https://detectionlint.org/ 2026-04-25T16:06:04.964Z weekly 1 https://detectionlint.org/analyze 2026-04-25T16:06:04.964Z weekly 0.9 https://detectionlint.org/library 2026-04-25T16:06:04.964Z daily 0.8 https://detectionlint.org/changelog 2026-04-25T16:06:04.964Z weekly 0.5 https://detectionlint.org/contact-sales 2026-04-25T16:06:04.964Z monthly 0.5 https://detectionlint.org/login 2026-04-25T16:06:04.964Z yearly 0.3 https://detectionlint.org/terms 2026-04-25T16:06:04.964Z yearly 0.3 https://detectionlint.org/privacy 2026-04-25T16:06:04.964Z yearly 0.3 https://detectionlint.org/refund 2026-04-25T16:06:04.964Z yearly 0.3 https://detectionlint.org/library/sigma-suspicious-powershell-encoded-command-patterns-73510cf7 2026-04-25T16:06:05.364Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-encoded-powershell-command-line-d09f1696 2026-04-25T16:06:05.096Z monthly 0.6 https://detectionlint.org/library/sigma-audio-capture-via-powershell-419155a4 2026-04-25T16:06:04.751Z monthly 0.6 https://detectionlint.org/library/sigma-potential-amsi-bypass-using-null-bits-ba7ea494 2026-04-25T16:06:04.494Z monthly 0.6 https://detectionlint.org/library/sigma-potential-amsi-bypass-via-net-reflection-e578d86a 2026-04-25T16:06:04.248Z monthly 0.6 https://detectionlint.org/library/sigma-add-windows-capability-via-powershell-cmdlet-fbcd42f9 2026-04-25T16:06:03.983Z monthly 0.6 https://detectionlint.org/library/sigma-potential-active-directory-enumeration-using-ad-module---pro-20810991 2026-04-25T16:06:03.724Z monthly 0.6 https://detectionlint.org/library/sigma-aadinternals-powershell-cmdlets-execution---proccesscreation-93a402a5 2026-04-25T16:06:03.469Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-powercfg-execution-to-change-lock-screen-timeout-5868fd75 2026-04-25T16:06:03.198Z monthly 0.6 https://detectionlint.org/library/sigma-potential-rdp-tunneling-via-plink-9a20c026 2026-04-25T16:06:02.929Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-plink-port-forwarding-2870dc6a 2026-04-25T16:06:02.665Z monthly 0.6 https://detectionlint.org/library/sigma-pktmonexe-execution-47bb35bb 2026-04-25T16:06:02.384Z monthly 0.6 https://detectionlint.org/library/sigma-ping-hex-ip-f50f7ef6 2026-04-25T16:06:02.111Z monthly 0.6 https://detectionlint.org/library/sigma-php-inline-command-execution-8e9f9135 2026-04-25T16:06:01.848Z monthly 0.6 https://detectionlint.org/library/sigma-perl-inline-command-execution-ca922955 2026-04-25T16:06:01.591Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-execution-of-pdqdeployrunner-29d640f2 2026-04-25T16:06:01.321Z monthly 0.6 https://detectionlint.org/library/sigma-pdq-deploy-remote-adminstartion-tool-execution-e519c8d8 2026-04-25T16:06:01.062Z monthly 0.6 https://detectionlint.org/library/sigma-potential-mpclientdll-sideloading-via-offlinescannershellexe-c985bb11 2026-04-25T16:06:00.789Z monthly 0.6 https://detectionlint.org/library/sigma-potential-arbitrary-dll-load-using-winword-84928027 2026-04-25T16:06:00.524Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-microsoft-office-child-process-255cde9f 2026-04-25T16:06:00.261Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-binary-in-user-directory-spawned-from-office-appl-0ed895a7 2026-04-25T16:05:59.996Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-remote-child-process-from-outlook-bdebb0dd 2026-04-25T16:05:59.734Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-outlook-child-process-e29b5653 