sigma-unusual-file-modification-by-dnsexe-e1baac31 2026-04-25T16:09:17.023Z monthly 0.6 https://detectionlint.org/library/sigma-microsoft-teams-sensitive-file-access-by-uncommon-applicatio-89bfe238 2026-04-25T16:09:16.745Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-file-access-to-browser-credential-storage-497cdabe 2026-04-25T16:09:16.497Z monthly 0.6 https://detectionlint.org/library/sigma-access-to-potentially-sensitive-sysvol-files-by-uncommon-app-dea42aed 2026-04-25T16:09:16.240Z monthly 0.6 https://detectionlint.org/library/sigma-access-to-windows-dpapi-master-keys-by-uncommon-applications-231e075f 2026-04-25T16:09:15.992Z monthly 0.6 https://detectionlint.org/library/sigma-access-to-crypto-currency-wallets-by-uncommon-applications-5de7cd7e 2026-04-25T16:09:15.745Z monthly 0.6 https://detectionlint.org/library/sigma-access-to-windows-credential-history-file-by-uncommon-applic-87c28266 2026-04-25T16:09:15.498Z monthly 0.6 https://detectionlint.org/library/sigma-credential-manager-access-by-uncommon-applications-52ca57ff 2026-04-25T16:09:15.249Z monthly 0.6 https://detectionlint.org/library/sigma-winlogon-notify-key-logon-persistence-b9381221 2026-04-25T16:09:15.015Z monthly 0.6 https://detectionlint.org/library/sigma-winlogon-allowmultipletssessions-enable-c6068d74 2026-04-25T16:09:14.758Z monthly 0.6 https://detectionlint.org/library/sigma-enable-local-manifest-installation-with-winget-7919bd2a 2026-04-25T16:09:14.506Z monthly 0.6 https://detectionlint.org/library/sigma-winget-admin-settings-modification-1308c7df 2026-04-25T16:09:14.256Z monthly 0.6 https://detectionlint.org/library/sigma-disable-windows-defender-functionalities-via-registry-keys-73f56677 2026-04-25T16:09:14.003Z monthly 0.6 https://detectionlint.org/library/sigma-wdigest-enable-uselogoncredential-7694b604 2026-04-25T16:09:13.739Z monthly 0.6 https://detectionlint.org/library/sigma-execution-dll-of-choice-using-wabexe-9a161aa0 2026-04-25T16:09:13.491Z monthly 0.6 https://detectionlint.org/library/sigma-windows-vulnerable-driver-blocklist-disabled-3c8609df 2026-04-25T16:09:13.238Z monthly 0.6 https://detectionlint.org/library/sigma-vbscript-payload-stored-in-registry-2285a14b 2026-04-25T16:09:12.989Z monthly 0.6 https://detectionlint.org/library/sigma-uac-secure-desktop-prompt-disabled-3bee1dd3 2026-04-25T16:09:12.721Z monthly 0.6 https://detectionlint.org/library/sigma-uac-notification-disabled-20ed9be8 2026-04-25T16:09:12.470Z monthly 0.6 https://detectionlint.org/library/sigma-uac-disabled-401c2e23 2026-04-25T16:09:12.216Z monthly 0.6 https://detectionlint.org/library/sigma-uac-bypass-using-windows-media-player---registry-47c73b73 2026-04-25T16:09:11.948Z monthly 0.6 https://detectionlint.org/library/sigma-uac-bypass-abusing-winsat-path-parsing---registry-6091a4c5 2026-04-25T16:09:11.689Z monthly 0.6 https://detectionlint.org/library/sigma-uac-bypass-via-sdclt-ec97bf51 2026-04-25T16:09:11.438Z monthly 0.6 https://detectionlint.org/library/sigma-uac-bypass-via-event-viewer-5b2ffcfb 2026-04-25T16:09:11.194Z monthly 0.6 https://detectionlint.org/library/sigma-potential-signing-bypass-via-windows-developer-features---re-8476cb28 2026-04-25T16:09:10.945Z monthly 0.6 https://detectionlint.org/library/sigma-com-hijacking-via-treatas-3fe904bd 2026-04-25T16:09:10.694Z monthly 0.6 https://detectionlint.org/library/sigma-old-tls10tls11-protocol-version-enabled-6db10c44 2026-04-25T16:09:10.438Z monthly 0.6 https://detectionlint.org/library/sigma-new-timeproviders-registered-with-uncommon-dll-name-499a4230 2026-04-25T16:09:10.177Z monthly 0.6 https://detectionlint.org/library/sigma-rdp-sensitive-settings-changed-8fc929a3 2026-04-25T16:09:09.921Z monthly 0.6 https://detectionlint.org/library/sigma-rdp-sensitive-settings-changed-to-zero-05d678ed 2026-04-25T16:09:09.663Z monthly 0.6 https://detectionlint.org/library/sigma-potential-registry-persistence-attempt-via-windows-telemetry-14e3c07c 2026-04-25T16:09:08.676Z monthly 0.6 https://detectionlint.org/library/sigma-scheduled-taskcache-change-by-uncommon-program-c71c0b04 2026-04-25T16:09:08.429Z monthly 0.6 https://detectionlint.org/library/sigma-enable-lm-hash-storage-18dad201 2026-04-25T16:09:08.176Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-environment-variable-has-been-registered-1ddacd42 2026-04-25T16:09:07.933Z monthly 0.6 https://detectionlint.org/library/sigma-wfp-filter-added-via-registry-d861d407 2026-04-25T16:09:07.678Z monthly 0.6 https://detectionlint.org/library/sigma-modify-user-shell-folders-startup-value-adad4dbd 2026-04-25T16:09:07.434Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-space-characters-in-typedpaths-registry-path---fi-1e1cafc4 2026-04-25T16:09:07.186Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-shell-open-command-registry-modification-4a5148fa 2026-04-25T16:09:06.910Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-service-installed-e670fc87 2026-04-25T16:09:06.642Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-space-characters-in-runmru-registry-path---clickf-a76526f4 2026-04-25T16:09:06.394Z monthly 0.6 https://detectionlint.org/library/sigma-new-run-key-pointing-to-suspicious-folder-187ad910 2026-04-25T16:09:06.147Z monthly 0.6 https://detectionlint.org/library/sigma-registry-persistence-via-explorer-run-key-5f10d721 2026-04-25T16:09:05.902Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-printer-driver-empty-manufacturer-ac06509a 2026-04-25T16:09:05.652Z monthly 0.6 https://detectionlint.org/library/sigma-potential-pendingfilerenameoperations-tampering-edee4360 2026-04-25T16:09:05.406Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-keyboard-layout-load-a9d2a09a 2026-04-25T16:09:05.131Z monthly 0.6 https://detectionlint.org/library/sigma-activate-suppression-of-windows-security-center-notification-62b2d875 2026-04-25T16:09:04.877Z monthly 0.6 https://detectionlint.org/library/sigma-hiding-user-account-via-specialaccounts-registry-key-7dc776a1 2026-04-25T16:09:04.622Z monthly 0.6 https://detectionlint.org/library/sigma-tamper-with-sophos-av-registry-keys-cdddbcbb 2026-04-25T16:09:04.364Z monthly 0.6 https://detectionlint.org/library/sigma-persistence-via-new-sip-provider-f3313ccd 2026-04-25T16:09:04.099Z monthly 0.6 https://detectionlint.org/library/sigma-registry-explorer-policy-modification-e5928e41 2026-04-25T16:09:03.859Z monthly 0.6 https://detectionlint.org/library/sigma-etw-logging-disabled-for-scm-c6bc8251 2026-04-25T16:09:03.600Z monthly 0.6 https://detectionlint.org/library/sigma-servicedll-hijack-bdfcdafb 2026-04-25T16:09:03.268Z monthly 0.6 https://detectionlint.org/library/sigma-potential-sentinelone-shell-context-menu-scan-command-tamper-88edc539 2026-04-25T16:09:03.019Z monthly 0.6 https://detectionlint.org/library/sigma-screensaver-registry-key-set-d78759f2 2026-04-25T16:09:02.778Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-command-executed-via-run-dialog-box---85ca8a21 2026-04-25T16:09:02.536Z monthly 0.6 https://detectionlint.org/library/sigma-etw-logging-disabled-for-rpcrt4dll-0a1ed14c 2026-04-25T16:09:02.289Z monthly 0.6 https://detectionlint.org/library/sigma-usage-of-renamed-sysinternals-tools---registryset-acfabdaf 2026-04-25T16:09:02.040Z monthly 0.6 https://detectionlint.org/library/sigma-pua---sysinternals-tools-execution---registry-cd5badec 2026-04-25T16:09:01.786Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-execution-of-renamed-sysinternals-tools---registr-2df452be 2026-04-25T16:09:01.545Z monthly 0.6 https://detectionlint.org/library/sigma-pua---sysinternal-tool-execution---registry-ad933a28 2026-04-25T16:09:01.283Z monthly 0.6 https://detectionlint.org/library/sigma-potential-provisioning-registry-key-abuse-for-binary-proxy-e-7b65919b 2026-04-25T16:09:01.027Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-logging-disabled-via-registry-key-tampering-1735feeb 2026-04-25T16:09:00.768Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-powershell-in-registry-run-keys-9f29e040 2026-04-25T16:09:00.521Z monthly 0.6 https://detectionlint.org/library/sigma-potential-powershell-execution-policy-tampering-73893664 2026-04-25T16:09:00.271Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-script-execution-policy-enabled-ef4e4d06 2026-04-25T16:09:00.021Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-as-a-service-in-registry-1dafb147 2026-04-25T16:08:59.778Z monthly 0.6 https://detectionlint.org/library/sigma-registry-modification-for-oci-dll-redirection-0df4c401 2026-04-25T16:08:59.545Z monthly 0.6 https://detectionlint.org/library/sigma-potential-clickfix-execution-pattern---registry-59bef708 2026-04-25T16:08:59.290Z monthly 0.6 https://detectionlint.org/library/sigma-potential-attachment-manager-settings-attachments-tamper-b22841da 2026-04-25T16:08:59.036Z monthly 0.6 https://detectionlint.org/library/sigma-potential-attachment-manager-settings-associations-tamper-33c021a6 2026-04-25T16:08:58.783Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-via-excel-add-in---registry-32ae724f 2026-04-25T16:08:58.521Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-via-typedpaths-8f97711c 2026-04-25T16:08:58.285Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-via-shim-database-in-uncommon-location-19e20c43 2026-04-25T16:08:58.047Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-shim-database-patching-activity-919c5cce 2026-04-25T16:08:57.797Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-via-shim-database-modification-3db0af1b 2026-04-25T16:08:57.547Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-via-scrobjdll-com-hijacking-bf0e35d7 2026-04-25T16:08:57.305Z monthly 0.6 https://detectionlint.org/library/sigma-potential-werfault-reflectdebugger-registry-value-abuse-fb79e1ac 2026-04-25T16:08:57.063Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-via-outlook-today-page-cd9a3100 2026-04-25T16:08:56.820Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-via-outlook-home-page-35a62f53 2026-04-25T16:08:56.573Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-via-visual-studio-tools-for-office-836fd725 2026-04-25T16:08:56.336Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-via-dllpathoverride-b6385d3c 2026-04-25T16:08:56.092Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-via-mycomputer-registry-keys-8ed436ca 2026-04-25T16:08:55.847Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-via-mpnotify-2f9f22fe 2026-04-25T16:08:55.606Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-via-lsa-extensions-69a54f0e 2026-04-25T16:08:55.356Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-via-logon-scripts---registry-28c8b5e8 2026-04-25T16:08:55.112Z monthly 0.6 https://detectionlint.org/library/sigma-register-new-ifiltre-for-persistence-c453ec55 2026-04-25T16:08:54.866Z monthly 0.6 https://detectionlint.org/library/sigma-modification-of-ie-registry-settings-0ab06504 2026-04-25T16:08:54.623Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-via-globalflags-00acfa84 2026-04-25T16:08:54.380Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-via-event-viewer-eventsasp-c0209bb0 2026-04-25T16:08:54.126Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-via-custom-protocol-handler-55c18bbe 2026-04-25T16:08:53.879Z monthly 0.6 https://detectionlint.org/library/sigma-potential-psfactorybuffer-com-hijacking-04430e88 2026-04-25T16:08:53.636Z monthly 0.6 https://detectionlint.org/library/sigma-potential-com-object-hijacking-via-treatas-subkey---registry-b6a3d880 2026-04-25T16:08:53.370Z monthly 0.6 https://detectionlint.org/library/sigma-com-object-hijacking-via-modification-of-default-system-clsi-f709bb27 2026-04-25T16:08:53.121Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-via-chm-helper-dll-4187bff5 2026-04-25T16:08:52.882Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-via-autodialdll-ae218fc1 2026-04-25T16:08:52.628Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-using-debugpath-726f2687 2026-04-25T16:08:52.378Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-via-app-paths-default-property-91b4cac0 2026-04-25T16:08:52.108Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-via-appcompat-registerapprestart-layer-7ed7ceea 2026-04-25T16:08:51.854Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-via-new-amsi-providers---registry-7ec4865f 2026-04-25T16:08:51.578Z monthly 0.6 https://detectionlint.org/library/sigma-maxmpxct-registry-value-changed-9433747a 2026-04-25T16:08:51.338Z monthly 0.6 https://detectionlint.org/library/sigma-office-macros-warning-disabled-8de80bf3 2026-04-25T16:08:51.097Z monthly 0.6 https://detectionlint.org/library/sigma-uncommon-microsoft-office-trusted-location-added-6d259b1c 2026-04-25T16:08:50.838Z monthly 0.6 https://detectionlint.org/library/sigma-macro-enabled-in-a-potentially-suspicious-document-2402dd39 2026-04-25T16:08:50.600Z monthly 0.6 https://detectionlint.org/library/sigma-outlook-security-settings-updated---registry-138a896e 2026-04-25T16:08:50.351Z monthly 0.6 https://detectionlint.org/library/sigma-outlook-enableunsafeclientmailrules-setting-enabled---regist-bce38e14 2026-04-25T16:08:50.102Z monthly 0.6 https://detectionlint.org/library/sigma-outlook-macro-execution-without-warning-setting-enabled-22e96ad5 2026-04-25T16:08:49.860Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-via-outlook-loadmacroprovideronboot-se-efa89b99 2026-04-25T16:08:49.600Z monthly 0.6 https://detectionlint.org/library/sigma-enable-microsoft-dynamic-data-exchange-cedea112 2026-04-25T16:08:49.356Z monthly 0.6 https://detectionlint.org/library/sigma-python-function-execution-security-warning-disabled-in-excel-e9825a4d 2026-04-25T16:08:49.119Z monthly 0.6 https://detectionlint.org/library/sigma-microsoft-office-protected-view-disabled-524fb723 2026-04-25T16:08:48.878Z monthly 0.6 https://detectionlint.org/library/sigma-trust-access-disable-for-vbapplications-77d3737b 2026-04-25T16:08:48.544Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-odbc-driver-registered-5a36b58f 2026-04-25T16:08:47.518Z monthly 0.6 https://detectionlint.org/library/sigma-new-odbc-driver-registered-508e3aa8 2026-04-25T16:08:47.272Z monthly 0.6 https://detectionlint.org/library/sigma-potential-credential-dumping-attempt-using-new-networkprovid-f55598b3 2026-04-25T16:08:47.019Z monthly 0.6 https://detectionlint.org/library/sigma-new-application-in-appcompat-b1b40080 2026-04-25T16:08:46.776Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-via-netsh-helper-dll---registry-dd280730 2026-04-25T16:08:46.535Z monthly 0.6 https://detectionlint.org/library/sigma-new-netsh-helper-dll-registered-from-a-suspicious-location-fa6f371c 2026-04-25T16:08:46.290Z monthly 0.6 https://detectionlint.org/library/sigma-net-ngenassemblyusagelog-registry-key-tamper-ef992a87 2026-04-25T16:08:46.006Z monthly 0.6 https://detectionlint.org/library/sigma-lsass-full-dump-request-via-dumptype-registry-settings-5ad02174 2026-04-25T16:08:45.758Z monthly 0.6 https://detectionlint.org/library/sigma-restrictedadminmode-registry-value-tampering-6afff433 2026-04-25T16:08:45.507Z monthly 0.6 https://detectionlint.org/library/sigma-lolbas-onedrivestandaloneupdaterexe-proxy-download-57ebedbf 2026-04-25T16:08:45.248Z monthly 0.6 https://detectionlint.org/library/sigma-potential-ransomware-activity-using-legalnotice-message-f75ea7cd 2026-04-25T16:08:45.014Z monthly 0.6 https://detectionlint.org/library/sigma-internet-explorer-disablefirstruncustomize-enabled-16fc3945 2026-04-25T16:08:44.740Z monthly 0.6 https://detectionlint.org/library/sigma-new-root-or-ca-or-authroot-certificate-to-store-8e3a3cae 2026-04-25T16:08:44.492Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-path-in-keyboard-layout-ime-file-registry-value-628bf5bf 2026-04-25T16:08:44.250Z monthly 0.6 https://detectionlint.org/library/sigma-uncommon-extension-in-keyboard-layout-ime-file-registry-valu-edb750e5 2026-04-25T16:08:44.010Z monthly 0.6 https://detectionlint.org/library/sigma-ie-zonemap-setting-downgraded-to-mycomputer-zone-for-http-pr-ccf3921d 2026-04-25T16:08:43.757Z monthly 0.6 https://detectionlint.org/library/sigma-driver-added-to-disallowed-images-in-hvci---registry-fb23bf86 2026-04-25T16:08:43.513Z monthly 0.6 https://detectionlint.org/library/sigma-hide-schedule-task-via-index-value-tamper-ea7eb938 2026-04-25T16:08:43.265Z monthly 0.6 https://detectionlint.org/library/sigma-registry-hide-function-from-user-1b5ecefe 2026-04-25T16:08:43.007Z monthly 0.6 https://detectionlint.org/library/sigma-displaying-hidden-files-feature-disabled-5bf0ae10 2026-04-25T16:08:42.748Z monthly 0.6 https://detectionlint.org/library/sigma-registry-modification-to-hidden-file-extension-4f85cf8f 2026-04-25T16:08:42.503Z monthly 0.6 https://detectionlint.org/library/sigma-persistence-via-hhctrlocx-d3129012 2026-04-25T16:08:42.245Z monthly 0.6 https://detectionlint.org/library/sigma-add-debugger-entry-to-hangs-key-for-persistence-c6448ae2 2026-04-25T16:08:42.003Z monthly 0.6 https://detectionlint.org/library/sigma-filefix---command-evidence-in-typedpaths-65ee43c0 2026-04-25T16:08:41.753Z monthly 0.6 https://detectionlint.org/library/sigma-new-file-association-using-exefile-5cc3441f 2026-04-25T16:08:41.502Z monthly 0.6 https://detectionlint.org/library/sigma-change-the-fax-dll-d3d765c2 2026-04-25T16:08:41.253Z monthly 0.6 https://detectionlint.org/library/sigma-change-user-account-associated-with-the-fax-service-c9fd1cda 2026-04-25T16:08:41.002Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-application-allowed-through-exploit-guard-10f524ca 2026-04-25T16:08:40.758Z monthly 0.6 https://detectionlint.org/library/sigma-potential-eventlog-file-location-tampering-621e0ab2 2026-04-25T16:08:40.513Z monthly 0.6 https://detectionlint.org/library/sigma-scripted-diagnostics-turn-off-check-enabled---registry-d8a29bbb 2026-04-25T16:08:40.271Z monthly 0.6 https://detectionlint.org/library/sigma-enabling-cor-profiler-environment-variables-92f22ae1 2026-04-25T16:08:40.029Z monthly 0.6 https://detectionlint.org/library/sigma-windows-recall-feature-enabled---registry-02482065 2026-04-25T16:08:39.790Z monthly 0.6 https://detectionlint.org/library/sigma-periodic-backup-for-system-registry-hives-enabled-8b5ee0ea 2026-04-25T16:08:39.547Z monthly 0.6 https://detectionlint.org/library/sigma-directory-service-restore-modedsrm-registry-value-tampering-9afa90f7 2026-04-25T16:08:39.288Z monthly 0.6 https://detectionlint.org/library/sigma-etw-logging-disabled-in-net-processes---sysmon-registry-d0fb146d 2026-04-25T16:08:39.028Z monthly 0.6 https://detectionlint.org/library/sigma-new-dns-serverlevelplugindll-installed-2aab675e 2026-04-25T16:08:38.770Z monthly 0.6 https://detectionlint.org/library/sigma-dns-over-https-enabled-by-registry-d2aeb80d 2026-04-25T16:08:38.529Z monthly 0.6 https://detectionlint.org/library/sigma-persistence-via-disk-cleanup-handler---autorun-9f299dbc 2026-04-25T16:08:38.278Z monthly 0.6 https://detectionlint.org/library/sigma-add-disallowrun-execution-to-registry-2273b1b7 2026-04-25T16:08:38.031Z monthly 0.6 https://detectionlint.org/library/sigma-disable-tamper-protection-on-windows-defender-57edb336 2026-04-25T16:08:37.770Z monthly 0.6 https://detectionlint.org/library/sigma-disable-pua-protection-on-windows-defender-bcf9f734 2026-04-25T16:08:37.527Z monthly 0.6 https://detectionlint.org/library/sigma-disabled-windows-defender-eventlog-db53030f 2026-04-25T16:08:37.286Z monthly 0.6 https://detectionlint.org/library/sigma-disable-exploit-guard-network-protection-on-windows-defender-b27b678f 2026-04-25T16:08:37.033Z monthly 0.6 https://detectionlint.org/library/sigma-disable-windows-event-logging-via-registry-b0718f93 2026-04-25T16:08:36.791Z