2026-04-25T16:05:59.485Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-execution-from-outlook-temporary-folder-0a3f9373 2026-04-25T16:05:59.233Z monthly 0.6 https://detectionlint.org/library/sigma-outlook-enableunsafeclientmailrules-setting-enabled-98915196 2026-04-25T16:05:58.968Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-microsoft-onenote-child-process-ac740ae2 2026-04-25T16:05:58.668Z monthly 0.6 https://detectionlint.org/library/sigma-onenoteexe-execution-of-malicious-embedded-scripts-075b0565 2026-04-25T16:05:58.411Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-office-document-executed-from-trusted-2e670329 2026-04-25T16:05:58.158Z monthly 0.6 https://detectionlint.org/library/sigma-potential-excelexe-dcom-lateral-movement-via-activatemicroso-2bef8500 2026-04-25T16:05:57.904Z monthly 0.6 https://detectionlint.org/library/sigma-potential-arbitrary-file-download-using-office-application-f635914a 2026-04-25T16:05:57.635Z monthly 0.6 https://detectionlint.org/library/sigma-uncommon-child-process-spawned-by-odbcconfexe-58825ba2 2026-04-25T16:05:57.370Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-response-file-execution-via-odbcconfexe-a4003569 2026-04-25T16:05:57.105Z monthly 0.6 https://detectionlint.org/library/sigma-response-file-execution-via-odbcconfexe-6a8a81bc 2026-04-25T16:05:56.852Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-dll-registered-via-odbcconfexe-c92e02f5 2026-04-25T16:05:56.604Z monthly 0.6 https://detectionlint.org/library/sigma-new-dll-registered-via-odbcconfexe-6d58a393 2026-04-25T16:05:56.344Z monthly 0.6 https://detectionlint.org/library/sigma-odbcconfexe-suspicious-dll-location-8f5143c2 2026-04-25T16:05:56.078Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-driverdll-installation-via-odbcconfexe-c5b77776 2026-04-25T16:05:55.807Z monthly 0.6 https://detectionlint.org/library/sigma-driverdll-installation-via-odbcconfexe-928b3bd1 2026-04-25T16:05:55.535Z monthly 0.6 https://detectionlint.org/library/sigma-invocation-of-active-directory-diagnostic-tool-ntdsutilexe-5233da3c 2026-04-25T16:05:55.279Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-usage-of-active-directory-diagnostic-tool-ntdsuti-1ca3b639 2026-04-25T16:05:55.023Z monthly 0.6 https://detectionlint.org/library/sigma-nslookup-powershell-download-cradle---processcreation-7185bb3f 2026-04-25T16:05:54.772Z monthly 0.6 https://detectionlint.org/library/sigma-network-reconnaissance-activity-c055725b 2026-04-25T16:05:54.526Z monthly 0.6 https://detectionlint.org/library/sigma-notepad-password-files-discovery-70653418 2026-04-25T16:05:54.270Z monthly 0.6 https://detectionlint.org/library/sigma-node-process-executions-07c74541 2026-04-25T16:05:54.009Z monthly 0.6 https://detectionlint.org/library/sigma-potential-arbitrary-code-execution-via-nodeexe-380910b7 2026-04-25T16:05:53.740Z monthly 0.6 https://detectionlint.org/library/sigma-potential-recon-activity-via-nltestexe-a40330e4 2026-04-25T16:05:53.484Z monthly 0.6 https://detectionlint.org/library/sigma-nltestexe-execution-1210867b 2026-04-25T16:05:53.231Z monthly 0.6 https://detectionlint.org/library/sigma-harvesting-of-wifi-credentials-via-netshexe-1c339a2a 2026-04-25T16:05:52.974Z monthly 0.6 https://detectionlint.org/library/sigma-rdp-port-forwarding-rule-added-via-netshexe-a0e3f606 2026-04-25T16:05:52.717Z monthly 0.6 https://detectionlint.org/library/sigma-new-port-forwarding-rule-added-via-netshexe-8aa5b561 2026-04-25T16:05:52.449Z monthly 0.6 https://detectionlint.org/library/sigma-new-network-trace-capture-started-via-netshexe-bf0d773f 2026-04-25T16:05:52.183Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-via-netsh-helper-dll-16446c20 2026-04-25T16:05:51.923Z monthly 0.6 https://detectionlint.org/library/sigma-firewall-rule-update-via-netshexe-35f25dcf 2026-04-25T16:05:51.658Z monthly 0.6 https://detectionlint.org/library/sigma-firewall-configuration-discovery-via-netshexe-bd8e9861 2026-04-25T16:05:51.389Z monthly 0.6 https://detectionlint.org/library/sigma-netsh-allow-group-policy-on-microsoft-defender-firewall-cfea0c42 2026-04-25T16:05:51.115Z monthly 0.6 https://detectionlint.org/library/sigma-firewall-disabled-via-netshexe-9a95730c 2026-04-25T16:05:50.869Z monthly 0.6 https://detectionlint.org/library/sigma-firewall-rule-deleted-via-netshexe-a82e5369 2026-04-25T16:05:50.618Z monthly 0.6 https://detectionlint.org/library/sigma-rdp-connection-allowed-via-netshexe-05492e9e 2026-04-25T16:05:50.362Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-program-location-whitelisted-in-firewall-via-nets-3484a918 2026-04-25T16:05:50.097Z monthly 0.6 https://detectionlint.org/library/sigma-new-firewall-rule-added-via-netshexe-7c27b4f6 2026-04-25T16:05:49.751Z monthly 0.6 https://detectionlint.org/library/sigma-share-and-session-enumeration-using-netexe-46d7533f 2026-04-25T16:05:49.468Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-manipulation-of-default-accounts-via-netexe-a2d722d2 2026-04-25T16:05:49.221Z monthly 0.6 https://detectionlint.org/library/sigma-new-user-created-via-netexe-with-never-expire-option-9070224d 2026-04-25T16:05:48.970Z monthly 0.6 https://detectionlint.org/library/sigma-new-user-created-via-netexe-6e9c5d7e 2026-04-25T16:05:48.721Z monthly 0.6 https://detectionlint.org/library/sigma-password-provided-in-command-line-of-netexe-eb339415 2026-04-25T16:05:48.469Z monthly 0.6 https://detectionlint.org/library/sigma-system-network-connections-discovery-via-netexe-587ddac9 2026-04-25T16:05:48.220Z monthly 0.6 https://detectionlint.org/library/sigma-windows-share-mount-via-netexe-6430573a 2026-04-25T16:05:47.970Z monthly 0.6 https://detectionlint.org/library/sigma-windows-internet-hosted-webdav-share-mount-via-netexe-0517c3df 2026-04-25T16:05:47.704Z monthly 0.6 https://detectionlint.org/library/sigma-windows-admin-share-mount-via-netexe-80f3d9c5 2026-04-25T16:05:47.436Z monthly 0.6 https://detectionlint.org/library/sigma-stop-windows-service-via-netexe-6afdaae1 2026-04-25T16:05:47.191Z monthly 0.6 https://detectionlint.org/library/sigma-start-windows-service-via-netexe-08118757 2026-04-25T16:05:46.935Z monthly 0.6 https://detectionlint.org/library/sigma-unmount-share-via-netexe-71ce05c3 2026-04-25T16:05:46.690Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-group-and-account-reconnaissance-activity-using-n-9d72f8de 2026-04-25T16:05:46.449Z monthly 0.6 https://detectionlint.org/library/sigma-remote-xsl-execution-via-msxslexe-e8b6ee81 2026-04-25T16:05:46.200Z monthly 0.6 https://detectionlint.org/library/sigma-msxslexe-execution-a2689c14 2026-04-25T16:05:45.862Z monthly 0.6 https://detectionlint.org/library/sigma-mstscexe-execution-from-uncommon-parent-1b544d4f 2026-04-25T16:05:45.557Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-mstscexe-execution-with-local-rdp-file-681f4be2 2026-04-25T16:05:45.285Z monthly 0.6 