monthly 0.6 https://detectionlint.org/library/sigma-disable-windows-firewall-by-registry-7eb1edc1 2026-04-25T16:08:36.444Z monthly 0.6 https://detectionlint.org/library/sigma-windows-event-log-access-tampering-via-registry-9b60fdb0 2026-04-25T16:08:36.201Z monthly 0.6 https://detectionlint.org/library/sigma-windows-defender-service-disabled---registry-909c03c5 2026-04-25T16:08:35.955Z monthly 0.6 https://detectionlint.org/library/sigma-registry-disable-system-restore-72aac5a2 2026-04-25T16:08:35.712Z monthly 0.6 https://detectionlint.org/library/sigma-disable-windows-security-center-notifications-770d542c 2026-04-25T16:08:35.448Z monthly 0.6 https://detectionlint.org/library/sigma-disable-privacy-settings-experience-in-registry-ee83a54a 2026-04-25T16:08:35.206Z monthly 0.6 https://detectionlint.org/library/sigma-disable-macro-runtime-scan-scope-1bd2ab7c 2026-04-25T16:08:34.959Z monthly 0.6 https://detectionlint.org/library/sigma-disable-internal-tools-or-feature-in-registry-1e74af5d 2026-04-25T16:08:34.716Z monthly 0.6 https://detectionlint.org/library/sigma-disable-microsoft-defender-firewall-via-registry-6ab8edaf 2026-04-25T16:08:34.481Z monthly 0.6 https://detectionlint.org/library/sigma-potential-autologger-sessions-tampering-2be3a467 2026-04-25T16:08:34.234Z monthly 0.6 https://detectionlint.org/library/sigma-disable-administrative-share-creation-at-startup-a6098adf 2026-04-25T16:08:33.985Z monthly 0.6 https://detectionlint.org/library/sigma-dhcp-callout-dll-installation-2f86466b 2026-04-25T16:08:33.722Z monthly 0.6 https://detectionlint.org/library/sigma-hypervisor-enforced-paging-translation-disabled-dbb58687 2026-04-25T16:08:33.470Z monthly 0.6 https://detectionlint.org/library/sigma-windows-hypervisor-enforced-code-integrity-disabled-a4dea078 2026-04-25T16:08:33.201Z monthly 0.6 https://detectionlint.org/library/sigma-antivirus-filter-driver-disallowed-on-dev-drive---registry-8be00fca 2026-04-25T16:08:32.941Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-desktop-background-change-via-registr-ebd5fadc 2026-04-25T16:08:32.691Z monthly 0.6 https://detectionlint.org/library/sigma-windows-defender-exclusions-added---registry-777b79b2 2026-04-25T16:08:32.431Z monthly 0.6 https://detectionlint.org/library/sigma-potential-registry-persistence-attempt-via-dbgmanageddebugge-2ec11dc8 2026-04-25T16:08:32.174Z monthly 0.6 https://detectionlint.org/library/sigma-custom-file-open-handler-executes-powershell-9f396f16 2026-04-25T16:08:31.916Z monthly 0.6 https://detectionlint.org/library/sigma-windows-credential-guard-disabled---registry-13610bfb 2026-04-25T16:08:31.669Z monthly 0.6 https://detectionlint.org/library/sigma-service-binary-in-suspicious-folder-0d96b044 2026-04-25T16:08:31.414Z monthly 0.6 https://detectionlint.org/library/sigma-security-event-logging-disabled-via-minint-registry-key---re-22379dea 2026-04-25T16:08:31.156Z monthly 0.6 https://detectionlint.org/library/sigma-crashcontrol-crashdump-disabled-adaa37da 2026-04-25T16:08:30.906Z monthly 0.6 https://detectionlint.org/library/sigma-com-hijack-via-sdclt-4cf8d88a 2026-04-25T16:08:30.655Z monthly 0.6 https://detectionlint.org/library/sigma-potential-cobaltstrike-service-installations---registry-29a6379e 2026-04-25T16:08:30.404Z monthly 0.6 https://detectionlint.org/library/sigma-clickonce-trust-prompt-tampering-dd15701f 2026-04-25T16:08:30.133Z monthly 0.6 https://detectionlint.org/library/sigma-running-chrome-vpn-extensions-via-the-registry-2-vpn-extensi-43a60074 2026-04-25T16:08:29.884Z monthly 0.6 https://detectionlint.org/library/sigma-change-winevt-channel-access-permission-via-registry-bf9d4ff9 2026-04-25T16:08:29.632Z monthly 0.6 https://detectionlint.org/library/sigma-sysmon-driver-altitude-change-a9b9232f 2026-04-25T16:08:29.368Z monthly 0.6 https://detectionlint.org/library/sigma-ie-change-domain-zone-9a4b8ccf 2026-04-25T16:08:29.121Z monthly 0.6 https://detectionlint.org/library/sigma-default-rdp-port-changed-to-non-standard-port-8fd66416 2026-04-25T16:08:28.872Z monthly 0.6 https://detectionlint.org/library/sigma-bypass-uac-using-silentcleanup-task-2a52b7f2 2026-04-25T16:08:28.613Z monthly 0.6 https://detectionlint.org/library/sigma-bypass-uac-using-event-viewer-97a4cce4 2026-04-25T16:08:28.365Z monthly 0.6 https://detectionlint.org/library/sigma-bypass-uac-using-delegateexecute-1b35c9d0 2026-04-25T16:08:28.110Z monthly 0.6 https://detectionlint.org/library/sigma-new-bginfoexe-custom-wmi-query-registry-configuration-1592c5b6 2026-04-25T16:08:27.856Z monthly 0.6 https://detectionlint.org/library/sigma-new-bginfoexe-custom-vbscript-registry-configuration-16d7a4a6 2026-04-25T16:08:27.596Z monthly 0.6 https://detectionlint.org/library/sigma-new-bginfoexe-custom-db-path-registry-configuration-76147612 2026-04-25T16:08:27.332Z monthly 0.6 https://detectionlint.org/library/sigma-wow6432node-windows-nt-currentversion-autorun-keys-modificat-f5628a21 2026-04-25T16:08:27.072Z monthly 0.6 https://detectionlint.org/library/sigma-wow6432node-classes-autorun-keys-modification-2e5f7c1c 2026-04-25T16:08:26.822Z monthly 0.6 https://detectionlint.org/library/sigma-wow6432node-currentversion-autorun-keys-modification-5f82dff7 2026-04-25T16:08:26.564Z monthly 0.6 https://detectionlint.org/library/sigma-winsock2-autorun-keys-modification-39720134 2026-04-25T16:08:26.294Z monthly 0.6 https://detectionlint.org/library/sigma-system-scripts-autorun-keys-modification-2e45bbc3 2026-04-25T16:08:26.047Z monthly 0.6 https://detectionlint.org/library/sigma-session-manager-autorun-keys-modification-59b3f844 2026-04-25T16:08:25.792Z monthly 0.6 https://detectionlint.org/library/sigma-office-autorun-keys-modification-18d4fe56 2026-04-25T16:08:25.534Z monthly 0.6 https://detectionlint.org/library/sigma-internet-explorer-autorun-keys-modification-6db5d47c 2026-04-25T16:08:25.287Z monthly 0.6 https://detectionlint.org/library/sigma-currentversion-nt-autorun-keys-modification-b5dfe568 2026-04-25T16:08:25.036Z monthly 0.6 https://detectionlint.org/library/sigma-currentversion-autorun-keys-modification-78684f00 2026-04-25T16:08:24.781Z monthly 0.6 https://detectionlint.org/library/sigma-currentcontrolset-autorun-keys-modification-d2222a5f 2026-04-25T16:08:24.530Z monthly 0.6 https://detectionlint.org/library/sigma-common-autorun-keys-modification-94a56b60 2026-04-25T16:08:24.280Z monthly 0.6 https://detectionlint.org/library/sigma-classes-autorun-keys-modification-b125c7ed 2026-04-25T16:08:24.015Z monthly 0.6 https://detectionlint.org/library/sigma-amsi-disabled-via-registry-modification-ba43810a 2026-04-25T16:08:23.750Z monthly 0.6 https://detectionlint.org/library/sigma-potential-amsi-com-server-hijacking-fc7cd69f 2026-04-25T16:08:23.501Z monthly 0.6 https://detectionlint.org/library/sigma-allow-rdp-remote-assistance-feature-86be0064 2026-04-25T16:08:23.252Z monthly 0.6 https://detectionlint.org/library/sigma-add-debugger-entry-to-aedebug-for-persistence-ccf6680e 2026-04-25T16:08:22.982Z monthly 0.6 https://detectionlint.org/library/sigma-add-port-monitor-persistence-in-registry-2ca72e54 2026-04-25T16:08:22.729Z monthly 0.6 https://detectionlint.org/library/sigma-registry-persistence-via-service-in-safe-mode-025cbe99 2026-04-25T16:08:22.482Z monthly 0.6 https://detectionlint.org/library/sigma-enable-remote-connection-between-anonymous-computer---allowa-7f9c4ed1 2026-04-25T16:08:22.231Z monthly 0.6 https://detectionlint.org/library/sigma-registry-tampering-by-potentially-suspicious-processes-3877b68b 2026-04-25T16:08:21.977Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-camera-and-microphone-access-b979f0de 2026-04-25T16:08:21.716Z monthly 0.6 https://detectionlint.org/library/sigma-dll-load-via-lsass-3d8bc369 2026-04-25T16:08:21.452Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-run-key-from-download-91e1c995 2026-04-25T16:08:21.104Z monthly 0.6 https://detectionlint.org/library/sigma-atbroker-registry-change-f7faaf2b 2026-04-25T16:08:20.846Z monthly 0.6 https://detectionlint.org/library/sigma-sticky-key-like-backdoor-usage---registry-a7f5c424 2026-04-25T16:08:20.581Z monthly 0.6 https://detectionlint.org/library/sigma-security-support-provider-ssp-added-to-lsa-configuration-7a8ba578 2026-04-25T16:08:20.322Z monthly 0.6 https://detectionlint.org/library/sigma-potential-credential-dumping-via-lsass-silentprocessexit-tec-ccab5dae 2026-04-25T16:08:20.063Z monthly 0.6 https://detectionlint.org/library/sigma-shell-open-registry-keys-manipulation-bc324004 2026-04-25T16:08:19.809Z monthly 0.6 https://detectionlint.org/library/sigma-run-once-task-configuration-in-registry-7cccedbf 2026-04-25T16:08:19.550Z monthly 0.6 https://detectionlint.org/library/sigma-winekey-registry-modification-6858a0db 2026-04-25T16:08:19.295Z monthly 0.6 https://detectionlint.org/library/sigma-redmimicry-winnti-playbook-registry-manipulation-428a9c75 2026-04-25T16:08:19.043Z monthly 0.6 https://detectionlint.org/library/sigma-new-portproxy-registry-entry-added-dfe9c15d 2026-04-25T16:08:18.779Z monthly 0.6 https://detectionlint.org/library/sigma-registry-persistence-mechanisms-in-recycle-bin-2f736f14 2026-04-25T16:08:18.508Z monthly 0.6 https://detectionlint.org/library/sigma-windows-registry-trust-record-modification-e0254dae 2026-04-25T16:08:18.242Z monthly 0.6 https://detectionlint.org/library/sigma-office-application-startup---office-test-683973be 2026-04-25T16:08:17.970Z monthly 0.6 https://detectionlint.org/library/sigma-new-dll-added-to-appinit_dlls-registry-key-681216dd 2026-04-25T16:08:17.712Z monthly 0.6 https://detectionlint.org/library/sigma-new-dll-added-to-appcertdlls-registry-key-e605e26f 2026-04-25T16:08:17.466Z monthly 0.6 https://detectionlint.org/library/sigma-netntlm-downgrade-attack---registry-19d09eb7 2026-04-25T16:08:17.203Z monthly 0.6 https://detectionlint.org/library/sigma-narrators-feedback-hub-persistence-e9bf918b 2026-04-25T16:08:16.944Z monthly 0.6 https://detectionlint.org/library/sigma-path-to-screensaver-binary-modified-85feac35 2026-04-25T16:08:16.674Z monthly 0.6 https://detectionlint.org/library/sigma-potential-qakbot-registry-activity-40fcb68a 2026-04-25T16:08:16.416Z monthly 0.6 https://detectionlint.org/library/sigma-registry-entries-for-azorult-malware-a62f8220 2026-04-25T16:08:16.162Z monthly 0.6 https://detectionlint.org/library/sigma-hybridconnectionmanager-service-installation---registry-2c0d2351 2026-04-25T16:08:15.907Z monthly 0.6 https://detectionlint.org/library/sigma-windows-credential-editor-registry-e347a3dc 2026-04-25T16:08:15.647Z monthly 0.6 https://detectionlint.org/library/sigma-esentutl-volume-shadow-copy-service-keys-92649394 2026-04-25T16:08:15.372Z monthly 0.6 https://detectionlint.org/library/sigma-wdigest-credguard-registry-modification-f712ca48 2026-04-25T16:08:15.111Z monthly 0.6 https://detectionlint.org/library/sigma-disable-security-events-logging-adding-reg-key-minint-7642cda4 2026-04-25T16:08:14.869Z monthly 0.6 https://detectionlint.org/library/sigma-windows-defender-threat-severity-default-action-modified-845b3bb2 2026-04-25T16:08:14.616Z monthly 0.6 https://detectionlint.org/library/sigma-cmstp-execution-registry-event-6766b418 2026-04-25T16:08:14.362Z monthly 0.6 https://detectionlint.org/library/sigma-uac-bypass-via-wsreset-ca82af43 2026-04-25T16:08:14.107Z monthly 0.6 https://detectionlint.org/library/sigma-creation-of-a-local-hidden-user-account-by-registry-428895c6 2026-04-25T16:08:13.842Z monthly 0.6 https://detectionlint.org/library/sigma-removal-of-sd-value-to-hide-schedule-task---registry-634ff1c8 2026-04-25T16:08:13.575Z monthly 0.6 https://detectionlint.org/library/sigma-removal-of-index-value-to-hide-schedule-task---registry-110096d6 2026-04-25T16:08:13.272Z monthly 0.6 https://detectionlint.org/library/sigma-runmru-registry-key-deletion---registry-fd184bbd 2026-04-25T16:08:13.013Z monthly 0.6 https://detectionlint.org/library/sigma-removal-of-potential-com-hijacking-registry-keys-88d1bf0e 2026-04-25T16:08:12.764Z monthly 0.6 https://detectionlint.org/library/sigma-removal-of-amsi-provider-registry-keys-5654e9e0 2026-04-25T16:08:12.513Z monthly 0.6 https://detectionlint.org/library/sigma-terminal-server-client-connection-history-cleared---registry-1b537aa4 2026-04-25T16:08:12.273Z monthly 0.6 https://detectionlint.org/library/sigma-folder-removed-from-exploit-guard-protectedfolders-list---re-8b137b16 2026-04-25T16:08:12.038Z monthly 0.6 https://detectionlint.org/library/sigma-windows-recall-feature-enabled---disableaidataanalysis-value-2b9500eb 2026-04-25T16:08:11.790Z monthly 0.6 https://detectionlint.org/library/sigma-windows-credential-guard-related-registry-value-deleted---re-5318ba3c 2026-04-25T16:08:11.545Z monthly 0.6 https://detectionlint.org/library/sigma-delete-defender-scan-shellex-context-menu-registry-key-b5e93ecb 2026-04-25T16:08:11.300Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-via-disk-cleanup-handler---registry-499eb5f6 2026-04-25T16:08:11.054Z monthly 0.6 https://detectionlint.org/library/sigma-permission-check-via-accesschkexe-a5b43691 2026-04-25T16:08:10.817Z monthly 0.6 https://detectionlint.org/library/sigma-uncommon-svchost-parent-process-435d746a 2026-04-25T16:08:10.565Z monthly 0.6 https://detectionlint.org/library/sigma-uncommon-svchost-command-line-parameter-47e3b499 2026-04-25T16:08:10.303Z monthly 0.6 https://detectionlint.org/library/sigma-terminal-service-process-spawn-fac5682d 2026-04-25T16:08:10.057Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-process-masquerading-as-svchostexe-15ff13b7 2026-04-25T16:08:09.807Z monthly 0.6 https://detectionlint.org/library/sigma-suspect-svchost-activity-9b744c9c 2026-04-25T16:08:09.520Z monthly 0.6 https://detectionlint.org/library/sigma-execution-via-workfoldersexe-fcac108f 2026-04-25T16:08:09.257Z monthly 0.6 https://detectionlint.org/library/sigma-whoami-as-parameter-f1a2ec7c 2026-04-25T16:08:08.995Z monthly 0.6 https://detectionlint.org/library/sigma-usage-of-web-request-commands-and-cmdlets-9b5307e8 2026-04-25T16:08:08.747Z monthly 0.6 https://detectionlint.org/library/sigma-weak-or-abused-passwords-in-cli-07948f6b 2026-04-25T16:08:08.489Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-velociraptor-child-process-3d4ecc45 2026-04-25T16:08:08.247Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-userinit-child-process-4ca1db18 2026-04-25T16:08:07.975Z monthly 0.6 https://detectionlint.org/library/sigma-malicious-pe-execution-by-microsoft-visual-studio-debugger-5e5f1662 2026-04-25T16:08:07.717Z monthly 0.6 https://detectionlint.org/library/sigma-malicious-windows-script-components-file-execution-by-taef-d-ea411659 2026-04-25T16:08:07.462Z monthly 0.6 https://detectionlint.org/library/sigma-tasks-folder-evasion-ddb995f4 2026-04-25T16:08:07.216Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-sysvol-domain-group-policy-access-626ac7dd 2026-04-25T16:08:06.968Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-system-user-process-creation-da7fd187 2026-04-25T16:08:06.725Z monthly 0.6 https://detectionlint.org/library/sigma-system-file-execution-location-anomaly-440580c1 2026-04-25T16:08:06.473Z monthly 0.6 https://detectionlint.org/library/sigma-process-creation-using-sysnative-folder-97a7213f 2026-04-25T16:08:06.130Z monthly 0.6 https://detectionlint.org/library/sigma-windows-shellscripting-processes-spawning-suspicious-program-29478df3 2026-04-25T16:08:05.867Z monthly 0.6 https://detectionlint.org/library/sigma-shadow-copies-deletion-using-operating-systems-utilities-263b2fa5 2026-04-25T16:08:05.620Z monthly 0.6 https://detectionlint.org/library/sigma-shadow-copies-creation-using-operating-systems-utilities-a3681536 2026-04-25T16:08:05.377Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-windows-service-tampering-3865ac5f 2026-04-25T16:08:05.110Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-service-binary-directory-8793d126 2026-04-25T16:08:04.856Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-new-service-creation-f467775a 2026-04-25T16:08:04.600Z monthly 0.6 https://detectionlint.org/library/sigma-sensitive-file-access-via-volume-shadow-copy-backup-5d80fbff 2026-04-25T16:08:04.335Z monthly 0.6 https://detectionlint.org/library/sigma-script-interpreter-spawning-credential-scanner---windows-55eecc16 2026-04-25T16:08:04.084Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-script-execution-from-temp-folder-a3736fbe 2026-04-25T16:08:03.833Z monthly 0.6 https://detectionlint.org/library/sigma-script-interpreter-execution-from-suspicious-folder-42f33296 2026-04-25T16:08:03.580Z monthly 0.6 https://detectionlint.org/library/sigma-potential-defense-evasion-via-right-to-left-override-ac52198b 2026-04-25T16:08:03.336Z monthly 0.6 https://detectionlint.org/library/sigma-potential-remote-desktop-tunneling-6678da34 2026-04-25T16:08:03.094Z monthly 0.6 https://detectionlint.org/library/sigma-registry-modification-of-ms-settings-protocol-handler-74686ff1 2026-04-25T16:08:02.807Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-redirection-to-local-admin-share-abd316c7 2026-04-25T16:08:02.557Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-process-execution-from-fake-recyclebin-folder-15cae39c 2026-04-25T16:08:02.302Z monthly 0.6 https://detectionlint.org/library/sigma-recon-information-for-export-with-command-prompt-87226c25 2026-04-25T16:08:02.059Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-program-names-d1247640 2026-04-25T16:08:01.801Z monthly 0.6 https://detectionlint.org/library/sigma-windows-processes-suspicious-parent-directory-41e0da53 2026-04-25T16:08:01.560Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-runas-like-flag-combination-fe492b1d 2026-04-25T16:08:01.290Z monthly 0.6 https://detectionlint.org/library/sigma-private-keys-reconnaissance-via-commandline-tools-37956050 2026-04-25T16:08:01.044Z monthly 0.6 https://detectionlint.org/library/sigma-privilege-escalation-via-named-pipe-impersonation-25e5d4b1 2026-04-25T16:08:00.808Z monthly 0.6 https://detectionlint.org/library/sigma-potential-powershell-execution-via-dll-8cf68f78 2026-04-25T16:08:00.564Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-process-parents-e811736b 2026-04-25T16:08:00.314Z monthly 0.6 https://detectionlint.org/library/sigma-obfuscated-ip-via-cli-82e5087c 2026-04-25T16:08:00.066Z monthly 0.6 https://detectionlint.org/library/sigma-obfuscated-ip-download-activity-2ebfe54d 2026-04-25T16:07:59.815Z monthly 0.6 https://detectionlint.org/library/sigma-use-ntfs-short-name-in-image-3d7bc4e0 2026-04-25T16:07:59.547Z monthly 0.6 https://detectionlint.org/library/sigma-use-ntfs-short-name-in-command-line-7bf70933 2026-04-25T16:07:59.303Z monthly 0.6 https://detectionlint.org/library/sigma-use-short-name-path-in-image-39480fff 2026-04-25T16:07:59.057Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-call-to-win32_nteventlogfile-class-aba926ed 2026-04-25T16:07:58.817Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-process-patterns-ntdsdit-exfil-ee87b516 2026-04-25T16:07:58.575Z monthly 0.6 https://detectionlint.org/library/sigma-non-privileged-usage-of-reg-or-powershell-a92393db 2026-04-25T16:07:58.319Z monthly 0.6 https://detectionlint.org/library/sigma-execution-of-suspicious-file-type-extension-2bb52609 2026-04-25T16:07:58.070Z monthly 0.6 https://detectionlint.org/library/sigma-process-launched-without-image-name-1d58f71e 2026-04-25T16:07:57.820Z monthly 0.6 https://detectionlint.org/library/sigma-potential-network-sniffing-activity-using-network-tools-81a639fe 2026-04-25T16:07:57.575Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-scan-loop-network-0180b0d5 2026-04-25T16:07:57.333Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-network-command-ea9b3d15 2026-04-25T16:07:57.088Z monthly 0.6 https://detectionlint.org/library/sigma-potential-file-download-via-ms-appinstaller-protocol-handler-192accb2 2026-04-25T16:07:56.835Z monthly 0.6 https://detectionlint.org/library/sigma-lsass-dump-keyword-in-commandline-c2e2e6b1 2026-04-25T16:07:56.584Z monthly 0.6 https://detectionlint.org/library/sigma-lolbin-execution-from-abnormal-drive-f7ed1ef7 2026-04-25T16:07:56.329Z monthly 0.6 https://detectionlint.org/library/sigma-local-accounts-discovery-8f8c35ef 2026-04-25T16:07:56.077Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-lnk-command-line-padding-with-whitespace-characte-9dc68926 2026-04-25T16:07:55.813Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-jwt-token-search-via-cli-f2844be2 2026-04-25T16:07:55.567Z monthly 0.6 https://detectionlint.org/library/sigma-potential-winapi-calls-via-commandline-5452717d 2026-04-25T16:07:55.312Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-inline-javascript-execution-via-nodej-0664002e 2026-04-25T16:07:55.070Z monthly 0.6 https://detectionlint.org/library/sigma-base64-mz-header-in-commandline-96fffa93 2026-04-25T16:07:54.815Z monthly 0.6 https://detectionlint.org/library/sigma-execution-of-non-existing-file-8bafcf8a 2026-04-25T16:07:54.569Z monthly 0.6 https://detectionlint.org/library/sigma-potential-homoglyph-attack-using-lookalike-characters-b0bac7bc 2026-04-25T16:07:54.326Z monthly 0.6 https://detectionlint.org/library/sigma-writing-of-malicious-files-to-the-fonts-folder-73a1df58 2026-04-25T16:07:54.077Z monthly 0.6 https://detectionlint.org/library/sigma-potential-hidden-directory-creation-via-ntfs-index_allocatio-c554b194 2026-04-25T16:07:53.821Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-reconnaissance-activity-via-gathernetworkinfovbs-ade9f4f3 2026-04-25T16:07:53.577Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-filefix-execution-pattern-e60c301f 2026-04-25T16:07:53.330Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-file-characteristics-due-to-missing-fields-86304916 2026-04-25T16:07:53.086Z monthly 0.6 https://detectionlint.org/library/sigma-process-execution-from-a-potentially-suspicious-folder-0b330674 2026-04-25T16:07:52.841Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-execution-from-parent-process-in-publ-a4d91365 2026-04-25T16:07:52.576Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-eventlog-recon-activity-using-log-que-5e2f56ca 2026-04-25T16:07:52.333Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-eventlog-clearing-or-configuration-change-activit-fcb4a1ef 2026-04-25T16:07:52.089Z monthly 0.6 https://detectionlint.org/library/sigma-etw-trace-evasion-activity-02de6828 2026-04-25T16:07:51.821Z monthly 0.6 https://detectionlint.org/library/sigma-etw-logging-tamper-in-net-processes-via-commandline-760ad927 2026-04-25T16:07:51.567Z monthly 0.6 https://detectionlint.org/library/sigma-potential-defense-evasion-activity-via-emoji-usage-in-comman-903a035e 2026-04-25T16:07:51.322Z monthly 0.6 https://detectionlint.org/library/sigma-potential-defense-evasion-activity-via-emoji-usage-in-comman-9e0133c4 2026-04-25T16:07:50.987Z monthly 0.6 https://detectionlint.org/library/sigma-potential-defense-evasion-activity-via-emoji-usage-in-comman-12cb053e 2026-04-25T16:07:50.742Z monthly 0.6 https://detectionlint.org/library/sigma-potential-defense-evasion-activity-via-emoji-usage-in-comman-552d3407 2026-04-25T16:07:50.482Z monthly 0.6 https://detectionlint.org/library/sigma-hidden-powershell-in-link-file-pattern-c21b466e 2026-04-25T16:07:50.241Z monthly 0.6 https://detectionlint.org/library/sigma-elevated-system-shell-spawned-from-uncommon-parent-location-ce644217 2026-04-25T16:07:49.989Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-electron-application-commandline-80e3540e 2026-04-25T16:07:49.724Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-electron-application-child-processes-0be307bb 2026-04-25T16:07:49.478Z monthly 0.6 https://detectionlint.org/library/sigma-always-install-elevated-msi-spawned-cmd-and-powershell-b7afc637 2026-04-25T16:07:49.241Z monthly 0.6 https://detectionlint.org/library/sigma-dumpstacklog-defender-evasion-06b78452 2026-04-25T16:07:49.006Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-download-from-office-domain-b78f4b2a 2026-04-25T16:07:48.755Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-parent-double-extension-file-execution-81eba80f 2026-04-25T16:07:48.497Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-double-extension-file-execution-4b3d531b 2026-04-25T16:07:48.255Z monthly 0.6 https://detectionlint.org/library/sigma-raccine-uninstall-2a9aeb6f 2026-04-25T16:07:48.013Z monthly 0.6 https://detectionlint.org/library/sigma-potential-data-exfiltration-activity-via-commandline-tools-6c4a702a 2026-04-25T16:07:47.759Z monthly 0.6 https://detectionlint.org/library/sigma-potential-crypto-mining-activity-ab0e5bde 2026-04-25T16:07:47.517Z monthly 0.6 https://detectionlint.org/library/sigma-lol-binary-copied-from-system-directory-22c3d2f3 2026-04-25T16:07:47.264Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-copy-from-or-to-system-directory-bb168745 2026-04-25T16:07:47.020Z monthly 0.6 https://detectionlint.org/library/sigma-copy-from-or-to-admin-share-or-sysvol-folder-92e2577a 2026-04-25T16:07:46.775Z monthly 0.6 https://detectionlint.org/library/sigma-potential-browser-data-stealing-9810ad6f 2026-04-25T16:07:46.525Z monthly 0.6 https://detectionlint.org/library/sigma-potential-command-line-path-traversal-evasion-attempt-2e0aea89 2026-04-25T16:07:46.279Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-usage-of-for-loop-with-recursive-directory-search-e1cc25bf 2026-04-25T16:07:46.031Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-explorer-process-with-whitespace-padding---clickf-184e6356 2026-04-25T16:07:45.779Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-clickfixfilefix-execution-pattern-1be41e59 2026-04-25T16:07:45.521Z monthly 0.6 https://detectionlint.org/library/sigma-potential-commandline-obfuscation-using-unicode-characters-f-f3870674 2026-04-25T16:07:45.254Z monthly 0.6 https://detectionlint.org/library/sigma-potential-commandline-obfuscation-using-escape-characters-ba317ab1 2026-04-25T16:07:45.015Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-child-process-created-as-system-cf7a6b1b 2026-04-25T16:07:44.762Z monthly 0.6 https://detectionlint.org/library/sigma-potential-suspicious-browser-launch-from-document-reader-pro-fa78456d 2026-04-25T16:07:44.514Z monthly 0.6 https://detectionlint.org/library/sigma-bad-opsec-defaults-sacrificial-processes-with-improper-argum-d9c5e8ec 2026-04-25T16:07:44.256Z monthly 0.6 https://detectionlint.org/library/sigma-automated-collection-command-prompt-70fc684f 2026-04-25T16:07:44.006Z monthly 0.6 https://detectionlint.org/library/sigma-phishing-pattern-iso-in-archive-ff6e430b 2026-04-25T16:07:43.755Z monthly 0.6 https://detectionlint.org/library/sigma-arbitrary-shell-command-execution-via-settingcontent-ms-7863cf90 2026-04-25T16:07:43.511Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-windows-app-activity-dd7c6698 2026-04-25T16:07:43.250Z monthly 0.6 https://detectionlint.org/library/sigma-always-install-elevated-windows-installer-e008962a 2026-04-25T16:07:42.996Z monthly 0.6 https://detectionlint.org/library/sigma-execute-from-alternate-data-streams-5f188a6e 2026-04-25T16:07:42.749Z monthly 0.6 https://detectionlint.org/library/sigma-user-added-to-remote-desktop-users-group-b775149c 2026-04-25T16:07:42.492Z monthly 0.6 https://detectionlint.org/library/sigma-user-added-to-highly-privileged-group-3e45f31f 2026-04-25T16:07:42.252Z monthly 0.6 https://detectionlint.org/library/sigma-user-added-to-local-administrators-group-941afeea 2026-04-25T16:07:41.985Z monthly 0.6 https://detectionlint.org/library/sigma-abused-debug-privilege-by-arbitrary-parent-processes-2082dec2 2026-04-25T16:07:41.743Z monthly 0.6 https://detectionlint.org/library/sigma-start-of-nt-virtual-dos-machine-0a2188d8 2026-04-25T16:07:41.505Z monthly 0.6 https://detectionlint.org/library/sigma-execution-via-stordiagexe-3705b4e5 2026-04-25T16:07:41.260Z monthly 0.6 https://detectionlint.org/library/sigma-potential-amazon-ssm-agent-hijacking-058a8b12 2026-04-25T16:07:41.017Z monthly 0.6 https://detectionlint.org/library/sigma-potential-rdp-tunneling-via-ssh-9077aa05 2026-04-25T16:07:40.773Z monthly 0.6 https://detectionlint.org/library/sigma-program-executed-using-proxylocal-command-via-sshexe-c6559675 2026-04-25T16:07:40.502Z monthly 0.6 https://detectionlint.org/library/sigma-port-forwarding-activity-via-sshexe-fc5dbfcf 2026-04-25T16:07:40.265Z monthly 0.6 https://detectionlint.org/library/sigma-process-proxy-execution-via-squirrelexe-a37b714b 2026-04-25T16:07:40.005Z monthly 0.6 https://detectionlint.org/library/sigma-arbitrary-file-download-via-squirrelexe-52dd6ccf 2026-04-25T16:07:39.765Z monthly 0.6 https://detectionlint.org/library/sigma-sqlite-firefox-profile-data-db-access-422002eb 2026-04-25T16:07:39.525Z monthly 0.6 https://detectionlint.org/library/sigma-sqlite-chromium-profile-data-db-access-c2184f63 2026-04-25T16:07:39.268Z monthly 0.6 https://detectionlint.org/library/sigma-veeambackup-database-credentials-dump-via-sqlcmdexe-802bbd3b 2026-04-25T16:07:38.996Z monthly 0.6 https://detectionlint.org/library/sigma-veeam-backup-database-suspicious-query-f7644919 2026-04-25T16:07:38.750Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-spool-service-child-process-f805a493 2026-04-25T16:07:38.493Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-splwow64-without-params-ac0a9c59 2026-04-25T16:07:38.250Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-speech-runtime-binary-child-process-93e41826 2026-04-25T16:07:38.000Z monthly 0.6 https://detectionlint.org/library/sigma-audio-capture-via-soundrecorder-b75cab0e 2026-04-25T16:07:37.746Z monthly 0.6 https://detectionlint.org/library/sigma-uncommon-child-processes-of-sndvolexe-46c0e6cc 2026-04-25T16:07:37.502Z monthly 0.6 https://detectionlint.org/library/sigma-uncommon-sigverifexe-child-process-2c8c7595 2026-04-25T16:07:37.266Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-execution-of-shutdown-to-log-out-a8c3569c 2026-04-25T16:07:37.022Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-execution-of-shutdown-63be1f9f 2026-04-25T16:07:36.784Z monthly 0.6 https://detectionlint.org/library/sigma-setup16exe-execution-with-custom-lst-file-7b0d9d49 2026-04-25T16:07:36.540Z monthly 0.6 https://detectionlint.org/library/sigma-potential-spn-enumeration-via-setspnexe-3e56eea5 2026-04-25T16:07:36.290Z monthly 0.6 https://detectionlint.org/library/sigma-uncommon-child-process-of-setresexe-20a939be 2026-04-25T16:07:36.040Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-serv-u-process-pattern-8edee944 2026-04-25T16:07:35.690Z monthly 0.6 https://detectionlint.org/library/sigma-nodejs-execution-of-javascript-file-b8165d52 2026-04-25T16:07:35.443Z monthly 0.6 https://detectionlint.org/library/sigma-potential-suspicious-activity-using-secedit-72ee95d6 2026-04-25T16:07:35.188Z monthly 0.6 https://detectionlint.org/library/sigma-sdiagnhost-calling-suspicious-child-process-5bc36a4c 2026-04-25T16:07:34.944Z monthly 0.6 https://detectionlint.org/library/sigma-sdclt-child-processes-cc94d2aa 2026-04-25T16:07:34.704Z monthly 0.6 https://detectionlint.org/library/sigma-uncommon-extension-shim-database-installation-via-sdbinstexe-f359e23a 2026-04-25T16:07:34.462Z monthly 0.6 https://detectionlint.org/library/sigma-potential-shim-database-persistence-via-sdbinstexe-beb7975c 2026-04-25T16:07:34.221Z monthly 0.6 https://detectionlint.org/library/sigma-script-event-consumer-spawning-process-f1fcc8aa 2026-04-25T16:07:33.982Z monthly 0.6 https://detectionlint.org/library/sigma-scheduled-task-creation-masquerading-as-system-processes-d729fc80 2026-04-25T16:07:33.722Z monthly 0.6 https://detectionlint.org/library/sigma-schtasks-creation-or-modification-with-system-privileges-9ccf6b7f 2026-04-25T16:07:33.471Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-command-patterns-in-scheduled-task-creation-8f2dea3f 2026-04-25T16:07:33.230Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-scheduled-task-creation-via-masqueraded-xml-file-c96fd770 2026-04-25T16:07:32.976Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-schtasks-schedule-type-with-high-privileges-2b24b6a6 2026-04-25T16:07:32.725Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-schtasks-schedule-types-6355c032 2026-04-25T16:07:32.478Z monthly 0.6 https://detectionlint.org/library/sigma-scheduled-task-executing-encoded-payload-from-registry-5ca6c1b9 2026-04-25T16:07:32.231Z monthly 0.6 https://detectionlint.org/library/sigma-scheduled-task-executing-payload-from-registry-96775c1e 2026-04-25T16:07:31.978Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-via-powershell-search-order-hijacking--3be1832f 2026-04-25T16:07:31.732Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-via-microsoft-compatibility-appraiser-5ee223d1 2026-04-25T16:07:31.480Z monthly 0.6 https://detectionlint.org/library/sigma-potential-ssh-tunnel-persistence-install-using-a-scheduled-t-ba65d54c 2026-04-25T16:07:31.242Z monthly 0.6 https://detectionlint.org/library/sigma-uncommon-one-time-only-scheduled-task-at-0000-c99629f5 2026-04-25T16:07:30.992Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-scheduled-task-name-as-guid-6c31607e 2026-04-25T16:07:30.664Z monthly 0.6 https://detectionlint.org/library/sigma-schtasks-from-suspicious-folders-603e20ba 2026-04-25T16:07:30.417Z monthly 0.6 https://detectionlint.org/library/sigma-schedule-task-creation-from-env-variable-or-potentially-susp-35f25403 2026-04-25T16:07:30.175Z monthly 0.6 https://detectionlint.org/library/sigma-disable-important-scheduled-task-38bf689f 2026-04-25T16:07:29.920Z monthly 0.6 https://detectionlint.org/library/sigma-delete-all-scheduled-tasks-d86d4788 2026-04-25T16:07:29.669Z monthly 0.6 https://detectionlint.org/library/sigma-delete-important-scheduled-task-c5277ae8 2026-04-25T16:07:29.419Z monthly 0.6 https://detectionlint.org/library/sigma-scheduled-task-creation-with-curl-and-powershell-execution-c-f5038b0a 2026-04-25T16:07:29.165Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-scheduled-task-creation-involving-temp-folder-b89b0f16 2026-04-25T16:07:28.924Z monthly 0.6 https://detectionlint.org/library/sigma-scheduled-task-creation-via-schtasksexe-2f8ca853 2026-04-25T16:07:28.687Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-modification-of-scheduled-tasks-0388c33b 2026-04-25T16:07:28.445Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-schtasks-execution-appdata-folder-8d6f6fbc 2026-04-25T16:07:28.194Z monthly 0.6 https://detectionlint.org/library/sigma-stop-windows-service-via-scexe-092eae0c 2026-04-25T16:07:27.950Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-attempt-via-existing-service-tampering-6685264d 2026-04-25T16:07:27.675Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-service-path-modification-bc5e3603 2026-04-25T16:07:27.426Z monthly 0.6 https://detectionlint.org/library/sigma-service-security-descriptor-tampering-via-scexe-93f5a92f 2026-04-25T16:07:27.185Z monthly 0.6 https://detectionlint.org/library/sigma-service-dacl-abuse-to-hide-services-via-scexe-53c18a9b 2026-04-25T16:07:26.929Z monthly 0.6 https://detectionlint.org/library/sigma-deny-service-access-using-security-descriptor-tampering-via--d9693f7e 2026-04-25T16:07:26.675Z monthly 0.6 https://detectionlint.org/library/sigma-allow-service-access-using-security-descriptor-tampering-via-07d34b84 2026-04-25T16:07:26.432Z monthly 0.6 https://detectionlint.org/library/sigma-interesting-service-enumeration-via-scexe-08d2d595 2026-04-25T16:07:26.185Z monthly 0.6 https://detectionlint.org/library/sigma-new-kernel-driver-via-scexe-de52f94d 2026-04-25T16:07:25.934Z monthly 0.6 https://detectionlint.org/library/sigma-service-startuptype-change-via-scexe-e1cd7b47 2026-04-25T16:07:25.684Z monthly 0.6 https://detectionlint.org/library/sigma-new-service-creation-using-scexe-59b24c51 2026-04-25T16:07:25.422Z monthly 0.6 https://detectionlint.org/library/sigma-possible-privilege-escalation-via-weak-service-permissions-6119f534 2026-04-25T16:07:25.170Z monthly 0.6 https://detectionlint.org/library/sigma-run-once-task-execution-as-configured-in-registry-c253f8a6 2026-04-25T16:07:24.920Z monthly 0.6 https://detectionlint.org/library/sigma-rundll32-execution-without-parameters-04e109f6 2026-04-25T16:07:24.657Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-webdav-client-execution-via-rundll32exe-ec0f7185 2026-04-25T16:07:24.415Z monthly 0.6 https://detectionlint.org/library/sigma-webdav-client-execution-via-rundll32exe-8cea6ebb 2026-04-25T16:07:24.164Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-workstation-locking-via-rundll32-8a61f60e 2026-04-25T16:07:23.919Z monthly 0.6 https://detectionlint.org/library/sigma-rundll32-execution-with-uncommon-dll-extension-88e84857 2026-04-25T16:07:23.679Z monthly 0.6 https://detectionlint.org/library/sigma-rundll32-unc-path-execution-2a9276ea 2026-04-25T16:07:23.427Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-rundll32exe-execution-of-udl-file-99f9f095 2026-04-25T16:07:23.188Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-rundll32-activity-invoking-sys-file-0cec86c9 2026-04-25T16:07:22.930Z monthly 0.6 https://detectionlint.org/library/sigma-shimcache-flush-c8ee38b6 2026-04-25T16:07:22.691Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-shellexec_rundll-call-via-ordinal-9825b8c4 2026-04-25T16:07:22.438Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-usage-of-shellexec_rundll-e35dd119 2026-04-25T16:07:22.184Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-rundll32-execution-with-image-extension-6e9b9244 2026-04-25T16:07:21.922Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-control-panel-dll-load-4c4ac226 2026-04-25T16:07:21.681Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-rundll32-activity-743349a4 2026-04-25T16:07:21.436Z monthly 0.6 https://detectionlint.org/library/sigma-rundll32-spawning-explorer-a90eea04 2026-04-25T16:07:21.193Z monthly 0.6 https://detectionlint.org/library/sigma-potential-shelldispatchdll-functionality-abuse-ef2ac968 2026-04-25T16:07:20.939Z monthly 0.6 https://detectionlint.org/library/sigma-shell32-dll-execution-in-suspicious-directory-8770041e 2026-04-25T16:07:20.618Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-rundll32-setupapidll-activity-8fbae94e 2026-04-25T16:07:20.364Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-process-start-locations-25763fa0 2026-04-25T16:07:20.118Z monthly 0.6 https://detectionlint.org/library/sigma-rundll32-registered-com-objects-79b2c49c 2026-04-25T16:07:19.873Z monthly 0.6 https://detectionlint.org/library/sigma-process-memory-dump-via-comsvcsdll-5269f8ee 2026-04-25T16:07:19.627Z monthly 0.6 https://detectionlint.org/library/sigma-rundll32-spawned-via-explorerexe-d3cda47a 2026-04-25T16:07:19.376Z monthly 0.6 https://detectionlint.org/library/sigma-potential-obfuscated-ordinal-call-via-rundll32-08567558 2026-04-25T16:07:19.127Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-ntlm-authentication-on-the-printer-spooler-servic-208c3363 2026-04-25T16:07:18.871Z monthly 0.6 https://detectionlint.org/library/sigma-rundll32-execution-without-commandline-parameters-21554327 2026-04-25T16:07:18.627Z monthly 0.6 https://detectionlint.org/library/sigma-mshtmldll-runhtmlapplication-suspicious-usage-1f74fc0b 2026-04-25T16:07:18.385Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-key-manager-access-b7518924 