https://detectionlint.org/library/sigma-mstscexe-execution-with-local-rdp-file-f3642e54 2026-04-25T16:05:45.034Z monthly 0.6 https://detectionlint.org/library/sigma-new-remote-desktop-connection-initiated-via-mstscexe-9ac7304a 2026-04-25T16:05:44.784Z monthly 0.6 https://detectionlint.org/library/sigma-potential-mstsc-shadowing-activity-5ee428e9 2026-04-25T16:05:44.533Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-child-process-of-veeam-dabatase-de6839a8 2026-04-25T16:05:44.288Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-child-process-of-sql-server-312c99d3 2026-04-25T16:05:44.049Z monthly 0.6 https://detectionlint.org/library/sigma-sql-client-tools-powershell-session-detection-099e2581 2026-04-25T16:05:43.789Z monthly 0.6 https://detectionlint.org/library/sigma-detection-of-powershell-execution-via-sqlpsexe-4eda2557 2026-04-25T16:05:43.533Z monthly 0.6 https://detectionlint.org/library/sigma-potential-process-injection-via-msraexe-8987b83e 2026-04-25T16:05:43.286Z monthly 0.6 https://detectionlint.org/library/sigma-arbitrary-file-download-via-mspubexe-7d8ebea4 2026-04-25T16:05:43.040Z monthly 0.6 https://detectionlint.org/library/sigma-arbitrary-file-download-via-msohtmedexe-e92c59a2 2026-04-25T16:05:42.803Z monthly 0.6 https://detectionlint.org/library/sigma-windows-msix-package-support-framework-ai_stubs-execution-2edfa1c1 2026-04-25T16:05:42.564Z monthly 0.6 https://detectionlint.org/library/sigma-msiexec-web-install-71a7dc9f 2026-04-25T16:05:42.316Z monthly 0.6 https://detectionlint.org/library/sigma-potential-msiexec-masquerading-87625a81 2026-04-25T16:05:42.071Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-msiexec-quiet-install-from-remote-location-6b292235 2026-04-25T16:05:41.816Z monthly 0.6 https://detectionlint.org/library/sigma-msiexec-quiet-installation-984c0fcd 2026-04-25T16:05:41.566Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-msiexec-execute-arbitrary-dll-caa7b2f8 2026-04-25T16:05:41.309Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-msiexec-embedding-parent-f92610d4 2026-04-25T16:05:41.055Z monthly 0.6 https://detectionlint.org/library/sigma-dllunregisterserver-function-call-via-msiexecexe-e2734234 2026-04-25T16:05:40.806Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-mshtaexe-execution-patterns-cbae50ef 2026-04-25T16:05:40.530Z monthly 0.6 https://detectionlint.org/library/sigma-mshta-execution-with-suspicious-file-extensions-9038ac4e 2026-04-25T16:05:40.282Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-mshta-child-process-f42e9aac 2026-04-25T16:05:40.035Z monthly 0.6 https://detectionlint.org/library/sigma-potential-lethalhta-technique-execution-29da85d5 2026-04-25T16:05:39.788Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-javascript-execution-via-mshtaexe-08d1e9d7 2026-04-25T16:05:39.544Z monthly 0.6 https://detectionlint.org/library/sigma-wscript-shell-run-in-commandline-ddde15ab 2026-04-25T16:05:39.291Z monthly 0.6 https://detectionlint.org/library/sigma-remotely-hosted-hta-file-executed-via-mshtaexe-e21c3da1 2026-04-25T16:05:39.043Z monthly 0.6 https://detectionlint.org/library/sigma-arbitrary-file-download-via-msedge_proxyexe-1d05e755 2026-04-25T16:05:38.795Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-msdt-parent-process-666fb7cd 2026-04-25T16:05:38.543Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-cabinet-file-execution-via-msdtexe-b7cc63a3 2026-04-25T16:05:38.285Z monthly 0.6 