2026-04-25T16:07:18.139Z monthly 0.6 https://detectionlint.org/library/sigma-rundll32-installscreensaver-execution-8d16a076 2026-04-25T16:07:17.872Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-rundll32-invoking-inline-vbscript-219c9b95 2026-04-25T16:07:17.630Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-advpack-call-via-rundll32exe-d26fdc5a 2026-04-25T16:07:17.387Z monthly 0.6 https://detectionlint.org/library/sigma-potential-rundll32-execution-with-dll-stored-in-ads-26f2725f 2026-04-25T16:07:17.135Z monthly 0.6 https://detectionlint.org/library/sigma-ruby-inline-command-execution-b29d9180 2026-04-25T16:07:16.885Z monthly 0.6 https://detectionlint.org/library/sigma-capture-credentials-with-rpcpingexe-95e7a4bb 2026-04-25T16:07:16.645Z monthly 0.6 https://detectionlint.org/library/sigma-renamed-whoami-execution-6202f588 2026-04-25T16:07:16.406Z monthly 0.6 https://detectionlint.org/library/sigma-renamed-vmnatexe-execution-c1ee0931 2026-04-25T16:07:16.155Z monthly 0.6 https://detectionlint.org/library/sigma-renamed-sysinternals-sdelete-execution-917e86b9 2026-04-25T16:07:15.910Z monthly 0.6 https://detectionlint.org/library/sigma-renamed-psexec-service-execution-5b713ded 2026-04-25T16:07:15.657Z monthly 0.6 https://detectionlint.org/library/sigma-renamed-procdump-execution-125545cd 2026-04-25T16:07:15.411Z monthly 0.6 https://detectionlint.org/library/sigma-renamed-sysinternals-debugview-execution-fb156b60 2026-04-25T16:07:15.168Z monthly 0.6 https://detectionlint.org/library/sigma-renamed-schtasks-execution-9d4f1b6b 2026-04-25T16:07:14.917Z monthly 0.6 https://detectionlint.org/library/sigma-renamed-remote-utilities-rat-rurat-execution-dc138fba 2026-04-25T16:07:14.679Z monthly 0.6 https://detectionlint.org/library/sigma-potential-renamed-rundll32-execution-efd94e5c 2026-04-25T16:07:14.428Z monthly 0.6 https://detectionlint.org/library/sigma-visual-studio-nodejstools-pressanykey-renamed-execution-1ad5f158 2026-04-25T16:07:14.161Z monthly 0.6 https://detectionlint.org/library/sigma-renamed-plink-execution-a7005e61 2026-04-25T16:07:13.914Z monthly 0.6 https://detectionlint.org/library/sigma-renamed-pingcastle-binary-execution-61878de3 2026-04-25T16:07:13.670Z monthly 0.6 https://detectionlint.org/library/sigma-renamed-paexec-execution-97dc8466 2026-04-25T16:07:13.423Z monthly 0.6 https://detectionlint.org/library/sigma-renamed-office-binary-execution-6cc5557f 2026-04-25T16:07:13.166Z monthly 0.6 https://detectionlint.org/library/sigma-renamed-nircmdexe-execution-acd9404b 2026-04-25T16:07:12.919Z monthly 0.6 https://detectionlint.org/library/sigma-renamed-netsupport-rat-execution-1e21319b 2026-04-25T16:07:12.660Z monthly 0.6 https://detectionlint.org/library/sigma-renamed-microsoft-teams-execution-ad118ddb 2026-04-25T16:07:12.414Z monthly 0.6 https://detectionlint.org/library/sigma-renamed-msdtexe-execution-b80e5a54 2026-04-25T16:07:12.173Z monthly 0.6 https://detectionlint.org/library/sigma-renamed-megasync-execution-5f44c2eb 2026-04-25T16:07:11.915Z monthly 0.6 https://detectionlint.org/library/sigma-renamed-mavinjectexe-execution-11e2ac3f 2026-04-25T16:07:11.641Z monthly 0.6 https://detectionlint.org/library/sigma-renamed-juschedexe-execution-4a953ce7 2026-04-25T16:07:11.394Z monthly 0.6 https://detectionlint.org/library/sigma-renamed-gpgexe-execution-ff626c52 2026-04-25T16:07:11.155Z monthly 0.6 https://detectionlint.org/library/sigma-renamed-ftpexe-execution-ad33c772 2026-04-25T16:07:10.900Z monthly 0.6 https://detectionlint.org/library/sigma-renamed-zoho-dctask64-execution-fd373ead 2026-04-25T16:07:10.627Z monthly 0.6 https://detectionlint.org/library/sigma-renamed-curlexe-execution-a43092d2 2026-04-25T16:07:10.385Z monthly 0.6 https://detectionlint.org/library/sigma-renamed-createdump-utility-execution-74a81ff4 2026-04-25T16:07:10.127Z monthly 0.6 https://detectionlint.org/library/sigma-renamed-cloudflaredexe-execution-e39caa79 2026-04-25T16:07:09.876Z monthly 0.6 https://detectionlint.org/library/sigma-renamed-browsercoreexe-execution-16cb1803 2026-04-25T16:07:09.621Z monthly 0.6 https://detectionlint.org/library/sigma-renamed-boinc-client-execution-e9cfec83 2026-04-25T16:07:09.371Z monthly 0.6 https://detectionlint.org/library/sigma-potential-defense-evasion-via-rename-of-highly-relevant-bina-6276f5fa 2026-04-25T16:07:09.121Z monthly 0.6 https://detectionlint.org/library/sigma-potential-defense-evasion-via-binary-rename-06ac76cb 2026-04-25T16:07:08.869Z monthly 0.6 https://detectionlint.org/library/sigma-renamed-autoit-execution-249c1759 2026-04-25T16:07:08.616Z monthly 0.6 https://detectionlint.org/library/sigma-renamed-autohotkeyexe-execution-fab157f8 2026-04-25T16:07:08.355Z monthly 0.6 https://detectionlint.org/library/sigma-renamed-adfind-execution-de5ed6c6 2026-04-25T16:07:08.119Z monthly 0.6 https://detectionlint.org/library/sigma-discovery-of-a-system-time-19b7e7b0 2026-04-25T16:07:07.876Z monthly 0.6 https://detectionlint.org/library/sigma-remote-access-tool---ultraviewer-execution-5e9348d5 2026-04-25T16:07:07.622Z monthly 0.6 https://detectionlint.org/library/sigma-remote-access-tool---team-viewer-session-started-on-windows--d365fe22 2026-04-25T16:07:07.376Z monthly 0.6 https://detectionlint.org/library/sigma-remote-access-tool---tacticalrmm-agent-registration-to-poten-9a082071 2026-04-25T16:07:07.105Z monthly 0.6 https://detectionlint.org/library/sigma-remote-access-tool---simple-help-execution-c87f3061 2026-04-25T16:07:06.859Z monthly 0.6 https://detectionlint.org/library/sigma-remote-access-tool---screenconnect-server-web-shell-executio-3d9c714d 2026-04-25T16:07:06.605Z monthly 0.6 https://detectionlint.org/library/sigma-remote-access-tool---screenconnect-potential-suspicious-remo-f899c2d7 2026-04-25T16:07:06.326Z monthly 0.6 https://detectionlint.org/library/sigma-remote-access-tool---screenconnect-remote-command-execution-c3bb6176 2026-04-25T16:07:06.054Z monthly 0.6 https://detectionlint.org/library/sigma-remote-access-tool---screenconnect-installation-execution-f05c7052 2026-04-25T16:07:05.791Z monthly 0.6 https://detectionlint.org/library/sigma-remote-access-tool---screenconnect-execution-6a5df176 2026-04-25T16:07:05.449Z monthly 0.6 https://detectionlint.org/library/sigma-remote-access-tool---rurat-execution-from-unusual-location-5a86c1de 2026-04-25T16:07:05.181Z monthly 0.6 https://detectionlint.org/library/sigma-remote-access-tool---renamed-meshagent-execution---windows-990e918a 2026-04-25T16:07:04.902Z monthly 0.6 https://detectionlint.org/library/sigma-remote-access-tool---netsupport-execution-from-unusual-locat-28cbea70 2026-04-25T16:07:04.633Z monthly 0.6 https://detectionlint.org/library/sigma-remote-access-tool---netsupport-execution-bfcae2f8 2026-04-25T16:07:04.373Z monthly 0.6 https://detectionlint.org/library/sigma-remote-access-tool---meshagent-command-execution-via-meshcen-09c5c664 2026-04-25T16:07:04.095Z monthly 0.6 https://detectionlint.org/library/sigma-remote-access-tool---potential-meshagent-execution---windows-dd5f3f9a 2026-04-25T16:07:03.835Z monthly 0.6 https://detectionlint.org/library/sigma-remote-access-tool---logmein-execution-2eeee665 2026-04-25T16:07:03.585Z monthly 0.6 https://detectionlint.org/library/sigma-remote-access-tool---gotoassist-execution-6be063e1 2026-04-25T16:07:03.333Z monthly 0.6 https://detectionlint.org/library/sigma-remote-access-tool---anydesk-execution-from-suspicious-folde-109c82eb 2026-04-25T16:07:03.077Z monthly 0.6 https://detectionlint.org/library/sigma-remote-access-tool---anydesk-silent-installation-52a2359e 2026-04-25T16:07:02.818Z monthly 0.6 https://detectionlint.org/library/sigma-remote-access-tool---anydesk-execution-with-known-revoked-si-608bae60 2026-04-25T16:07:02.551Z monthly 0.6 https://detectionlint.org/library/sigma-remote-access-tool---anydesk-piped-password-via-cli-6bdc7dea 2026-04-25T16:07:02.282Z monthly 0.6 https://detectionlint.org/library/sigma-remote-access-tool---anydesk-execution-9f9d5b0f 2026-04-25T16:07:02.035Z monthly 0.6 https://detectionlint.org/library/sigma-regsvr32-dll-execution-with-uncommon-extension-4b7a0e0f 2026-04-25T16:07:01.770Z monthly 0.6 https://detectionlint.org/library/sigma-scriptingcommandline-process-spawned-regsvr32-b8096550 2026-04-25T16:07:01.514Z monthly 0.6 https://detectionlint.org/library/sigma-regsvr32-dll-execution-with-suspicious-file-extension-898810c8 2026-04-25T16:07:01.248Z monthly 0.6 https://detectionlint.org/library/sigma-regsvr32-execution-from-highly-suspicious-location-78ad1aa5 2026-04-25T16:07:00.991Z monthly 0.6 https://detectionlint.org/library/sigma-regsvr32-execution-from-potential-suspicious-location-46cd226e 2026-04-25T16:07:00.735Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-child-process-of-regsvr32-689f8036 2026-04-25T16:07:00.477Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-regsvr32-execution-from-remote-share-aa2897e3 2026-04-25T16:07:00.225Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-regsvr32-httpftp-pattern-58e8e30a 2026-04-25T16:06:59.968Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-regsvr32-http-ip-pattern-0edf873a 2026-04-25T16:06:59.709Z monthly 0.6 https://detectionlint.org/library/sigma-potential-regsvr32-commandline-flag-anomaly-07d4143c 2026-04-25T16:06:59.429Z monthly 0.6 https://detectionlint.org/library/sigma-persistence-via-typedpaths---commandline-70ea323e 2026-04-25T16:06:59.164Z monthly 0.6 https://detectionlint.org/library/sigma-hiding-user-account-via-specialaccounts-registry-key---comma-22ed11b2 2026-04-25T16:06:58.904Z monthly 0.6 https://detectionlint.org/library/sigma-potential-powershell-execution-policy-tampering---proccreati-7428b2fe 2026-04-25T16:06:58.630Z monthly 0.6 https://detectionlint.org/library/sigma-potential-provisioning-registry-key-abuse-for-binary-proxy-e-107bd5d4 2026-04-25T16:06:58.375Z monthly 0.6 https://detectionlint.org/library/sigma-potential-privilege-escalation-via-service-permissions-weakn-743ac6bd 2026-04-25T16:06:58.092Z monthly 0.6 https://detectionlint.org/library/sigma-python-function-execution-security-warning-disabled-in-excel-96d0934f 2026-04-25T16:06:57.836Z monthly 0.6 https://detectionlint.org/library/sigma-potential-credential-dumping-attempt-using-new-networkprovid-082ea1a4 2026-04-25T16:06:57.584Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-via-logon-scripts---commandline-79ff899e 2026-04-25T16:06:57.330Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-debugger-registration-cmdline-6c1240a5 2026-04-25T16:06:57.066Z monthly 0.6 https://detectionlint.org/library/sigma-ie-zonemap-setting-downgraded-to-mycomputer-zone-for-http-pr-bbdc9832 2026-04-25T16:06:56.812Z monthly 0.6 https://detectionlint.org/library/sigma-registry-export-of-third-party-credentials-50d9fb64 2026-04-25T16:06:56.551Z monthly 0.6 https://detectionlint.org/library/sigma-enumeration-for-3rd-party-creds-from-cli-89b1fe52 2026-04-25T16:06:56.291Z monthly 0.6 https://detectionlint.org/library/sigma-dll-execution-via-register-cimproviderexe-7b1f9478 2026-04-25T16:06:56.033Z monthly 0.6 https://detectionlint.org/library/sigma-registry-modification-via-reginiexe-0f7ebf43 2026-04-25T16:06:55.764Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-registry-modification-from-ads-via-reginiexe-890874e0 2026-04-25T16:06:55.520Z monthly 0.6 https://detectionlint.org/library/sigma-regedit-as-trusted-installer-8214a9df 2026-04-25T16:06:55.264Z monthly 0.6 https://detectionlint.org/library/sigma-imports-registry-key-from-an-ads-f1925a31 2026-04-25T16:06:55.012Z monthly 0.6 https://detectionlint.org/library/sigma-imports-registry-key-from-a-file-ea9a17f9 2026-04-25T16:06:54.755Z monthly 0.6 https://detectionlint.org/library/sigma-exports-registry-key-to-a-file-d7f88555 2026-04-25T16:06:54.504Z monthly 0.6 https://detectionlint.org/library/sigma-exports-critical-registry-keys-to-a-file-85816084 2026-04-25T16:06:54.248Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-execution-of-regasmregsvcs-from-uncom-6be5f722 2026-04-25T16:06:53.974Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-execution-of-regasmregsvcs-with-uncom-ecb95687 2026-04-25T16:06:53.721Z monthly 0.6 https://detectionlint.org/library/sigma-regasmexe-execution-without-commandline-flags-or-files-6b8666dc 2026-04-25T16:06:53.459Z monthly 0.6 https://detectionlint.org/library/sigma-write-protect-for-storage-disabled-9194a0d2 2026-04-25T16:06:53.201Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-windows-defender-registry-key-tampering-via-regex-03121925 2026-04-25T16:06:52.942Z monthly 0.6 https://detectionlint.org/library/sigma-disabled-volume-snapshots-3370092b 2026-04-25T16:06:52.677Z monthly 0.6 https://detectionlint.org/library/sigma-system-language-discovery-via-regexe-533b9cc3 2026-04-25T16:06:52.421Z monthly 0.6 https://detectionlint.org/library/sigma-reg-add-suspicious-paths-9e04317b 2026-04-25T16:06:52.143Z monthly 0.6 https://detectionlint.org/library/sigma-detected-windows-software-discovery-97d9492b 2026-04-25T16:06:51.887Z monthly 0.6 https://detectionlint.org/library/sigma-changing-existing-service-imagepath-value-via-regexe-9725f96c 2026-04-25T16:06:51.622Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-screensave-change-by-regexe-b180226a 2026-04-25T16:06:51.378Z monthly 0.6 https://detectionlint.org/library/sigma-potential-tampering-with-rdp-related-registry-keys-via-regex-b29b429a 2026-04-25T16:06:51.117Z monthly 0.6 https://detectionlint.org/library/sigma-potential-configuration-and-service-reconnaissance-via-regex-45bd6cd3 2026-04-25T16:06:50.860Z monthly 0.6 https://detectionlint.org/library/sigma-enable-lm-hash-storage---proccreation-a582aa1d 2026-04-25T16:06:50.510Z monthly 0.6 https://detectionlint.org/library/sigma-modify-group-policy-settings-42a0c9de 2026-04-25T16:06:50.251Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-query-of-machineguid-2d5dbf40 2026-04-25T16:06:49.994Z monthly 0.6 https://detectionlint.org/library/sigma-restrictedadminmode-registry-value-tampering---proccreation-4f4df2d7 2026-04-25T16:06:49.733Z monthly 0.6 https://detectionlint.org/library/sigma-potential-suspicious-registry-file-imported-via-regexe-e3c5173f 2026-04-25T16:06:49.484Z monthly 0.6 https://detectionlint.org/library/sigma-enumeration-for-credentials-in-registry-9cc31e73 2026-04-25T16:06:49.218Z monthly 0.6 https://detectionlint.org/library/sigma-windows-recall-feature-enabled-via-regexe-fc69e06e 2026-04-25T16:06:48.955Z monthly 0.6 https://detectionlint.org/library/sigma-dumping-of-sensitive-hives-via-regexe-4a02952f 2026-04-25T16:06:48.699Z monthly 0.6 https://detectionlint.org/library/sigma-security-service-disabled-via-regexe-2c6191ce 2026-04-25T16:06:48.443Z monthly 0.6 https://detectionlint.org/library/sigma-disabling-windows-defender-wmi-autologger-session-via-regexe-8d165934 2026-04-25T16:06:48.182Z monthly 0.6 https://detectionlint.org/library/sigma-direct-autorun-keys-modification-eefffa99 2026-04-25T16:06:47.922Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-desktop-background-change-using-regex-73e60f6c 2026-04-25T16:06:47.655Z monthly 0.6 https://detectionlint.org/library/sigma-service-registry-key-deleted-via-regexe-a0af1f1b 2026-04-25T16:06:47.393Z monthly 0.6 https://detectionlint.org/library/sigma-safeboot-registry-key-deleted-via-regexe-1a5c3e85 2026-04-25T16:06:47.141Z monthly 0.6 https://detectionlint.org/library/sigma-runmru-registry-key-deletion-93f6437a 2026-04-25T16:06:46.867Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-windows-defender-folder-exclusion-added-via-regex-d2b3b803 2026-04-25T16:06:46.608Z monthly 0.6 https://detectionlint.org/library/sigma-dropping-of-password-filter-dll-cce70be4 2026-04-25T16:06:46.344Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-reg-add-bitlocker-58de8780 2026-04-25T16:06:46.096Z monthly 0.6 https://detectionlint.org/library/sigma-add-safeboot-keys-via-reg-utility-d6e25803 2026-04-25T16:06:45.819Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-attempt-via-run-keys-using-regexe-e9f0394f 2026-04-25T16:06:45.546Z monthly 0.6 https://detectionlint.org/library/sigma-windows-recovery-environment-disabled-via-reagentc-9d685dad 2026-04-25T16:06:45.286Z monthly 0.6 https://detectionlint.org/library/sigma-process-memory-dump-via-rdrleakdiagexe-713ec98e 2026-04-25T16:06:45.012Z monthly 0.6 https://detectionlint.org/library/sigma-rdp-enable-or-disable-via-win32_terminalservicesetting-wmi-c-0a6e176e 2026-04-25T16:06:44.729Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-rasdial-activity-eb762d20 2026-04-25T16:06:44.482Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-greedy-compression-using-rarexe-6cb00a08 2026-04-25T16:06:44.225Z monthly 0.6 https://detectionlint.org/library/sigma-rar-usage-with-password-and-compression-level-fbbabcb3 2026-04-25T16:06:43.968Z monthly 0.6 https://detectionlint.org/library/sigma-files-added-to-an-archive-using-rarexe-d1a4f9b9 2026-04-25T16:06:43.706Z monthly 0.6 https://detectionlint.org/library/sigma-quickassist-execution-f28b6168 2026-04-25T16:06:43.443Z monthly 0.6 https://detectionlint.org/library/sigma-query-usage-to-exfil-data-d7fe8147 2026-04-25T16:06:43.144Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-usage-of-qemu-672d7bdd 2026-04-25T16:06:42.899Z monthly 0.6 https://detectionlint.org/library/sigma-python-spawning-pretty-tty-on-windows-9b20e6ab 2026-04-25T16:06:42.636Z monthly 0.6 https://detectionlint.org/library/sigma-python-inline-command-execution-2987ca84 2026-04-25T16:06:42.379Z monthly 0.6 https://detectionlint.org/library/sigma-python-one-liners-with-base64-decoding-e7c172a3 2026-04-25T16:06:42.097Z monthly 0.6 https://detectionlint.org/library/sigma-pua---adidnsdump-execution-9e2f9e64 2026-04-25T16:06:41.856Z monthly 0.6 https://detectionlint.org/library/sigma-pua---wsudo-suspicious-execution-3d2b9d79 2026-04-25T16:06:41.581Z monthly 0.6 https://detectionlint.org/library/sigma-pua---webbrowserpassview-execution-0cef2336 2026-04-25T16:06:41.314Z monthly 0.6 https://detectionlint.org/library/sigma-pua---trufflehog-execution-22b66c5f 2026-04-25T16:06:41.066Z monthly 0.6 https://detectionlint.org/library/sigma-pua---system-informer-execution-cb830843 2026-04-25T16:06:40.812Z monthly 0.6 https://detectionlint.org/library/sigma-pua---seatbelt-execution-8bba0021 2026-04-25T16:06:40.543Z monthly 0.6 https://detectionlint.org/library/sigma-pua---runxcmd-execution-a60d2eb7 2026-04-25T16:06:40.277Z monthly 0.6 https://detectionlint.org/library/sigma-pua---restic-backup-tool-execution-2b0b38af 2026-04-25T16:06:40.019Z monthly 0.6 https://detectionlint.org/library/sigma-pua---rclone-execution-23109549 2026-04-25T16:06:39.770Z monthly 0.6 https://detectionlint.org/library/sigma-pua---potential-pe-metadata-tamper-using-rcedit-9ee0af28 2026-04-25T16:06:39.514Z monthly 0.6 https://detectionlint.org/library/sigma-pua---radmin-viewer-utility-execution-9f013cab 2026-04-25T16:06:39.258Z monthly 0.6 https://detectionlint.org/library/sigma-pua---process-hacker-execution-babd558c 2026-04-25T16:06:38.992Z monthly 0.6 https://detectionlint.org/library/sigma-pua---pingcastle-execution-from-potentially-suspicious-paren-a35a1992 2026-04-25T16:06:38.724Z monthly 0.6 https://detectionlint.org/library/sigma-pua---pingcastle-execution-85b516f8 2026-04-25T16:06:38.463Z monthly 0.6 https://detectionlint.org/library/sigma-pua---nsudo-execution-ae071dbc 2026-04-25T16:06:38.204Z monthly 0.6 https://detectionlint.org/library/sigma-pua---nps-tunneling-tool-execution-ce63d92d 2026-04-25T16:06:37.928Z monthly 0.6 https://detectionlint.org/library/sigma-pua---nmapzenmap-execution-f8f921f6 2026-04-25T16:06:37.660Z monthly 0.6 https://detectionlint.org/library/sigma-pua---nircmd-execution-as-local-system-b5c3a775 2026-04-25T16:06:37.396Z monthly 0.6 https://detectionlint.org/library/sigma-pua---nircmd-execution-aadb9a08 2026-04-25T16:06:37.145Z monthly 0.6 https://detectionlint.org/library/sigma-pua---nimscan-execution-34e278c5 2026-04-25T16:06:36.841Z monthly 0.6 https://detectionlint.org/library/sigma-pua---nimgrab-execution-315b5209 2026-04-25T16:06:36.581Z monthly 0.6 https://detectionlint.org/library/sigma-pua---ngrok-execution-c98dfa2d 2026-04-25T16:06:36.328Z monthly 0.6 https://detectionlint.org/library/sigma-pua---softperfect-netscan-execution-678f274c 2026-04-25T16:06:36.077Z monthly 0.6 https://detectionlint.org/library/sigma-pua---netcat-suspicious-execution-ed510e9d 2026-04-25T16:06:35.810Z monthly 0.6 https://detectionlint.org/library/sigma-pua---mouse-lock-execution-ae203224 2026-04-25T16:06:35.520Z monthly 0.6 https://detectionlint.org/library/sigma-pua---kernel-driver-utility-kdu-execution-59ad77db 2026-04-25T16:06:35.173Z monthly 0.6 https://detectionlint.org/library/sigma-pua--iox-tunneling-tool-execution-daade2e5 2026-04-25T16:06:34.903Z monthly 0.6 https://detectionlint.org/library/sigma-pua---fast-reverse-proxy-frp-execution-277856da 2026-04-25T16:06:34.634Z monthly 0.6 https://detectionlint.org/library/sigma-pua---dit-snapshot-viewer-d90b8ecb 2026-04-25T16:06:34.374Z monthly 0.6 https://detectionlint.org/library/sigma-pua---defendercheck-execution-1916e398 2026-04-25T16:06:34.124Z monthly 0.6 https://detectionlint.org/library/sigma-pua---csexec-execution-1f008989 2026-04-25T16:06:33.862Z monthly 0.6 https://detectionlint.org/library/sigma-pua---crassus-execution-9889b0ad 2026-04-25T16:06:33.601Z monthly 0.6 https://detectionlint.org/library/sigma-pua---cleanwipe-execution-d14125c5 2026-04-25T16:06:33.338Z monthly 0.6 https://detectionlint.org/library/sigma-pua---chisel-tunneling-tool-execution-ed3ead46 2026-04-25T16:06:33.079Z monthly 0.6 https://detectionlint.org/library/sigma-pua---advancedrun-suspicious-execution-946510ee 2026-04-25T16:06:32.818Z monthly 0.6 https://detectionlint.org/library/sigma-pua---advancedrun-execution-9f72cd94 2026-04-25T16:06:32.550Z monthly 0.6 https://detectionlint.org/library/sigma-pua---advanced-port-scanner-execution-eda0ed37 2026-04-25T16:06:32.292Z monthly 0.6 https://detectionlint.org/library/sigma-pua---advanced-ip-scanner-execution-57494319 2026-04-25T16:06:32.046Z monthly 0.6 https://detectionlint.org/library/sigma-pua---adfind-suspicious-execution-52d4dcc4 2026-04-25T16:06:31.785Z monthly 0.6 https://detectionlint.org/library/sigma-pua---adfindexe-execution-87c5e8f3 2026-04-25T16:06:31.519Z monthly 0.6 https://detectionlint.org/library/sigma-pua---suspicious-activedirectory-enumeration-via-adfindexe-01573ac0 2026-04-25T16:06:31.251Z monthly 0.6 https://detectionlint.org/library/sigma-pua---3proxy-execution-2f9742c3 2026-04-25T16:06:30.996Z monthly 0.6 https://detectionlint.org/library/sigma-screen-capture-activity-via-psrexe-8cd2116b 2026-04-25T16:06:30.651Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-provlaunchexe-child-process-bb92638c 2026-04-25T16:06:30.403Z monthly 0.6 https://detectionlint.org/library/sigma-potential-provlaunchexe-binary-proxy-execution-abuse-8e6e61b5 2026-04-25T16:06:30.144Z monthly 0.6 https://detectionlint.org/library/sigma-file-download-using-protocolhandlerexe-270cbcd1 2026-04-25T16:06:29.891Z monthly 0.6 https://detectionlint.org/library/sigma-abusing-print-executable-98393f6f 2026-04-25T16:06:29.589Z monthly 0.6 https://detectionlint.org/library/sigma-visual-studio-nodejstools-pressanykey-arbitrary-binary-execu-735ebd8a 2026-04-25T16:06:29.314Z monthly 0.6 https://detectionlint.org/library/sigma-xbap-execution-from-uncommon-locations-via-presentationhoste-c6d7bdf3 2026-04-25T16:06:29.035Z monthly 0.6 https://detectionlint.org/library/sigma-arbitrary-file-download-via-presentationhostexe-1bc43d0d 2026-04-25T16:06:28.774Z monthly 0.6 https://detectionlint.org/library/sigma-folder-compress-to-potentially-suspicious-output-via-compres-6facf892 2026-04-25T16:06:28.521Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-xor-encoded-powershell-command-a4bf19ce 2026-04-25T16:06:28.236Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-x509enrollment---process-creation-f20eeab8 2026-04-25T16:06:27.968Z monthly 0.6 https://detectionlint.org/library/sigma-net-webclient-casing-anomalies-05771c89 2026-04-25T16:06:27.706Z monthly 0.6 https://detectionlint.org/library/sigma-user-discovery-and-export-via-get-aduser-cmdlet-7ffd0d4f 2026-04-25T16:06:27.451Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-uninstall-of-windows-defender-feature-via-powersh-a4d2660b 2026-04-25T16:06:27.190Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-token-obfuscation---process-creation-a0816b23 2026-04-25T16:06:26.932Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-script-run-in-appdata-91f76098 2026-04-25T16:06:26.674Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-powershell-parent-process-65c6e326 2026-04-25T16:06:26.411Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-powershell-parameter-substring-da2ab44f 2026-04-25T16:06:26.143Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-powershell-download-and-execute-pattern-4b8a1d1c 2026-04-25T16:06:25.880Z monthly 0.6 https://detectionlint.org/library/sigma-stop-windows-service-via-powershell-stop-service-101522a7 2026-04-25T16:06:25.617Z monthly 0.6 https://detectionlint.org/library/sigma-exchange-powershell-snap-ins-usage-569cb744 2026-04-25T16:06:25.319Z monthly 0.6 https://detectionlint.org/library/sigma-deletion-of-volume-shadow-copies-via-wmi-with-powershell-85426145 2026-04-25T16:06:25.062Z monthly 0.6 https://detectionlint.org/library/sigma-service-startuptype-change-via-powershell-set-service-1857b6cb 2026-04-25T16:06:24.805Z monthly 0.6 https://detectionlint.org/library/sigma-change-powershell-policies-to-an-insecure-level-6fde98ed 2026-04-25T16:06:24.541Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-set-acl-on-windows-folder-a2fc112d 2026-04-25T16:06:24.257Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-script-change-permission-via-set-acl-c536954a 2026-04-25T16:06:24.005Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-service-dacl-modification-via-set-service-cmdlet-8ee59c99 2026-04-25T16:06:23.748Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-powershell-invocation-from-script-engines-29598ca9 2026-04-25T16:06:23.479Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-sam-copy-d0355ac8 2026-04-25T16:06:23.219Z monthly 0.6 https://detectionlint.org/library/sigma-run-powershell-script-from-redirected-input-stream-f02e5b97 2026-04-25T16:06:22.956Z monthly 0.6 https://detectionlint.org/library/sigma-run-powershell-script-from-ads-838f36fb 2026-04-25T16:06:22.700Z monthly 0.6 https://detectionlint.org/library/sigma-potential-powershell-reverseshell-connection-1346f209 2026-04-25T16:06:22.443Z monthly 0.6 https://detectionlint.org/library/sigma-tamper-windows-defender-remove-mppreference-acd592e9 2026-04-25T16:06:22.181Z monthly 0.6 https://detectionlint.org/library/sigma-remotefxvgpudisablement-abuse-via-atomictestharnesses-0f5ca9b6 2026-04-25T16:06:21.922Z monthly 0.6 https://detectionlint.org/library/sigma-execution-of-powershell-script-in-public-folder-2d09260a 2026-04-25T16:06:21.659Z monthly 0.6 https://detectionlint.org/library/sigma-potential-powershell-obfuscation-via-wcharchar-bfeb15ec 2026-04-25T16:06:21.396Z monthly 0.6 https://detectionlint.org/library/sigma-non-interactive-powershell-process-spawned-e4310d21 2026-04-25T16:06:21.125Z monthly 0.6 https://detectionlint.org/library/sigma-msexchange-transport-agent-installation-47cf9f6b 2026-04-25T16:06:20.867Z monthly 0.6 https://detectionlint.org/library/sigma-malicious-powershell-commandlets---processcreation-a156add6 2026-04-25T16:06:20.595Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-powershell-mailbox-export-to-share-a2b9aee7 2026-04-25T16:06:20.311Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-kerberos-ticket-request-via-cli-d459efed 2026-04-25T16:06:19.965Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-invoke-webrequest-execution-0c9f9c71 2026-04-25T16:06:19.713Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-invoke-webrequest-execution-with-directip-e5b0e5eb 2026-04-25T16:06:19.442Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-powershell-invocations---specific---processcreati-c1bc30d8 2026-04-25T16:06:19.172Z monthly 0.6 https://detectionlint.org/library/sigma-unsigned-appx-installation-attempt-using-add-appxpackage-0a236c48 2026-04-25T16:06:18.906Z monthly 0.6 https://detectionlint.org/library/sigma-import-powershell-modules-from-suspicious-directories---proc-ffbfcdd1 2026-04-25T16:06:18.649Z monthly 0.6 https://detectionlint.org/library/sigma-root-certificate-installed-from-susp-locations-7972702b 2026-04-25T16:06:18.387Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-powershell-iex-execution-patterns-7e144560 2026-04-25T16:06:18.105Z monthly 0.6 https://detectionlint.org/library/sigma-abuse-of-service-permissions-to-hide-services-via-set-servic-65da317f 2026-04-25T16:06:17.846Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-get-process-lsass-c8ca81f1 2026-04-25T16:06:17.589Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-reconnaissance-activity-using-get-localgroupmembe-9d401217 2026-04-25T16:06:17.326Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-get-clipboard-cmdlet-via-cli-4d4dfe82 2026-04-25T16:06:17.054Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-frombase64string-usage-on-gzip-archive---process--9a09d9e9 2026-04-25T16:06:16.795Z monthly 0.6 https://detectionlint.org/library/sigma-base64-encoded-powershell-command-detected-0aab47c3 2026-04-25T16:06:16.544Z monthly 0.6 https://detectionlint.org/library/sigma-certificate-exported-via-powershell-170bb757 2026-04-25T16:06:16.283Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-inline-execution-from-a-file-8103d09f 2026-04-25T16:06:16.023Z monthly 0.6 https://detectionlint.org/library/sigma-potential-encoded-powershell-patterns-in-commandline-b9ae8a50 2026-04-25T16:06:15.768Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-execution-of-powershell-with-base64-321cd982 2026-04-25T16:06:15.516Z monthly 0.6 https://detectionlint.org/library/sigma-potential-suspicious-windows-feature-enabled---proccreation-9abaee9f 2026-04-25T16:06:15.264Z monthly 0.6 https://detectionlint.org/library/sigma-email-exifiltration-via-powershell-d08c7826 2026-04-25T16:06:15.001Z monthly 0.6 https://detectionlint.org/library/sigma-dsinternals-suspicious-powershell-cmdlets-ac67710f 2026-04-25T16:06:14.720Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-file-download-from-file-sharing-domai-08e90d20 2026-04-25T16:06:14.451Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-download-pattern-58cdce2b 2026-04-25T16:06:14.190Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-download-and-execution-cradles-cc1e5ca6 2026-04-25T16:06:13.932Z monthly 0.6 https://detectionlint.org/library/sigma-potential-dll-file-download-via-powershell-invoke-webrequest-ea9bdcd2 2026-04-25T16:06:13.664Z monthly 0.6 https://detectionlint.org/library/sigma-obfuscated-powershell-oneliner-execution-65ae591e 2026-04-25T16:06:13.409Z monthly 0.6 https://detectionlint.org/library/sigma-potential-com-objects-download-cradles-usage---process-creat-439846f8 2026-04-25T16:06:13.146Z monthly 0.6 https://detectionlint.org/library/sigma-potential-powershell-downgrade-attack-21780b70 2026-04-25T16:06:12.865Z monthly 0.6 https://detectionlint.org/library/sigma-disabled-ie-security-features-98113c00 2026-04-25T16:06:12.583Z monthly 0.6 https://detectionlint.org/library/sigma-windows-firewall-disabled-via-powershell-53c17ff1 2026-04-25T16:06:12.315Z monthly 0.6 https://detectionlint.org/library/sigma-disable-windows-defender-av-security-monitoring-8d7c4353 2026-04-25T16:06:12.054Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-defender-exclusion-cdf576a0 2026-04-25T16:06:11.788Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-defender-disable-scan-feature-96183ad0 2026-04-25T16:06:11.532Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-execution-with-potential-decryption-capabilities-c30abd5e 2026-04-25T16:06:11.258Z monthly 0.6 https://detectionlint.org/library/sigma-gzip-archive-decode-via-powershell-f4d17159 2026-04-25T16:06:10.985Z monthly 0.6 https://detectionlint.org/library/sigma-new-service-creation-using-powershell-3a5279c6 2026-04-25T16:06:10.699Z monthly 0.6 https://detectionlint.org/library/sigma-potential-powershell-console-history-access-attempt-via-hist-37e30936 2026-04-25T16:06:10.413Z monthly 0.6 https://detectionlint.org/library/sigma-computer-discovery-and-export-via-get-adcomputer-cmdlet-d2d1c6b5 2026-04-25T16:06:10.138Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-msi-install-via-windowsinstaller-com-from-remote--0089f759 2026-04-25T16:06:09.866Z monthly 0.6 https://detectionlint.org/library/sigma-obfuscated-powershell-msi-install-via-windowsinstaller-com-5c25cad0 2026-04-25T16:06:09.612Z monthly 0.6 https://detectionlint.org/library/sigma-potential-powershell-command-line-obfuscation-8c3563e1 2026-04-25T16:06:09.344Z monthly 0.6 https://detectionlint.org/library/sigma-potential-powershell-obfuscation-via-reversed-commands-340865b6 2026-04-25T16:06:09.061Z monthly 0.6 https://detectionlint.org/library/sigma-convertto-securestring-cmdlet-usage-via-commandline-b6c6a71a 2026-04-25T16:06:08.810Z monthly 0.6 https://detectionlint.org/library/sigma-potential-script-proxy-execution-via-cl_mutexverifiersps1-2558fc9c 2026-04-25T16:06:08.559Z monthly 0.6 https://detectionlint.org/library/sigma-assembly-loading-via-cl_loadassemblyps1-948bad91 2026-04-25T16:06:08.299Z monthly 0.6 https://detectionlint.org/library/sigma-potential-process-execution-proxy-via-cl_invocationps1-eb5ec2ee 2026-04-25T16:06:08.038Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-base64-encoded-wmi-classes-af696439 2026-04-25T16:06:07.772Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-encoded-and-obfuscated-reflection-assembly-load-f-fc4d8007 2026-04-25T16:06:07.513Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-base64-encoded-reflective-assembly-load-3a04d6dd 2026-04-25T16:06:07.240Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-base64-encoded-mppreference-cmdlet-1cc47c63 2026-04-25T16:06:06.990Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-base64-encoded-invoke-keyword-4cc2c33f 2026-04-25T16:06:06.732Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-base64-encoded-iex-cmdlet-7d2d5e96 2026-04-25T16:06:06.448Z monthly 0.6 https://detectionlint.org/library/sigma-malicious-base64-encoded-powershell-keywords-in-command-line-b4d024a5 2026-04-25T16:06:06.185Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-base64-encoded-frombase64string-cmdlet-1d8e2315 2026-04-25T16:06:05.918Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-obfuscated-powershell-code-e4d9aca8 2026-04-25T16:06:05.631Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-powershell-encoded-command-patterns-73510cf7 2026-04-25T16:06:05.364Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-encoded-powershell-command-line-d09f1696 2026-04-25T16:06:05.096Z monthly 0.6 https://detectionlint.org/library/sigma-audio-capture-via-powershell-419155a4 2026-04-25T16:06:04.751Z monthly 0.6 https://detectionlint.org/library/sigma-potential-amsi-bypass-using-null-bits-ba7ea494 2026-04-25T16:06:04.494Z monthly 0.6 https://detectionlint.org/library/sigma-potential-amsi-bypass-via-net-reflection-e578d86a 2026-04-25T16:06:04.248Z monthly 0.6 https://detectionlint.org/library/sigma-add-windows-capability-via-powershell-cmdlet-fbcd42f9 2026-04-25T16:06:03.983Z monthly 0.6 https://detectionlint.org/library/sigma-potential-active-directory-enumeration-using-ad-module---pro-20810991 2026-04-25T16:06:03.724Z monthly 0.6 https://detectionlint.org/library/sigma-aadinternals-powershell-cmdlets-execution---proccesscreation-93a402a5 2026-04-25T16:06:03.469Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-powercfg-execution-to-change-lock-screen-timeout-5868fd75 2026-04-25T16:06:03.198Z monthly 0.6 https://detectionlint.org/library/sigma-potential-rdp-tunneling-via-plink-9a20c026 2026-04-25T16:06:02.929Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-plink-port-forwarding-2870dc6a 2026-04-25T16:06:02.665Z monthly 0.6 https://detectionlint.org/library/sigma-pktmonexe-execution-47bb35bb 2026-04-25T16:06:02.384Z monthly 0.6 https://detectionlint.org/library/sigma-ping-hex-ip-f50f7ef6 2026-04-25T16:06:02.111Z monthly 0.6 https://detectionlint.org/library/sigma-php-inline-command-execution-8e9f9135 2026-04-25T16:06:01.848Z monthly 0.6 https://detectionlint.org/library/sigma-perl-inline-command-execution-ca922955 2026-04-25T16:06:01.591Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-execution-of-pdqdeployrunner-29d640f2 2026-04-25T16:06:01.321Z monthly 0.6 https://detectionlint.org/library/sigma-pdq-deploy-remote-adminstartion-tool-execution-e519c8d8 2026-04-25T16:06:01.062Z monthly 0.6 https://detectionlint.org/library/sigma-potential-mpclientdll-sideloading-via-offlinescannershellexe-c985bb11 2026-04-25T16:06:00.789Z monthly 0.6 https://detectionlint.org/library/sigma-potential-arbitrary-dll-load-using-winword-84928027 2026-04-25T16:06:00.524Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-microsoft-office-child-process-255cde9f 2026-04-25T16:06:00.261Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-binary-in-user-directory-spawned-from-office-appl-0ed895a7 2026-04-25T16:05:59.996Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-remote-child-process-from-outlook-bdebb0dd 2026-04-25T16:05:59.734Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-outlook-child-process-e29b5653 2026-04-25T16:05:59.485Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-execution-from-outlook-temporary-folder-0a3f9373 2026-04-25T16:05:59.233Z monthly 0.6 https://detectionlint.org/library/sigma-outlook-enableunsafeclientmailrules-setting-enabled-98915196 2026-04-25T16:05:58.968Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-microsoft-onenote-child-process-ac740ae2 2026-04-25T16:05:58.668Z monthly 0.6 https://detectionlint.org/library/sigma-onenoteexe-execution-of-malicious-embedded-scripts-075b0565 2026-04-25T16:05:58.411Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-office-document-executed-from-trusted-2e670329 2026-04-25T16:05:58.158Z monthly 0.6 https://detectionlint.org/library/sigma-potential-excelexe-dcom-lateral-movement-via-activatemicroso-2bef8500 2026-04-25T16:05:57.904Z monthly 0.6 https://detectionlint.org/library/sigma-potential-arbitrary-file-download-using-office-application-f635914a 2026-04-25T16:05:57.635Z monthly 0.6 https://detectionlint.org/library/sigma-uncommon-child-process-spawned-by-odbcconfexe-58825ba2 2026-04-25T16:05:57.370Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-response-file-execution-via-odbcconfexe-a4003569 2026-04-25T16:05:57.105Z monthly 0.6 https://detectionlint.org/library/sigma-response-file-execution-via-odbcconfexe-6a8a81bc 2026-04-25T16:05:56.852Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-dll-registered-via-odbcconfexe-c92e02f5 2026-04-25T16:05:56.604Z monthly 0.6 https://detectionlint.org/library/sigma-new-dll-registered-via-odbcconfexe-6d58a393 2026-04-25T16:05:56.344Z monthly 0.6 https://detectionlint.org/library/sigma-odbcconfexe-suspicious-dll-location-8f5143c2 