https://detectionlint.org/library/sigma-potential-arbitrary-command-execution-using-msdtexe-bd8973a2 2026-04-25T16:05:38.033Z monthly 0.6 https://detectionlint.org/library/sigma-msdt-execution-via-answer-file-b814cd2c 2026-04-25T16:05:37.793Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-msbuild-execution-by-uncommon-parent-process-2df3a31a 2026-04-25T16:05:37.549Z monthly 0.6 https://detectionlint.org/library/sigma-windows-defender-definition-files-removed-d2501a86 2026-04-25T16:05:37.307Z monthly 0.6 https://detectionlint.org/library/sigma-file-download-via-windows-defender-mpcmprunexe-192bd6c0 2026-04-25T16:05:37.063Z monthly 0.6 https://detectionlint.org/library/sigma-potential-mpclientdll-sideloading-via-defender-binaries-b1b91af4 2026-04-25T16:05:36.809Z monthly 0.6 https://detectionlint.org/library/sigma-potential-suspicious-mofcomp-execution-dd7346c9 2026-04-25T16:05:36.561Z monthly 0.6 https://detectionlint.org/library/sigma-codepage-modification-via-modecom-to-russian-language-00ad9089 2026-04-25T16:05:36.319Z monthly 0.6 https://detectionlint.org/library/sigma-mmc-spawning-windows-shell-b2aa759a 2026-04-25T16:05:36.064Z monthly 0.6 https://detectionlint.org/library/sigma-mmc-executing-files-with-reversed-extensions-using-rtlo-abus-8eb94df3 2026-04-25T16:05:35.807Z monthly 0.6 https://detectionlint.org/library/sigma-mmc20-lateral-movement-ea8da563 2026-04-25T16:05:35.557Z monthly 0.6 https://detectionlint.org/library/sigma-windows-default-domain-gpo-modification-via-gpme-df3ed6b7 2026-04-25T16:05:35.311Z monthly 0.6 https://detectionlint.org/library/sigma-potential-mftraceexe-abuse-ee39337a 2026-04-25T16:05:35.060Z monthly 0.6 https://detectionlint.org/library/sigma-potential-credential-dumping-via-lsass-process-clone-74982f21 2026-04-25T16:05:34.802Z monthly 0.6 https://detectionlint.org/library/sigma-lsa-ppl-protection-setting-modification-via-commandline-b949b98a 2026-04-25T16:05:34.384Z monthly 0.6 https://detectionlint.org/library/sigma-potential-register_appvbs-lolscript-abuse-f4d2482f 2026-04-25T16:05:34.125Z monthly 0.6 https://detectionlint.org/library/sigma-use-of-wfcexe-590577b1 2026-04-25T16:05:33.869Z monthly 0.6 https://detectionlint.org/library/sigma-use-of-vsiisexelauncherexe-fdbba08d 2026-04-25T16:05:33.623Z monthly 0.6 https://detectionlint.org/library/sigma-use-of-visualuiaverifynativeexe-2069d0f3 2026-04-25T16:05:33.373Z monthly 0.6 https://detectionlint.org/library/sigma-visual-basic-command-line-compiler-usage-734f6bcb 2026-04-25T16:05:33.124Z monthly 0.6 https://detectionlint.org/library/sigma-utilityfunctionsps1-proxy-dll-895c1879 2026-04-25T16:05:32.890Z monthly 0.6 https://detectionlint.org/library/sigma-lolbin-unregmp2exe-use-as-proxy-e46aeea6 2026-04-25T16:05:32.640Z monthly 0.6 https://detectionlint.org/library/sigma-time-travel-debugging-utility-usage-7a791c9e 2026-04-25T16:05:32.393Z monthly 0.6 https://detectionlint.org/library/sigma-use-of-ttdinjectexe-657f0175 2026-04-25T16:05:32.134Z monthly 0.6 https://detectionlint.org/library/sigma-potential-dll-injection-or-execution-using-trackerexe-e0c281f9 2026-04-25T16:05:31.893Z monthly 0.6 https://detectionlint.org/library/sigma-syncappvpublishingserver-vbs-execute-arbitrary-powershell-co-b02bb300 2026-04-25T16:05:31.639Z monthly 0.6 https://detectionlint.org/library/sigma-syncappvpublishingserver-execute-arbitrary-powershell-code-d96eb5f1 2026-04-25T16:05:31.393Z monthly 0.6 https://detectionlint.org/library/sigma-dumping-process-via-sqldumperexe-8d1cd2fc 2026-04-25T16:05:31.143Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-grpconv-execution-ac388faa 2026-04-25T16:05:30.904Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-driver-install-by-pnputilexe-5a92cb58 2026-04-25T16:05:30.660Z monthly 0.6 https://detectionlint.org/library/sigma-use-of-the-sftpexe-binary-as-a-lolbin-79432bb4 2026-04-25T16:05:30.423Z monthly 0.6 https://detectionlint.org/library/sigma-using-settingsynchostexe-as-lolbin-82704f28 2026-04-25T16:05:30.175Z monthly 0.6 https://detectionlint.org/library/sigma-use-of-scriptrunnerexe-5447c7de 2026-04-25T16:05:29.922Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-runscripthelperexe-2639f937 2026-04-25T16:05:29.674Z monthly 0.6 https://detectionlint.org/library/sigma-lolbin-runexehelper-use-as-proxy-1b70a68b 2026-04-25T16:05:29.430Z monthly 0.6 https://detectionlint.org/library/sigma-replaceexe-usage-23e21177 2026-04-25T16:05:29.186Z monthly 0.6 https://detectionlint.org/library/sigma-use-of-remoteexe-ef73d674 2026-04-25T16:05:28.944Z monthly 0.6 https://detectionlint.org/library/sigma-register_appvbs-proxy-execution-a06298b4 2026-04-25T16:05:28.656Z monthly 0.6 https://detectionlint.org/library/sigma-dll-execution-via-rasautouexe-f40fd01a 2026-04-25T16:05:28.408Z monthly 0.6 https://detectionlint.org/library/sigma-pubprnvbs-proxy-execution-45e1c34f 2026-04-25T16:05:28.154Z monthly 0.6 https://detectionlint.org/library/sigma-printbrm-zip-creation-of-extraction-50d18473 2026-04-25T16:05:27.894Z monthly 0.6 https://detectionlint.org/library/sigma-execute-code-with-pesterbat-1ff54415 2026-04-25T16:05:27.645Z monthly 0.6 https://detectionlint.org/library/sigma-execute-code-with-pesterbat-as-parent-0c302d20 2026-04-25T16:05:27.404Z monthly 0.6 https://detectionlint.org/library/sigma-code-execution-via-pcwutldll-dfa7665e 2026-04-25T16:05:27.140Z monthly 0.6 https://detectionlint.org/library/sigma-execute-pcwrunexe-to-leverage-follina-9f0793ad 2026-04-25T16:05:26.891Z monthly 0.6 https://detectionlint.org/library/sigma-indirect-command-execution-by-program-compatibility-wizard-3153a417 2026-04-25T16:05:26.648Z monthly 0.6 https://detectionlint.org/library/sigma-use-of-pcalua-for-execution-43da0992 2026-04-25T16:05:26.370Z monthly 0.6 https://detectionlint.org/library/sigma-openwithexe-executes-specified-binary-8bdde763 2026-04-25T16:05:26.128Z monthly 0.6 https://detectionlint.org/library/sigma-use-of-openconsole-0233a9ae 2026-04-25T16:05:25.886Z monthly 0.6 https://detectionlint.org/library/sigma-execute-files-with-msdeployexe-0283d933 2026-04-25T16:05:25.649Z monthly 0.6 https://detectionlint.org/library/sigma-mpiexec-lolbin-d246c7e7 2026-04-25T16:05:25.395Z monthly 0.6 https://detectionlint.org/library/sigma-mavinject-inject-dll-into-running-process-82aafbce 2026-04-25T16:05:25.125Z monthly 0.6 https://detectionlint.org/library/sigma-potential-manage-bdewsf-abuse-to-proxy-execution-9945bf67 2026-04-25T16:05:24.884Z monthly 0.6 https://detectionlint.org/library/sigma-launch-vsdevshellps1-proxy-execution-2c432583 2026-04-25T16:05:24.635Z monthly 0.6 https://detectionlint.org/library/sigma-ie4uinit-lolbin-use-from-invalid-path-e2003883 2026-04-25T16:05:24.387Z monthly 0.6 https://detectionlint.org/library/sigma-gpscript-execution-303c3589 2026-04-25T16:05:24.130Z monthly 0.6 https://detectionlint.org/library/sigma-potential-reconnaissance-activity-via-gathernetworkinfovbs-1f28b507 