2026-04-25T16:05:56.078Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-driverdll-installation-via-odbcconfexe-c5b77776 2026-04-25T16:05:55.807Z monthly 0.6 https://detectionlint.org/library/sigma-driverdll-installation-via-odbcconfexe-928b3bd1 2026-04-25T16:05:55.535Z monthly 0.6 https://detectionlint.org/library/sigma-invocation-of-active-directory-diagnostic-tool-ntdsutilexe-5233da3c 2026-04-25T16:05:55.279Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-usage-of-active-directory-diagnostic-tool-ntdsuti-1ca3b639 2026-04-25T16:05:55.023Z monthly 0.6 https://detectionlint.org/library/sigma-nslookup-powershell-download-cradle---processcreation-7185bb3f 2026-04-25T16:05:54.772Z monthly 0.6 https://detectionlint.org/library/sigma-network-reconnaissance-activity-c055725b 2026-04-25T16:05:54.526Z monthly 0.6 https://detectionlint.org/library/sigma-notepad-password-files-discovery-70653418 2026-04-25T16:05:54.270Z monthly 0.6 https://detectionlint.org/library/sigma-node-process-executions-07c74541 2026-04-25T16:05:54.009Z monthly 0.6 https://detectionlint.org/library/sigma-potential-arbitrary-code-execution-via-nodeexe-380910b7 2026-04-25T16:05:53.740Z monthly 0.6 https://detectionlint.org/library/sigma-potential-recon-activity-via-nltestexe-a40330e4 2026-04-25T16:05:53.484Z monthly 0.6 https://detectionlint.org/library/sigma-nltestexe-execution-1210867b 2026-04-25T16:05:53.231Z monthly 0.6 https://detectionlint.org/library/sigma-harvesting-of-wifi-credentials-via-netshexe-1c339a2a 2026-04-25T16:05:52.974Z monthly 0.6 https://detectionlint.org/library/sigma-rdp-port-forwarding-rule-added-via-netshexe-a0e3f606 2026-04-25T16:05:52.717Z monthly 0.6 https://detectionlint.org/library/sigma-new-port-forwarding-rule-added-via-netshexe-8aa5b561 2026-04-25T16:05:52.449Z monthly 0.6 https://detectionlint.org/library/sigma-new-network-trace-capture-started-via-netshexe-bf0d773f 2026-04-25T16:05:52.183Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-via-netsh-helper-dll-16446c20 2026-04-25T16:05:51.923Z monthly 0.6 https://detectionlint.org/library/sigma-firewall-rule-update-via-netshexe-35f25dcf 2026-04-25T16:05:51.658Z monthly 0.6 https://detectionlint.org/library/sigma-firewall-configuration-discovery-via-netshexe-bd8e9861 2026-04-25T16:05:51.389Z monthly 0.6 https://detectionlint.org/library/sigma-netsh-allow-group-policy-on-microsoft-defender-firewall-cfea0c42 2026-04-25T16:05:51.115Z monthly 0.6 https://detectionlint.org/library/sigma-firewall-disabled-via-netshexe-9a95730c 2026-04-25T16:05:50.869Z monthly 0.6 https://detectionlint.org/library/sigma-firewall-rule-deleted-via-netshexe-a82e5369 2026-04-25T16:05:50.618Z monthly 0.6 https://detectionlint.org/library/sigma-rdp-connection-allowed-via-netshexe-05492e9e 2026-04-25T16:05:50.362Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-program-location-whitelisted-in-firewall-via-nets-3484a918 2026-04-25T16:05:50.097Z monthly 0.6 https://detectionlint.org/library/sigma-new-firewall-rule-added-via-netshexe-7c27b4f6 2026-04-25T16:05:49.751Z monthly 0.6 https://detectionlint.org/library/sigma-share-and-session-enumeration-using-netexe-46d7533f 2026-04-25T16:05:49.468Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-manipulation-of-default-accounts-via-netexe-a2d722d2 2026-04-25T16:05:49.221Z monthly 0.6 https://detectionlint.org/library/sigma-new-user-created-via-netexe-with-never-expire-option-9070224d 2026-04-25T16:05:48.970Z monthly 0.6 https://detectionlint.org/library/sigma-new-user-created-via-netexe-6e9c5d7e 2026-04-25T16:05:48.721Z monthly 0.6 https://detectionlint.org/library/sigma-password-provided-in-command-line-of-netexe-eb339415 2026-04-25T16:05:48.469Z monthly 0.6 https://detectionlint.org/library/sigma-system-network-connections-discovery-via-netexe-587ddac9 2026-04-25T16:05:48.220Z monthly 0.6 https://detectionlint.org/library/sigma-windows-share-mount-via-netexe-6430573a 2026-04-25T16:05:47.970Z monthly 0.6 https://detectionlint.org/library/sigma-windows-internet-hosted-webdav-share-mount-via-netexe-0517c3df 2026-04-25T16:05:47.704Z monthly 0.6 https://detectionlint.org/library/sigma-windows-admin-share-mount-via-netexe-80f3d9c5 2026-04-25T16:05:47.436Z monthly 0.6 https://detectionlint.org/library/sigma-stop-windows-service-via-netexe-6afdaae1 2026-04-25T16:05:47.191Z monthly 0.6 https://detectionlint.org/library/sigma-start-windows-service-via-netexe-08118757 2026-04-25T16:05:46.935Z monthly 0.6 https://detectionlint.org/library/sigma-unmount-share-via-netexe-71ce05c3 2026-04-25T16:05:46.690Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-group-and-account-reconnaissance-activity-using-n-9d72f8de 2026-04-25T16:05:46.449Z monthly 0.6 https://detectionlint.org/library/sigma-remote-xsl-execution-via-msxslexe-e8b6ee81 2026-04-25T16:05:46.200Z monthly 0.6 https://detectionlint.org/library/sigma-msxslexe-execution-a2689c14 2026-04-25T16:05:45.862Z monthly 0.6 https://detectionlint.org/library/sigma-mstscexe-execution-from-uncommon-parent-1b544d4f 2026-04-25T16:05:45.557Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-mstscexe-execution-with-local-rdp-file-681f4be2 2026-04-25T16:05:45.285Z monthly 0.6 https://detectionlint.org/library/sigma-mstscexe-execution-with-local-rdp-file-f3642e54 2026-04-25T16:05:45.034Z monthly 0.6 https://detectionlint.org/library/sigma-new-remote-desktop-connection-initiated-via-mstscexe-9ac7304a 2026-04-25T16:05:44.784Z monthly 0.6 https://detectionlint.org/library/sigma-potential-mstsc-shadowing-activity-5ee428e9 2026-04-25T16:05:44.533Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-child-process-of-veeam-dabatase-de6839a8 2026-04-25T16:05:44.288Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-child-process-of-sql-server-312c99d3 2026-04-25T16:05:44.049Z monthly 0.6 https://detectionlint.org/library/sigma-sql-client-tools-powershell-session-detection-099e2581 2026-04-25T16:05:43.789Z monthly 0.6 https://detectionlint.org/library/sigma-detection-of-powershell-execution-via-sqlpsexe-4eda2557 2026-04-25T16:05:43.533Z monthly 0.6 https://detectionlint.org/library/sigma-potential-process-injection-via-msraexe-8987b83e 2026-04-25T16:05:43.286Z monthly 0.6 https://detectionlint.org/library/sigma-arbitrary-file-download-via-mspubexe-7d8ebea4 2026-04-25T16:05:43.040Z monthly 0.6 https://detectionlint.org/library/sigma-arbitrary-file-download-via-msohtmedexe-e92c59a2 2026-04-25T16:05:42.803Z monthly 0.6 https://detectionlint.org/library/sigma-windows-msix-package-support-framework-ai_stubs-execution-2edfa1c1 2026-04-25T16:05:42.564Z monthly 0.6 https://detectionlint.org/library/sigma-msiexec-web-install-71a7dc9f 2026-04-25T16:05:42.316Z monthly 0.6 https://detectionlint.org/library/sigma-potential-msiexec-masquerading-87625a81 2026-04-25T16:05:42.071Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-msiexec-quiet-install-from-remote-location-6b292235 2026-04-25T16:05:41.816Z monthly 0.6 https://detectionlint.org/library/sigma-msiexec-quiet-installation-984c0fcd 2026-04-25T16:05:41.566Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-msiexec-execute-arbitrary-dll-caa7b2f8 2026-04-25T16:05:41.309Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-msiexec-embedding-parent-f92610d4 2026-04-25T16:05:41.055Z monthly 0.6 https://detectionlint.org/library/sigma-dllunregisterserver-function-call-via-msiexecexe-e2734234 2026-04-25T16:05:40.806Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-mshtaexe-execution-patterns-cbae50ef 2026-04-25T16:05:40.530Z monthly 0.6 https://detectionlint.org/library/sigma-mshta-execution-with-suspicious-file-extensions-9038ac4e 2026-04-25T16:05:40.282Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-mshta-child-process-f42e9aac 2026-04-25T16:05:40.035Z monthly 0.6 https://detectionlint.org/library/sigma-potential-lethalhta-technique-execution-29da85d5 2026-04-25T16:05:39.788Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-javascript-execution-via-mshtaexe-08d1e9d7 2026-04-25T16:05:39.544Z monthly 0.6 https://detectionlint.org/library/sigma-wscript-shell-run-in-commandline-ddde15ab 2026-04-25T16:05:39.291Z monthly 0.6 https://detectionlint.org/library/sigma-remotely-hosted-hta-file-executed-via-mshtaexe-e21c3da1 2026-04-25T16:05:39.043Z monthly 0.6 https://detectionlint.org/library/sigma-arbitrary-file-download-via-msedge_proxyexe-1d05e755 2026-04-25T16:05:38.795Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-msdt-parent-process-666fb7cd 2026-04-25T16:05:38.543Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-cabinet-file-execution-via-msdtexe-b7cc63a3 2026-04-25T16:05:38.285Z monthly 0.6 https://detectionlint.org/library/sigma-potential-arbitrary-command-execution-using-msdtexe-bd8973a2 2026-04-25T16:05:38.033Z monthly 0.6 https://detectionlint.org/library/sigma-msdt-execution-via-answer-file-b814cd2c 2026-04-25T16:05:37.793Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-msbuild-execution-by-uncommon-parent-process-2df3a31a 2026-04-25T16:05:37.549Z monthly 0.6 https://detectionlint.org/library/sigma-windows-defender-definition-files-removed-d2501a86 2026-04-25T16:05:37.307Z monthly 0.6 https://detectionlint.org/library/sigma-file-download-via-windows-defender-mpcmprunexe-192bd6c0 2026-04-25T16:05:37.063Z monthly 0.6 https://detectionlint.org/library/sigma-potential-mpclientdll-sideloading-via-defender-binaries-b1b91af4 2026-04-25T16:05:36.809Z monthly 0.6 https://detectionlint.org/library/sigma-potential-suspicious-mofcomp-execution-dd7346c9 2026-04-25T16:05:36.561Z monthly 0.6 https://detectionlint.org/library/sigma-codepage-modification-via-modecom-to-russian-language-00ad9089 2026-04-25T16:05:36.319Z monthly 0.6 https://detectionlint.org/library/sigma-mmc-spawning-windows-shell-b2aa759a 2026-04-25T16:05:36.064Z monthly 0.6 https://detectionlint.org/library/sigma-mmc-executing-files-with-reversed-extensions-using-rtlo-abus-8eb94df3 2026-04-25T16:05:35.807Z monthly 0.6 https://detectionlint.org/library/sigma-mmc20-lateral-movement-ea8da563 2026-04-25T16:05:35.557Z monthly 0.6 https://detectionlint.org/library/sigma-windows-default-domain-gpo-modification-via-gpme-df3ed6b7 2026-04-25T16:05:35.311Z monthly 0.6 https://detectionlint.org/library/sigma-potential-mftraceexe-abuse-ee39337a 2026-04-25T16:05:35.060Z monthly 0.6 https://detectionlint.org/library/sigma-potential-credential-dumping-via-lsass-process-clone-74982f21 2026-04-25T16:05:34.802Z monthly 0.6 https://detectionlint.org/library/sigma-lsa-ppl-protection-setting-modification-via-commandline-b949b98a 2026-04-25T16:05:34.384Z monthly 0.6 https://detectionlint.org/library/sigma-potential-register_appvbs-lolscript-abuse-f4d2482f 2026-04-25T16:05:34.125Z monthly 0.6 https://detectionlint.org/library/sigma-use-of-wfcexe-590577b1 2026-04-25T16:05:33.869Z monthly 0.6 https://detectionlint.org/library/sigma-use-of-vsiisexelauncherexe-fdbba08d 2026-04-25T16:05:33.623Z monthly 0.6 https://detectionlint.org/library/sigma-use-of-visualuiaverifynativeexe-2069d0f3 2026-04-25T16:05:33.373Z monthly 0.6 https://detectionlint.org/library/sigma-visual-basic-command-line-compiler-usage-734f6bcb 2026-04-25T16:05:33.124Z monthly 0.6 https://detectionlint.org/library/sigma-utilityfunctionsps1-proxy-dll-895c1879 2026-04-25T16:05:32.890Z monthly 0.6 https://detectionlint.org/library/sigma-lolbin-unregmp2exe-use-as-proxy-e46aeea6 2026-04-25T16:05:32.640Z monthly 0.6 https://detectionlint.org/library/sigma-time-travel-debugging-utility-usage-7a791c9e 2026-04-25T16:05:32.393Z monthly 0.6 https://detectionlint.org/library/sigma-use-of-ttdinjectexe-657f0175 2026-04-25T16:05:32.134Z monthly 0.6 https://detectionlint.org/library/sigma-potential-dll-injection-or-execution-using-trackerexe-e0c281f9 2026-04-25T16:05:31.893Z monthly 0.6 https://detectionlint.org/library/sigma-syncappvpublishingserver-vbs-execute-arbitrary-powershell-co-b02bb300 2026-04-25T16:05:31.639Z monthly 0.6 https://detectionlint.org/library/sigma-syncappvpublishingserver-execute-arbitrary-powershell-code-d96eb5f1 2026-04-25T16:05:31.393Z monthly 0.6 https://detectionlint.org/library/sigma-dumping-process-via-sqldumperexe-8d1cd2fc 2026-04-25T16:05:31.143Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-grpconv-execution-ac388faa 2026-04-25T16:05:30.904Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-driver-install-by-pnputilexe-5a92cb58 2026-04-25T16:05:30.660Z monthly 0.6 https://detectionlint.org/library/sigma-use-of-the-sftpexe-binary-as-a-lolbin-79432bb4 2026-04-25T16:05:30.423Z monthly 0.6 https://detectionlint.org/library/sigma-using-settingsynchostexe-as-lolbin-82704f28 2026-04-25T16:05:30.175Z monthly 0.6 https://detectionlint.org/library/sigma-use-of-scriptrunnerexe-5447c7de 2026-04-25T16:05:29.922Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-runscripthelperexe-2639f937 2026-04-25T16:05:29.674Z monthly 0.6 https://detectionlint.org/library/sigma-lolbin-runexehelper-use-as-proxy-1b70a68b 2026-04-25T16:05:29.430Z monthly 0.6 https://detectionlint.org/library/sigma-replaceexe-usage-23e21177 2026-04-25T16:05:29.186Z monthly 0.6 https://detectionlint.org/library/sigma-use-of-remoteexe-ef73d674 2026-04-25T16:05:28.944Z monthly 0.6 https://detectionlint.org/library/sigma-register_appvbs-proxy-execution-a06298b4 2026-04-25T16:05:28.656Z monthly 0.6 https://detectionlint.org/library/sigma-dll-execution-via-rasautouexe-f40fd01a 2026-04-25T16:05:28.408Z monthly 0.6 https://detectionlint.org/library/sigma-pubprnvbs-proxy-execution-45e1c34f 2026-04-25T16:05:28.154Z monthly 0.6 https://detectionlint.org/library/sigma-printbrm-zip-creation-of-extraction-50d18473 2026-04-25T16:05:27.894Z monthly 0.6 https://detectionlint.org/library/sigma-execute-code-with-pesterbat-1ff54415 2026-04-25T16:05:27.645Z monthly 0.6 https://detectionlint.org/library/sigma-execute-code-with-pesterbat-as-parent-0c302d20 2026-04-25T16:05:27.404Z monthly 0.6 https://detectionlint.org/library/sigma-code-execution-via-pcwutldll-dfa7665e 2026-04-25T16:05:27.140Z monthly 0.6 https://detectionlint.org/library/sigma-execute-pcwrunexe-to-leverage-follina-9f0793ad 2026-04-25T16:05:26.891Z monthly 0.6 https://detectionlint.org/library/sigma-indirect-command-execution-by-program-compatibility-wizard-3153a417 2026-04-25T16:05:26.648Z monthly 0.6 https://detectionlint.org/library/sigma-use-of-pcalua-for-execution-43da0992 2026-04-25T16:05:26.370Z monthly 0.6 https://detectionlint.org/library/sigma-openwithexe-executes-specified-binary-8bdde763 2026-04-25T16:05:26.128Z monthly 0.6 https://detectionlint.org/library/sigma-use-of-openconsole-0233a9ae 2026-04-25T16:05:25.886Z monthly 0.6 https://detectionlint.org/library/sigma-execute-files-with-msdeployexe-0283d933 2026-04-25T16:05:25.649Z monthly 0.6 https://detectionlint.org/library/sigma-mpiexec-lolbin-d246c7e7 2026-04-25T16:05:25.395Z monthly 0.6 https://detectionlint.org/library/sigma-mavinject-inject-dll-into-running-process-82aafbce 2026-04-25T16:05:25.125Z monthly 0.6 https://detectionlint.org/library/sigma-potential-manage-bdewsf-abuse-to-proxy-execution-9945bf67 2026-04-25T16:05:24.884Z monthly 0.6 https://detectionlint.org/library/sigma-launch-vsdevshellps1-proxy-execution-2c432583 2026-04-25T16:05:24.635Z monthly 0.6 https://detectionlint.org/library/sigma-ie4uinit-lolbin-use-from-invalid-path-e2003883 2026-04-25T16:05:24.387Z monthly 0.6 https://detectionlint.org/library/sigma-gpscript-execution-303c3589 2026-04-25T16:05:24.130Z monthly 0.6 https://detectionlint.org/library/sigma-potential-reconnaissance-activity-via-gathernetworkinfovbs-1f28b507 2026-04-25T16:05:23.870Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-extrac32-alternate-data-stream-execution-efe36890 2026-04-25T16:05:23.612Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-extrac32-execution-69cd634d 2026-04-25T16:05:23.369Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-diantz-download-and-compress-into-a-cab-file-f24a08e7 2026-04-25T16:05:23.131Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-diantz-alternate-data-stream-execution-ed633591 2026-04-25T16:05:22.882Z monthly 0.6 https://detectionlint.org/library/sigma-devtoolslauncherexe-executes-specified-binary-5154ebed 2026-04-25T16:05:22.641Z monthly 0.6 https://detectionlint.org/library/sigma-lolbas-data-exfiltration-by-datasvcutilexe-ea2e8a25 2026-04-25T16:05:22.395Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-windows-trace-etw-session-tamper-via-logmanexe-459a6d78 2026-04-25T16:05:22.158Z monthly 0.6 https://detectionlint.org/library/sigma-rebuild-performance-counter-values-via-lodctrexe-466bf265 2026-04-25T16:05:21.914Z monthly 0.6 https://detectionlint.org/library/sigma-uncommon-linkexe-parent-process-ac559718 2026-04-25T16:05:21.664Z monthly 0.6 https://detectionlint.org/library/sigma-import-ldap-data-interchange-format-file-via-ldifdeexe-0e28bde3 2026-04-25T16:05:21.427Z monthly 0.6 https://detectionlint.org/library/sigma-active-directory-structure-export-via-ldifdeexe-71712735 2026-04-25T16:05:21.184Z monthly 0.6 https://detectionlint.org/library/sigma-logged-on-user-password-change-via-ksetupexe-b5cf8e17 2026-04-25T16:05:20.943Z monthly 0.6 https://detectionlint.org/library/sigma-computer-password-change-via-ksetupexe-7778cd74 2026-04-25T16:05:20.685Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-child-process-of-keyscramblerexe-0bceaf27 2026-04-25T16:05:20.419Z monthly 0.6 https://detectionlint.org/library/sigma-attempts-of-kerberos-coercion-via-dns-spn-spoofing-224582f8 2026-04-25T16:05:20.171Z monthly 0.6 https://detectionlint.org/library/sigma-windows-kernel-debugger-execution-2e4e052c 2026-04-25T16:05:19.926Z monthly 0.6 https://detectionlint.org/library/sigma-kavremover-dropped-binary-lolbin-usage-ba42b534 2026-04-25T16:05:19.679Z monthly 0.6 https://detectionlint.org/library/sigma-jscript-compiler-execution-11474ed9 2026-04-25T16:05:19.335Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-sysaidserver-child-a423a545 2026-04-25T16:05:19.034Z monthly 0.6 https://detectionlint.org/library/sigma-shell-process-spawned-by-javaexe-b6889ad4 2026-04-25T16:05:18.780Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-processes-spawned-by-javaexe-a6742705 2026-04-25T16:05:18.540Z monthly 0.6 https://detectionlint.org/library/sigma-java-running-with-remote-debugging-dc11acf3 2026-04-25T16:05:18.293Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-child-process-of-manage-engine-servicedesk-1c1e5629 2026-04-25T16:05:18.042Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-shells-spawn-by-java-utility-keytool-196f42db 2026-04-25T16:05:17.772Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-execution-of-installutil-without-log-548a8b0d 2026-04-25T16:05:17.521Z monthly 0.6 https://detectionlint.org/library/sigma-file-download-via-installutilexe-7ca0861a 2026-04-25T16:05:17.273Z monthly 0.6 https://detectionlint.org/library/sigma-infdefaultinstallexe-inf-execution-d6f0ac9b 2026-04-25T16:05:17.029Z monthly 0.6 https://detectionlint.org/library/sigma-arbitrary-file-download-via-imewdbldexe-3bf375c0 2026-04-25T16:05:16.772Z monthly 0.6 https://detectionlint.org/library/sigma-imagingdevices-unusual-parentchild-processes-dccbd520 2026-04-25T16:05:16.530Z monthly 0.6 https://detectionlint.org/library/sigma-c-il-code-compilation-via-ilasmexe-077bf46a 2026-04-25T16:05:16.278Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-iis-module-registration-80d9ab61 2026-04-25T16:05:16.039Z monthly 0.6 https://detectionlint.org/library/sigma-iis-webserver-log-deletion-via-commandline-utilities-cc0410cb 2026-04-25T16:05:15.789Z monthly 0.6 https://detectionlint.org/library/sigma-microsoft-iis-connection-strings-decryption-3b8eebfa 2026-04-25T16:05:15.533Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-iis-url-globalrules-rewrite-via-appcmd-63ba1aa5 2026-04-25T16:05:15.272Z monthly 0.6 https://detectionlint.org/library/sigma-iis-native-code-module-command-line-installation-15537dbd 2026-04-25T16:05:15.019Z monthly 0.6 https://detectionlint.org/library/sigma-microsoft-iis-service-account-password-dumped-5abefddd 2026-04-25T16:05:14.778Z monthly 0.6 https://detectionlint.org/library/sigma-disable-windows-iis-http-logging-dd715a7d 2026-04-25T16:05:14.531Z monthly 0.6 https://detectionlint.org/library/sigma-self-extracting-package-creation-via-iexpressexe-from-potent-065b2b29 2026-04-25T16:05:14.284Z monthly 0.6 https://detectionlint.org/library/sigma-file-download-and-execution-via-ieexecexe-dffa13ab 2026-04-25T16:05:14.032Z monthly 0.6 https://detectionlint.org/library/sigma-use-icacls-to-hide-file-to-everyone-d60dc053 2026-04-25T16:05:13.775Z monthly 0.6 https://detectionlint.org/library/sigma-potential-fake-instance-of-hxtsrexe-executed-9f6b436c 2026-04-25T16:05:13.516Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-hwp-sub-processes-8362e573 2026-04-25T16:05:13.257Z monthly 0.6 https://detectionlint.org/library/sigma-hypervisor-protected-code-integrity-hvci-related-registry-ta-84c3c1de 2026-04-25T16:05:12.999Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-execution-of-hostname-68a20aca 2026-04-25T16:05:12.752Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-zipexec-execution-bfb147e4 2026-04-25T16:05:12.507Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---xordump-execution-96474c82 2026-04-25T16:05:12.245Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---wsass-execution-a89c3ec0 2026-04-25T16:05:12.008Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---wmiexec-default-powershell-command-6326ce62 2026-04-25T16:05:11.751Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---winpwn-execution-4bf9a05c 2026-04-25T16:05:11.496Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---winpeas-execution-8cb0a270 2026-04-25T16:05:11.254Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---windows-credential-editor-wce-execution-9524ba6d 2026-04-25T16:05:11.004Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---uacme-akagi-execution-72d3930b 2026-04-25T16:05:10.702Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---trufflesnout-execution-98be6ca9 2026-04-25T16:05:10.350Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---sysmoneop-execution-b242a67a 2026-04-25T16:05:10.095Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---stracciatella-execution-9327176e 2026-04-25T16:05:09.838Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---soaphound-execution-65d504e7 2026-04-25T16:05:09.592Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---sliver-c2-implant-activity-pattern-2db44608 2026-04-25T16:05:09.329Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---silenttrinity-stager-execution-dbc8710d 2026-04-25T16:05:09.073Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---sharpwsuswsuspendu-execution-ac6432a6 2026-04-25T16:05:08.827Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---sharpview-execution-da107f48 2026-04-25T16:05:08.582Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---sharpup-privesc-tool-execution-39c74f02 2026-04-25T16:05:08.335Z monthly 0.6 https://detectionlint.org/library/sigma-hktl---sharpsuccessor-privilege-escalation-tool-execution-6bde09bd 2026-04-25T16:05:08.093Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---sharpmove-tool-execution-cb447c0f 2026-04-25T16:05:07.847Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---sharpldapwhoami-execution-bf0a9e66 2026-04-25T16:05:07.587Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---sharpevtmute-execution-855a2d19 2026-04-25T16:05:07.328Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---sharpersist-execution-67e974ed 2026-04-25T16:05:07.078Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---sharpldapmonitor-execution-2b9e8a84 2026-04-25T16:05:06.833Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---sharpimpersonation-execution-39015169 2026-04-25T16:05:06.574Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---sharpdpapi-execution-ed16d05f 2026-04-25T16:05:06.329Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---sharpchisel-execution-2dff6022 2026-04-25T16:05:06.081Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---ppid-spoofing-selectmyparent-tool-execution-44701305 2026-04-25T16:05:05.831Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---securityxploded-execution-616cfbda 2026-04-25T16:05:05.575Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---safetykatz-execution-de63afa9 2026-04-25T16:05:05.324Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---rubeus-execution-0939f16f 2026-04-25T16:05:05.072Z monthly 0.6 https://detectionlint.org/library/sigma-potential-smb-relay-attack-tool-execution-dbf10f3b 2026-04-25T16:05:04.830Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---redmimicry-winnti-playbook-execution-1eb3c5f6 2026-04-25T16:05:04.581Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---quarks-pwdump-execution-9128e06b 2026-04-25T16:05:04.223Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---pypykatz-credentials-dumping-activity-36f7b3a6 2026-04-25T16:05:03.956Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---purplesharp-execution-53aa28d6 2026-04-25T16:05:03.714Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---powertool-execution-62ff4105 2026-04-25T16:05:03.420Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---default-powersploitempire-scheduled-task-creation-23ba3e79 2026-04-25T16:05:03.171Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---pchunter-execution-c017c7f9 2026-04-25T16:05:02.914Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---netexec-execution-cacc34b6 2026-04-25T16:05:02.664Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---mimikatz-execution-0d99e0cc 2026-04-25T16:05:02.407Z monthly 0.6 https://detectionlint.org/library/sigma-potential-meterpretercobaltstrike-activity-19b3f56b 2026-04-25T16:05:02.150Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---localpotato-execution-73c5d9b5 2026-04-25T16:05:01.904Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---lazagne-execution-7ef74b3d 2026-04-25T16:05:01.656Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---krbrelayup-execution-7988b04f 2026-04-25T16:05:01.406Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---remotekrbrelay-execution-695cb3ea 2026-04-25T16:05:01.142Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---krbrelay-execution-be1b625e 2026-04-25T16:05:00.864Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---koadic-execution-4fc39d27 2026-04-25T16:05:00.606Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---jlaive-in-memory-assembly-execution-b388a321 2026-04-25T16:05:00.362Z monthly 0.6 https://detectionlint.org/library/sigma-invoke-obfuscation-var-launcher-obfuscation-f79e3350 2026-04-25T16:05:00.116Z monthly 0.6 https://detectionlint.org/library/sigma-invoke-obfuscation-via-use-mshta-ff91895f 2026-04-25T16:04:59.868Z monthly 0.6 https://detectionlint.org/library/sigma-invoke-obfuscation-via-use-clip-b76bd7e7 2026-04-25T16:04:59.618Z monthly 0.6 https://detectionlint.org/library/sigma-invoke-obfuscation-via-stdin-29a19ab9 2026-04-25T16:04:59.368Z monthly 0.6 https://detectionlint.org/library/sigma-invoke-obfuscation-compress-obfuscation-dd23fd82 2026-04-25T16:04:59.125Z monthly 0.6 https://detectionlint.org/library/sigma-invoke-obfuscation-var-launcher-35bdc54f 2026-04-25T16:04:58.868Z monthly 0.6 https://detectionlint.org/library/sigma-invoke-obfuscation-stdin-launcher-858e1164 2026-04-25T16:04:58.615Z monthly 0.6 https://detectionlint.org/library/sigma-invoke-obfuscation-obfuscated-iex-invocation-983541e7 2026-04-25T16:04:58.365Z monthly 0.6 https://detectionlint.org/library/sigma-invoke-obfuscation-clip-launcher-d6221d64 2026-04-25T16:04:58.119Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---inveigh-execution-e842fae7 2026-04-25T16:04:57.860Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---impersonate-execution-a0672f67 2026-04-25T16:04:57.605Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---impacket-tools-execution-516eebfd 2026-04-25T16:04:57.354Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---potential-impacket-lateral-movement-activity-7cbff6f5 2026-04-25T16:04:57.093Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---hydra-password-bruteforce-execution-c4584306 2026-04-25T16:04:56.852Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---htrannatbypass-execution-c9659802 2026-04-25T16:04:56.599Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---hollowreaper-execution-3646ae59 2026-04-25T16:04:56.350Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---hashcat-password-cracker-execution-0b90be32 2026-04-25T16:04:56.101Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---handlekatz-lsass-dumper-execution-feee4522 2026-04-25T16:04:55.847Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---gmer-rootkit-detector-and-remover-execution-f1ba0762 2026-04-25T16:04:55.603Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool-execution---pe-metadata-16ae7b9f 2026-04-25T16:04:55.311Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool-execution---imphash-bce3a7bc 2026-04-25T16:04:55.067Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---winrm-access-via-evil-winrm-55ee7c04 2026-04-25T16:04:54.817Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---empire-powershell-uac-bypass-f84c5fbc 2026-04-25T16:04:54.560Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---empire-powershell-launch-parameters-c07f78a6 2026-04-25T16:04:54.322Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---edrsilencer-execution-ea281ef3 2026-04-25T16:04:54.083Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---edr-freeze-execution-77f6eed5 2026-04-25T16:04:53.837Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---dumpert-process-dumper-execution-d2335a35 2026-04-25T16:04:53.576Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---doppelanger-lsass-dumper-execution-352b7e92 2026-04-25T16:04:53.328Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---dinjector-powershell-cradle-execution-8b372db6 2026-04-25T16:04:53.087Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---createminidump-execution-90376199 2026-04-25T16:04:52.832Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---crackmapexec-powershell-obfuscation-01fee0c4 2026-04-25T16:04:52.591Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---crackmapexec-process-patterns-fcdd8f20 2026-04-25T16:04:52.323Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---crackmapexec-execution-patterns-2fd0b402 2026-04-25T16:04:52.062Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---crackmapexec-execution-cd0fb111 2026-04-25T16:04:51.811Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---covenant-powershell-launcher-1dae8c64 2026-04-25T16:04:51.559Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---coercedpotato-execution-009dbbf8 2026-04-25T16:04:51.306Z monthly 0.6 https://detectionlint.org/library/sigma-potential-cobaltstrike-process-patterns-6de1df35 2026-04-25T16:04:51.055Z monthly 0.6 https://detectionlint.org/library/sigma-cobaltstrike-load-by-rundll32-ded6b5f6 2026-04-25T16:04:50.811Z monthly 0.6 https://detectionlint.org/library/sigma-operator-bloopers-cobalt-strike-modules-fe2cf059 2026-04-25T16:04:50.549Z monthly 0.6 https://detectionlint.org/library/sigma-operator-bloopers-cobalt-strike-commands-f20293ea 2026-04-25T16:04:50.289Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---certipy-execution-ba1ff0d2 2026-04-25T16:04:50.043Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---certify-execution-003bcf98 2026-04-25T16:04:49.800Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---f-secure-c3-load-by-rundll32-15c11bde 2026-04-25T16:04:49.554Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---bloodhoundsharphound-execution-19bfcdb5 2026-04-25T16:04:49.305Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---adcspwn-execution-0682ca91 2026-04-25T16:04:48.964Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-hhexe-execution-f78bed69 2026-04-25T16:04:48.689Z monthly 0.6 https://detectionlint.org/library/sigma-html-help-hhexe-suspicious-child-process-ce9717a0 2026-04-25T16:04:48.437Z monthly 0.6 https://detectionlint.org/library/sigma-remote-chm-file-downloadexecution-via-hhexe-5b416d3e 2026-04-25T16:04:48.187Z monthly 0.6 https://detectionlint.org/library/sigma-hhexe-execution-384f6524 2026-04-25T16:04:47.936Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-gup-usage-094471c8 2026-04-25T16:04:47.680Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-child-process-of-notepad-updater---gupexe-0d2b51ab 2026-04-25T16:04:47.433Z monthly 0.6 https://detectionlint.org/library/sigma-file-download-using-notepad-gup-utility-0f909be6 2026-04-25T16:04:47.181Z monthly 0.6 https://detectionlint.org/library/sigma-arbitrary-binary-execution-using-gup-utility-e510e870 2026-04-25T16:04:46.918Z monthly 0.6 https://detectionlint.org/library/sigma-gpresult-display-group-policy-information-b8bda339 2026-04-25T16:04:46.675Z monthly 0.6 https://detectionlint.org/library/sigma-file-encryptiondecryption-via-gpg4win-from-suspicious-locati-5ac45d8f 2026-04-25T16:04:46.436Z monthly 0.6 https://detectionlint.org/library/sigma-portable-gpgexe-execution-3f2148a1 2026-04-25T16:04:46.181Z monthly 0.6 https://detectionlint.org/library/sigma-file-encryption-using-gpg4win-29502048 2026-04-25T16:04:45.935Z monthly 0.6 https://detectionlint.org/library/sigma-file-decryption-using-gpg4win-bb03f6bd 2026-04-25T16:04:45.683Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-googleupdate-child-process-84f9e569 2026-04-25T16:04:45.442Z monthly 0.6 https://detectionlint.org/library/sigma-github-self-hosted-runner-execution-7e648ada 2026-04-25T16:04:45.201Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-git-clone-d400f293 2026-04-25T16:04:44.958Z monthly 0.6 https://detectionlint.org/library/sigma-arbitrary-file-download-via-gfxdownloadwrapperexe-2fe29bf2 2026-04-25T16:04:44.712Z monthly 0.6 https://detectionlint.org/library/sigma-potential-arbitrary-command-execution-via-ftpexe-67c0f11a 2026-04-25T16:04:44.463Z monthly 0.6 https://detectionlint.org/library/sigma-fsutil-suspicious-invocation-eed8c14e 2026-04-25T16:04:44.218Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-ntfs-symlink-behavior-modification-1b284eab 2026-04-25T16:04:43.970Z monthly 0.6 https://detectionlint.org/library/sigma-fsutil-drive-enumeration-3f4d9119 2026-04-25T16:04:43.716Z monthly 0.6 https://detectionlint.org/library/sigma-use-of-fsharp-interpreters-bef33027 2026-04-25T16:04:43.470Z monthly 0.6 https://detectionlint.org/library/sigma-uncommon-filesystem-load-attempt-by-formatcom-e282ce84 2026-04-25T16:04:43.204Z monthly 0.6 https://detectionlint.org/library/sigma-forfiles-command-execution-fe645b85 2026-04-25T16:04:42.943Z monthly 0.6 https://detectionlint.org/library/sigma-forfilesexe-child-process-masquerading-d95aa559 2026-04-25T16:04:42.690Z monthly 0.6 https://detectionlint.org/library/sigma-sysmon-driver-unloaded-via-fltmcexe-d0ef4d61 2026-04-25T16:04:42.436Z monthly 0.6 https://detectionlint.org/library/sigma-filter-driver-unloaded-via-fltmcexe-9cd68f31 2026-04-25T16:04:42.196Z monthly 0.6 https://detectionlint.org/library/sigma-fingerexe-execution-0c50cac3 2026-04-25T16:04:41.943Z monthly 0.6 https://detectionlint.org/library/sigma-sysmon-discovery-via-default-driver-altitude-using-findstrex-f57554d6 2026-04-25T16:04:41.689Z monthly 0.6 https://detectionlint.org/library/sigma-insensitive-subfolder-search-via-findstrexe-ba5c8590 2026-04-25T16:04:41.434Z monthly 0.6 https://detectionlint.org/library/sigma-security-tools-keyword-lookup-via-findstrexe-30e29aa6 2026-04-25T16:04:41.178Z monthly 0.6 https://detectionlint.org/library/sigma-recon-command-output-piped-to-findstrexe-7dbffbfc 2026-04-25T16:04:40.917Z monthly 0.6 https://detectionlint.org/library/sigma-permission-misconfiguration-reconnaissance-via-findstrexe-69ba652f 2026-04-25T16:04:40.672Z monthly 0.6 https://detectionlint.org/library/sigma-lsass-process-reconnaissance-via-findstrexe-9f046378 2026-04-25T16:04:40.398Z monthly 0.6 https://detectionlint.org/library/sigma-findstr-launching-lnk-file-ba19a02b 2026-04-25T16:04:40.139Z monthly 0.6 https://detectionlint.org/library/sigma-findstr-gpp-passwords-918588cd 2026-04-25T16:04:39.888Z monthly 0.6 https://detectionlint.org/library/sigma-remote-file-download-via-findstrexe-d3763b39 2026-04-25T16:04:39.634Z monthly 0.6 https://detectionlint.org/library/sigma-explorer-nouaccheck-flag-f5b663bc 2026-04-25T16:04:39.393Z monthly 0.6 https://detectionlint.org/library/sigma-file-explorer-folder-opened-using-explorer-folder-shortcut-v-946cfbe2 2026-04-25T16:04:39.135Z monthly 0.6 https://detectionlint.org/library/sigma-explorer-process-tree-break-5f30baf7 2026-04-25T16:04:38.886Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-cabinet-file-expansion-e9dec41f 2026-04-25T16:04:38.625Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-event-viewer-child-process-b12625d6 2026-04-25T16:04:38.380Z monthly 0.6 https://detectionlint.org/library/sigma-security-event-logging-disabled-via-minint-registry-key---pr-cfff1083 2026-04-25T16:04:38.140Z monthly 0.6 https://detectionlint.org/library/sigma-esentutl-steals-browser-information-dc21b45d 2026-04-25T16:04:37.895Z monthly 0.6 https://detectionlint.org/library/sigma-copying-sensitive-files-with-credential-data-a713616d 2026-04-25T16:04:37.645Z monthly 0.6 https://detectionlint.org/library/sigma-esentutl-gather-credentials-91b63dcc 2026-04-25T16:04:37.404Z monthly 0.6 https://detectionlint.org/library/sigma-new-capture-session-launched-via-dxcapexe-065953c2 2026-04-25T16:04:37.148Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-dumpminitool-execution-d2167d41 2026-04-25T16:04:36.896Z monthly 0.6 https://detectionlint.org/library/sigma-dumpminitool-execution-4c11274e 2026-04-25T16:04:36.641Z monthly 0.6 https://detectionlint.org/library/sigma-potential-windows-defender-av-bypass-via-dump64exe-rename-a42b5ffc 2026-04-25T16:04:36.386Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-kernel-dump-using-dtrace-eb5b30c1 2026-04-25T16:04:36.125Z monthly 0.6 https://detectionlint.org/library/sigma-domain-trust-discovery-via-dsquery-c297d3ae 2026-04-25T16:04:35.875Z monthly 0.6 https://detectionlint.org/library/sigma-potential-password-spraying-attempt-using-dsaclsexe-35665287 2026-04-25T16:04:35.622Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-over-permissive-permissions-granted-using-dsacls-88362a27 2026-04-25T16:04:35.374Z monthly 0.6 https://detectionlint.org/library/sigma-driverqueryexe-execution-5f859923 2026-04-25T16:04:35.133Z monthly 0.6 https://detectionlint.org/library/sigma-potential-recon-activity-using-driverqueryexe-ee432d58 2026-04-25T16:04:34.876Z monthly 0.6 https://detectionlint.org/library/sigma-process-memory-dump-via-dotnet-dump-c903955a 2026-04-25T16:04:34.614Z monthly 0.6 https://detectionlint.org/library/sigma-binary-proxy-execution-via-dotnet-traceexe-4532ba4e 2026-04-25T16:04:34.344Z monthly 0.6 https://detectionlint.org/library/sigma-arbitrary-dll-or-csproj-code-execution-via-dotnetexe-c857d5f8 2026-04-25T16:04:34.094Z monthly 0.6 https://detectionlint.org/library/sigma-potential-application-whitelisting-bypass-via-dnxexe-c44372fb 