2026-04-25T16:05:23.870Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-extrac32-alternate-data-stream-execution-efe36890 2026-04-25T16:05:23.612Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-extrac32-execution-69cd634d 2026-04-25T16:05:23.369Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-diantz-download-and-compress-into-a-cab-file-f24a08e7 2026-04-25T16:05:23.131Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-diantz-alternate-data-stream-execution-ed633591 2026-04-25T16:05:22.882Z monthly 0.6 https://detectionlint.org/library/sigma-devtoolslauncherexe-executes-specified-binary-5154ebed 2026-04-25T16:05:22.641Z monthly 0.6 https://detectionlint.org/library/sigma-lolbas-data-exfiltration-by-datasvcutilexe-ea2e8a25 2026-04-25T16:05:22.395Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-windows-trace-etw-session-tamper-via-logmanexe-459a6d78 2026-04-25T16:05:22.158Z monthly 0.6 https://detectionlint.org/library/sigma-rebuild-performance-counter-values-via-lodctrexe-466bf265 2026-04-25T16:05:21.914Z monthly 0.6 https://detectionlint.org/library/sigma-uncommon-linkexe-parent-process-ac559718 2026-04-25T16:05:21.664Z monthly 0.6 https://detectionlint.org/library/sigma-import-ldap-data-interchange-format-file-via-ldifdeexe-0e28bde3 2026-04-25T16:05:21.427Z monthly 0.6 https://detectionlint.org/library/sigma-active-directory-structure-export-via-ldifdeexe-71712735 2026-04-25T16:05:21.184Z monthly 0.6 https://detectionlint.org/library/sigma-logged-on-user-password-change-via-ksetupexe-b5cf8e17 2026-04-25T16:05:20.943Z monthly 0.6 https://detectionlint.org/library/sigma-computer-password-change-via-ksetupexe-7778cd74 2026-04-25T16:05:20.685Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-child-process-of-keyscramblerexe-0bceaf27 2026-04-25T16:05:20.419Z monthly 0.6 https://detectionlint.org/library/sigma-attempts-of-kerberos-coercion-via-dns-spn-spoofing-224582f8 2026-04-25T16:05:20.171Z monthly 0.6 https://detectionlint.org/library/sigma-windows-kernel-debugger-execution-2e4e052c 2026-04-25T16:05:19.926Z monthly 0.6 https://detectionlint.org/library/sigma-kavremover-dropped-binary-lolbin-usage-ba42b534 2026-04-25T16:05:19.679Z monthly 0.6 https://detectionlint.org/library/sigma-jscript-compiler-execution-11474ed9 2026-04-25T16:05:19.335Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-sysaidserver-child-a423a545 2026-04-25T16:05:19.034Z monthly 0.6 https://detectionlint.org/library/sigma-shell-process-spawned-by-javaexe-b6889ad4 2026-04-25T16:05:18.780Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-processes-spawned-by-javaexe-a6742705 2026-04-25T16:05:18.540Z monthly 0.6 https://detectionlint.org/library/sigma-java-running-with-remote-debugging-dc11acf3 2026-04-25T16:05:18.293Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-child-process-of-manage-engine-servicedesk-1c1e5629 2026-04-25T16:05:18.042Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-shells-spawn-by-java-utility-keytool-196f42db 2026-04-25T16:05:17.772Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-execution-of-installutil-without-log-548a8b0d 2026-04-25T16:05:17.521Z monthly 0.6 https://detectionlint.org/library/sigma-file-download-via-installutilexe-7ca0861a 2026-04-25T16:05:17.273Z monthly 0.6 https://detectionlint.org/library/sigma-infdefaultinstallexe-inf-execution-d6f0ac9b 2026-04-25T16:05:17.029Z monthly 0.6 