2026-04-25T16:04:33.722Z monthly 0.6 https://detectionlint.org/library/sigma-new-dns-serverlevelplugindll-installed-via-dnscmdexe-4e7f7e3a 2026-04-25T16:04:33.473Z monthly 0.6 https://detectionlint.org/library/sigma-potential-discovery-activity-via-dnscmdexe-76c2cbfe 2026-04-25T16:04:33.223Z monthly 0.6 https://detectionlint.org/library/sigma-unusual-child-process-of-dnsexe-0d7c4496 2026-04-25T16:04:32.975Z monthly 0.6 https://detectionlint.org/library/sigma-dns-exfiltration-and-tunneling-tools-execution-d3dea254 2026-04-25T16:04:32.711Z monthly 0.6 https://detectionlint.org/library/sigma-dllhostexe-execution-anomaly-3590e47d 2026-04-25T16:04:32.457Z monthly 0.6 https://detectionlint.org/library/sigma-dll-sideloading-by-vmware-xfer-utility-f46fca1e 2026-04-25T16:04:32.204Z monthly 0.6 https://detectionlint.org/library/sigma-dism-remove-online-package-d5fd7381 2026-04-25T16:04:31.948Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-web-access-feature-enabled-via-dism-60eb6876 2026-04-25T16:04:31.705Z monthly 0.6 https://detectionlint.org/library/sigma-diskshadow-script-mode---execution-from-potential-suspicious-6886e4ba 2026-04-25T16:04:31.444Z monthly 0.6 https://detectionlint.org/library/sigma-diskshadow-script-mode---uncommon-script-extension-execution-6bb20616 2026-04-25T16:04:31.201Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-child-process-of-diskshadowexe-a54c7b78 2026-04-25T16:04:30.943Z monthly 0.6 https://detectionlint.org/library/sigma-system-information-discovery-via-registry-queries-b4546665 2026-04-25T16:04:30.684Z monthly 0.6 https://detectionlint.org/library/sigma-dirlister-execution-cc4949b4 2026-04-25T16:04:30.431Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-child-process-of-clickonce-applicatio-730c6c6f 2026-04-25T16:04:30.189Z monthly 0.6 https://detectionlint.org/library/sigma-arbitrary-msi-download-via-devinitexe-81cada5a 2026-04-25T16:04:29.945Z monthly 0.6 https://detectionlint.org/library/sigma-potential-dll-sideloading-via-deviceenrollerexe-b8a010b3 2026-04-25T16:04:29.690Z monthly 0.6 https://detectionlint.org/library/sigma-devicecredentialdeployment-execution-395e2027 2026-04-25T16:04:29.434Z monthly 0.6 https://detectionlint.org/library/sigma-devcon-execution-disabling-vmware-vmci-device-b4470062 2026-04-25T16:04:29.177Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-desktopimgdownldr-command-e8856d32 2026-04-25T16:04:28.934Z monthly 0.6 https://detectionlint.org/library/sigma-remote-file-download-via-desktopimgdownldr-utility-e94c5d4f 2026-04-25T16:04:28.687Z monthly 0.6 https://detectionlint.org/library/sigma-windows-defender-context-menu-removed-70a31478 2026-04-25T16:04:28.441Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-defender-threat-severity-default-action-set-to-al-7856ce9f 2026-04-25T16:04:28.190Z monthly 0.6 https://detectionlint.org/library/sigma-uncommon-child-process-of-defaultpackexe-798436a6 2026-04-25T16:04:27.948Z monthly 0.6 https://detectionlint.org/library/sigma-manageengine-endpoint-central-dctask64exe-potential-abuse-230ffcf6 2026-04-25T16:04:27.705Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-customshellhost-execution-99624ada 2026-04-25T16:04:27.458Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-curlexe-download-6488ac19 2026-04-25T16:04:27.201Z monthly 0.6 https://detectionlint.org/library/sigma-local-file-read-using-curlexe-770b4b5a 2026-04-25T16:04:26.952Z monthly 0.6 https://detectionlint.org/library/sigma-insecure-proxydoh-transfer-via-curlexe-f6d1d9e5 2026-04-25T16:04:26.710Z monthly 0.6 https://detectionlint.org/library/sigma-insecure-transfer-via-curlexe-19b789e6 2026-04-25T16:04:26.463Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-file-download-from-file-sharing-domain-via-curlex-b715daea 2026-04-25T16:04:26.218Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-file-download-from-ip-via-curlexe-898556d6 2026-04-25T16:04:25.969Z monthly 0.6 https://detectionlint.org/library/sigma-file-download-from-ip-url-via-curlexe-8d9ff37a 2026-04-25T16:04:25.705Z monthly 0.6 https://detectionlint.org/library/sigma-curl-web-request-with-potential-custom-user-agent-ee443609 2026-04-25T16:04:25.461Z monthly 0.6 https://detectionlint.org/library/sigma-potential-cookies-session-hijacking-c321b471 2026-04-25T16:04:25.220Z monthly 0.6 https://detectionlint.org/library/sigma-active-directory-structure-export-via-csvdeexe-b88c9156 2026-04-25T16:04:24.193Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-use-of-csharp-interactive-console-9b461bf7 2026-04-25T16:04:22.833Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-csiexe-usage-1b685425 2026-04-25T16:04:21.977Z monthly 0.6 https://detectionlint.org/library/sigma-cscexe-execution-form-potentially-suspicious-parent-c26bdcbc 2026-04-25T16:04:20.803Z monthly 0.6 https://detectionlint.org/library/sigma-dynamic-net-compilation-via-cscexe-55bd515c 2026-04-25T16:04:19.771Z monthly 0.6 https://detectionlint.org/library/sigma-windows-credential-guard-registry-tampering-via-commandline-f9229438 2026-04-25T16:04:19.529Z monthly 0.6 https://detectionlint.org/library/sigma-createdump-process-dump-483f4fe0 2026-04-25T16:04:19.279Z monthly 0.6 https://detectionlint.org/library/sigma-new-dmsa-service-account-created-in-specific-ous-ba5ca2c3 2026-04-25T16:04:19.033Z monthly 0.6 https://detectionlint.org/library/sigma-control-panel-items-a2a45fac 2026-04-25T16:04:18.698Z monthly 0.6 https://detectionlint.org/library/sigma-conhost-spawned-by-uncommon-parent-process-3a4cd3f2 2026-04-25T16:04:18.458Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-child-processes-spawned-by-conhost-7b8d27a8 2026-04-25T16:04:18.188Z monthly 0.6 https://detectionlint.org/library/sigma-uncommon-child-process-of-conhostexe-2ac14d8e 2026-04-25T16:04:17.941Z monthly 0.6 https://detectionlint.org/library/sigma-conhostexe-commandline-path-traversal-4f70fa71 2026-04-25T16:04:17.693Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-high-integritylevel-conhost-legacy-option-55caeeed 2026-04-25T16:04:17.443Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-executed-from-headless-conhost-process-55fd1208 2026-04-25T16:04:17.192Z monthly 0.6 https://detectionlint.org/library/sigma-arbitrary-file-download-via-configsecuritypolicyexe-a5e43ad8 2026-04-25T16:04:16.948Z monthly 0.6 https://detectionlint.org/library/sigma-openedr-spawning-command-shell-81c36420 2026-04-25T16:04:16.697Z monthly 0.6 https://detectionlint.org/library/sigma-cmstp-execution-process-creation-970f4b48 2026-04-25T16:04:16.448Z monthly 0.6 https://detectionlint.org/library/sigma-potential-arbitrary-file-download-via-cmdl32exe-833cb90c 2026-04-25T16:04:16.205Z monthly 0.6 https://detectionlint.org/library/sigma-potential-reconnaissance-for-cached-credentials-via-cmdkeyex-10a8e786 2026-04-25T16:04:15.956Z monthly 0.6 https://detectionlint.org/library/sigma-new-generic-credentials-added-via-cmdkeyexe-81c2ef72 2026-04-25T16:04:15.702Z monthly 0.6 https://detectionlint.org/library/sigma-unusual-parent-process-for-cmdexe-d71f8423 2026-04-25T16:04:15.451Z monthly 0.6 https://detectionlint.org/library/sigma-potential-downloadupload-activity-using-type-command-0a1a559e 2026-04-25T16:04:15.207Z monthly 0.6 https://detectionlint.org/library/sigma-persistence-via-sticky-key-backdoor-1206d0a2 2026-04-25T16:04:14.958Z monthly 0.6 https://detectionlint.org/library/sigma-sticky-key-like-backdoor-execution-c93d1221 2026-04-25T16:04:14.709Z monthly 0.6 https://detectionlint.org/library/sigma-read-contents-from-stdin-via-cmdexe-d57f367f 2026-04-25T16:04:14.460Z monthly 0.6 https://detectionlint.org/library/sigma-copy-from-volumeshadowcopy-via-cmdexe-b5ddfc56 2026-04-25T16:04:14.209Z monthly 0.6 https://detectionlint.org/library/sigma-directory-removal-via-rmdir-7ed8e328 2026-04-25T16:04:13.938Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-cmd-shell-output-redirect-00ef3e31 2026-04-25T16:04:13.695Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-pingdel-command-combination-4d4d6e2b 2026-04-25T16:04:13.435Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-pingcopy-command-combination-efd6322e 2026-04-25T16:04:13.192Z monthly 0.6 https://detectionlint.org/library/sigma-potential-commandline-path-traversal-via-cmdexe-669fcb6d 2026-04-25T16:04:12.911Z monthly 0.6 https://detectionlint.org/library/sigma-ntdllpipe-like-activity-execution-36df1513 2026-04-25T16:04:12.652Z monthly 0.6 https://detectionlint.org/library/sigma-cmdexe-missing-space-characters-execution-anomaly-d0e986c6 2026-04-25T16:04:12.402Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-file-execution-from-internet-hosted-webdav-share-f13bed6d 2026-04-25T16:04:12.117Z monthly 0.6 https://detectionlint.org/library/sigma-volumeshadowcopy-symlink-creation-via-mklink-bc4f21ce 2026-04-25T16:04:11.870Z monthly 0.6 https://detectionlint.org/library/sigma-potential-privilege-escalation-using-symlink-between-osk-and-52e64f41 2026-04-25T16:04:11.621Z monthly 0.6 https://detectionlint.org/library/sigma-cmd-launched-with-hidden-start-flags-to-suspicious-targets-2c74dbc0 2026-04-25T16:04:11.371Z monthly 0.6 https://detectionlint.org/library/sigma-command-line-execution-with-suspicious-url-and-appdata-strin-16990207 2026-04-25T16:04:11.127Z monthly 0.6 https://detectionlint.org/library/sigma-potential-dosfuscation-activity-670b1eed 2026-04-25T16:04:10.877Z monthly 0.6 https://detectionlint.org/library/sigma-file-and-subfolder-enumeration-via-dir-command-f7c0ed99 2026-04-25T16:04:10.632Z monthly 0.6 https://detectionlint.org/library/sigma-greedy-file-deletion-using-del-c884b198 2026-04-25T16:04:10.379Z monthly 0.6 https://detectionlint.org/library/sigma-file-deletion-via-del-74a2bd7c 2026-04-25T16:04:10.130Z monthly 0.6 https://detectionlint.org/library/sigma-curl-download-and-execute-combination-4981c40b 2026-04-25T16:04:09.886Z monthly 0.6 https://detectionlint.org/library/sigma-copy-dmpdump-files-from-remote-share-via-cmdexe-115bcd9f 2026-04-25T16:04:09.630Z monthly 0.6 https://detectionlint.org/library/sigma-change-default-file-association-to-executable-via-assoc-d98d35d6 2026-04-25T16:04:09.379Z monthly 0.6 https://detectionlint.org/library/sigma-change-default-file-association-via-assoc-5fcbb55b 2026-04-25T16:04:09.134Z monthly 0.6 https://detectionlint.org/library/sigma-cloudflared-tunnel-execution-537ccfd8 2026-04-25T16:04:08.882Z monthly 0.6 https://detectionlint.org/library/sigma-cloudflared-tunnel-connections-cleanup-f4d04862 2026-04-25T16:04:08.627Z monthly 0.6 https://detectionlint.org/library/sigma-cloudflared-quick-tunnel-execution-20007733 2026-04-25T16:04:08.371Z monthly 0.6 https://detectionlint.org/library/sigma-cloudflared-portable-execution-a9873bce 2026-04-25T16:04:08.122Z monthly 0.6 https://detectionlint.org/library/sigma-data-copied-to-clipboard-via-clipexe-254678f6 2026-04-25T16:04:07.859Z monthly 0.6 https://detectionlint.org/library/sigma-process-access-via-trolleyexpress-exclusion-9edaf314 2026-04-25T16:04:07.612Z monthly 0.6 https://detectionlint.org/library/sigma-deleted-data-overwritten-via-cipherexe-4a0a8179 2026-04-25T16:04:07.365Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-codepage-switch-via-chcp-e1ad99a0 2026-04-25T16:04:07.119Z monthly 0.6 https://detectionlint.org/library/sigma-console-codepage-lookup-via-chcp-c1302120 2026-04-25T16:04:06.860Z monthly 0.6 https://detectionlint.org/library/sigma-potential-ntlm-coercion-via-certutilexe-a21f71c5 2026-04-25T16:04:06.608Z monthly 0.6 https://detectionlint.org/library/sigma-certificate-exported-via-certutilexe-071aabb6 2026-04-25T16:04:06.352Z monthly 0.6 https://detectionlint.org/library/sigma-file-in-suspicious-location-encoded-to-base64-via-certutilex-68739ee3 2026-04-25T16:04:06.101Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-file-encoded-to-base64-via-certutilexe-4204c1e7 2026-04-25T16:04:05.854Z monthly 0.6 https://detectionlint.org/library/sigma-file-encoded-to-base64-via-certutilexe-fd5b6a55 2026-04-25T16:04:05.599Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-file-downloaded-from-file-sharing-website-via-cer-0dc2eae7 2026-04-25T16:04:05.349Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-file-downloaded-from-direct-ip-via-certutilexe-cb7b2675 2026-04-25T16:04:05.087Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-download-via-certutilexe-b2c5b7ac 2026-04-25T16:04:04.609Z monthly 0.6 https://detectionlint.org/library/sigma-file-decoded-from-base64hex-via-certutilexe-17c5a45c 2026-04-25T16:04:03.716Z monthly 0.6 https://detectionlint.org/library/sigma-new-root-certificate-installed-via-certutilexe-89ba25b9 2026-04-25T16:04:02.248Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-certreq-command-to-download-901342ae 2026-04-25T16:04:01.596Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-dll-loaded-via-certocexe-3115c591 2026-04-25T16:04:01.325Z monthly 0.6 https://detectionlint.org/library/sigma-dll-loaded-via-certocexe-49f21495 2026-04-25T16:04:01.081Z monthly 0.6 https://detectionlint.org/library/sigma-file-download-from-ip-based-url-via-certocexe-cbe89a97 2026-04-25T16:04:00.829Z monthly 0.6 https://detectionlint.org/library/sigma-file-download-via-certocexe-90e8c995 2026-04-25T16:04:00.571Z monthly 0.6 https://detectionlint.org/library/sigma-new-root-certificate-installed-via-certmgrexe-241e2dbd 2026-04-25T16:04:00.328Z monthly 0.6 https://detectionlint.org/library/sigma-potential-binary-proxy-execution-via-cdbexe-4c70aa59 2026-04-25T16:04:00.080Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-calculator-usage-9742fa44 2026-04-25T16:03:59.832Z monthly 0.6 https://detectionlint.org/library/sigma-tor-clientbrowser-execution-64425327 2026-04-25T16:03:59.578Z monthly 0.6 https://detectionlint.org/library/sigma-browser-started-with-remote-debugging-716b427a 2026-04-25T16:03:59.337Z monthly 0.6 https://detectionlint.org/library/sigma-file-download-from-browser-process-via-inline-url-8bb724b6 2026-04-25T16:03:59.090Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-chromium-browser-instance-executed-with-custom-ex-758b9cd1 2026-04-25T16:03:58.845Z monthly 0.6 https://detectionlint.org/library/sigma-chromium-browser-headless-execution-to-mockbin-like-site-9313da26 2026-04-25T16:03:58.585Z monthly 0.6 https://detectionlint.org/library/sigma-chromium-browser-instance-executed-with-custom-extension-cac7f07b 2026-04-25T16:03:58.327Z monthly 0.6 https://detectionlint.org/library/sigma-file-download-with-headless-browser-6f1b4254 2026-04-25T16:03:58.077Z monthly 0.6 https://detectionlint.org/library/sigma-browser-execution-in-headless-mode-ec254770 2026-04-25T16:03:57.820Z monthly 0.6 https://detectionlint.org/library/sigma-potential-data-stealing-via-chromium-headless-debugging-3b852f27 2026-04-25T16:03:57.558Z monthly 0.6 https://detectionlint.org/library/sigma-monitoring-for-persistence-via-bits-c3d16270 2026-04-25T16:03:57.309Z monthly 0.6 https://detectionlint.org/library/sigma-file-download-via-bitsadmin-to-a-suspicious-target-folder-3457d466 2026-04-25T16:03:57.061Z monthly 0.6 https://detectionlint.org/library/sigma-file-with-suspicious-extension-downloaded-via-bitsadmin-25677903 2026-04-25T16:03:56.809Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-download-from-file-sharing-website-via-bitsadmin-911e33a7 2026-04-25T16:03:56.562Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-download-from-direct-ip-via-bitsadmin-8b04564c 2026-04-25T16:03:56.313Z monthly 0.6 https://detectionlint.org/library/sigma-file-download-via-bitsadmin-351c9620 2026-04-25T16:03:56.050Z monthly 0.6 https://detectionlint.org/library/sigma-bitlockertogoexe-execution-af662507 2026-04-25T16:03:55.802Z monthly 0.6 https://detectionlint.org/library/sigma-uncommon-child-process-of-bginfoexe-590f4439 2026-04-25T16:03:55.553Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-child-process-of-bginfoexe-f4c23b75 2026-04-25T16:03:55.294Z monthly 0.6 https://detectionlint.org/library/sigma-data-export-from-mssql-table-via-bcpexe-f6fc174b 2026-04-25T16:03:55.050Z monthly 0.6 https://detectionlint.org/library/sigma-potential-ransomware-or-unauthorized-mbr-tampering-via-bcded-15b8d0a6 2026-04-25T16:03:54.799Z monthly 0.6 https://detectionlint.org/library/sigma-boot-configuration-tampering-via-bcdeditexe-427a4c4f 2026-04-25T16:03:54.549Z monthly 0.6 https://detectionlint.org/library/sigma-indirect-command-execution-from-script-file-via-bashexe-532b7bd9 2026-04-25T16:03:54.304Z monthly 0.6 https://detectionlint.org/library/sigma-indirect-inline-command-execution-via-bashexe-d3219707 2026-04-25T16:03:54.048Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-bitlocker-access-agent-update-utility-execution-39019116 2026-04-25T16:03:53.792Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-autorun-registry-modified-via-wmi-c03338b3 2026-04-25T16:03:53.541Z monthly 0.6 https://detectionlint.org/library/sigma-audit-policy-tampering-via-auditpol-464ed49a 2026-04-25T16:03:53.288Z monthly 0.6 https://detectionlint.org/library/sigma-audit-policy-tampering-via-nt-resource-kit-auditpol-9e634835 2026-04-25T16:03:53.034Z monthly 0.6 https://detectionlint.org/library/sigma-set-suspicious-files-as-system-files-using-attribexe-e9fa5445 2026-04-25T16:03:52.768Z monthly 0.6 https://detectionlint.org/library/sigma-hiding-files-with-attribexe-2d15f397 2026-04-25T16:03:52.500Z monthly 0.6 https://detectionlint.org/library/sigma-uncommon-assistive-technology-applications-execution-via-atb-e9f2503c 2026-04-25T16:03:52.245Z monthly 0.6 https://detectionlint.org/library/sigma-interactive-at-job-c6b01dd3 2026-04-25T16:03:51.987Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-aspnet-compilation-via-aspnetcompiler-2e107a3d 2026-04-25T16:03:51.733Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-child-process-of-aspnetcompiler-d36be250 2026-04-25T16:03:51.480Z monthly 0.6 https://detectionlint.org/library/sigma-aspnetcompiler-execution-e9665380 2026-04-25T16:03:51.235Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-arcsocexe-child-process-0d69f0aa 2026-04-25T16:03:50.972Z monthly 0.6 https://detectionlint.org/library/sigma-uncommon-child-process-of-appvlpexe-1dd93821 2026-04-25T16:03:50.700Z monthly 0.6 https://detectionlint.org/library/sigma-windows-amsi-related-registry-tampering-via-commandline-e1cb7abb 2026-04-25T16:03:50.446Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-agentexecutor-powershell-execution-62bab30e 2026-04-25T16:03:50.194Z monthly 0.6 https://detectionlint.org/library/sigma-agentexecutor-powershell-execution-0c98e05f 2026-04-25T16:03:49.934Z monthly 0.6 https://detectionlint.org/library/sigma-potential-adplusexe-abuse-fffe2193 2026-04-25T16:03:49.681Z monthly 0.6 https://detectionlint.org/library/sigma-addinutilexe-execution-from-uncommon-directory-dc12c2e0 2026-04-25T16:03:49.433Z monthly 0.6 https://detectionlint.org/library/sigma-uncommon-addinutilexe-commandline-execution-6b674955 2026-04-25T16:03:49.181Z monthly 0.6 https://detectionlint.org/library/sigma-uncommon-child-process-of-addinutilexe-5b17f9b2 2026-04-25T16:03:48.923Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-addinutilexe-commandline-execution-74aa1f56 2026-04-25T16:03:48.667Z monthly 0.6 https://detectionlint.org/library/sigma-potential-dll-injection-via-acccheckconsole-d14e6d24 2026-04-25T16:03:48.409Z monthly 0.6 https://detectionlint.org/library/sigma-compress-data-and-lock-with-password-for-exfiltration-with-7-17c2f325 2026-04-25T16:03:48.152Z monthly 0.6 https://detectionlint.org/library/sigma-7zip-compressing-dump-files-c3089e12 2026-04-25T16:03:47.789Z monthly 0.6