https://detectionlint.org/library/sigma-arbitrary-file-download-via-imewdbldexe-3bf375c0 2026-04-25T16:05:16.772Z monthly 0.6 https://detectionlint.org/library/sigma-imagingdevices-unusual-parentchild-processes-dccbd520 2026-04-25T16:05:16.530Z monthly 0.6 https://detectionlint.org/library/sigma-c-il-code-compilation-via-ilasmexe-077bf46a 2026-04-25T16:05:16.278Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-iis-module-registration-80d9ab61 2026-04-25T16:05:16.039Z monthly 0.6 https://detectionlint.org/library/sigma-iis-webserver-log-deletion-via-commandline-utilities-cc0410cb 2026-04-25T16:05:15.789Z monthly 0.6 https://detectionlint.org/library/sigma-microsoft-iis-connection-strings-decryption-3b8eebfa 2026-04-25T16:05:15.533Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-iis-url-globalrules-rewrite-via-appcmd-63ba1aa5 2026-04-25T16:05:15.272Z monthly 0.6 https://detectionlint.org/library/sigma-iis-native-code-module-command-line-installation-15537dbd 2026-04-25T16:05:15.019Z monthly 0.6 https://detectionlint.org/library/sigma-microsoft-iis-service-account-password-dumped-5abefddd 2026-04-25T16:05:14.778Z monthly 0.6 https://detectionlint.org/library/sigma-disable-windows-iis-http-logging-dd715a7d 2026-04-25T16:05:14.531Z monthly 0.6 https://detectionlint.org/library/sigma-self-extracting-package-creation-via-iexpressexe-from-potent-065b2b29 2026-04-25T16:05:14.284Z monthly 0.6 https://detectionlint.org/library/sigma-file-download-and-execution-via-ieexecexe-dffa13ab 2026-04-25T16:05:14.032Z monthly 0.6 https://detectionlint.org/library/sigma-use-icacls-to-hide-file-to-everyone-d60dc053 2026-04-25T16:05:13.775Z monthly 0.6 https://detectionlint.org/library/sigma-potential-fake-instance-of-hxtsrexe-executed-9f6b436c 2026-04-25T16:05:13.516Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-hwp-sub-processes-8362e573 2026-04-25T16:05:13.257Z monthly 0.6 https://detectionlint.org/library/sigma-hypervisor-protected-code-integrity-hvci-related-registry-ta-84c3c1de 2026-04-25T16:05:12.999Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-execution-of-hostname-68a20aca 2026-04-25T16:05:12.752Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-zipexec-execution-bfb147e4 2026-04-25T16:05:12.507Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---xordump-execution-96474c82 2026-04-25T16:05:12.245Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---wsass-execution-a89c3ec0 2026-04-25T16:05:12.008Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---wmiexec-default-powershell-command-6326ce62 2026-04-25T16:05:11.751Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---winpwn-execution-4bf9a05c 2026-04-25T16:05:11.496Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---winpeas-execution-8cb0a270 2026-04-25T16:05:11.254Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---windows-credential-editor-wce-execution-9524ba6d 2026-04-25T16:05:11.004Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---uacme-akagi-execution-72d3930b 2026-04-25T16:05:10.702Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---trufflesnout-execution-98be6ca9 2026-04-25T16:05:10.350Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---sysmoneop-execution-b242a67a 2026-04-25T16:05:10.095Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---stracciatella-execution-9327176e 2026-04-25T16:05:09.838Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---soaphound-execution-65d504e7 2026-04-25T16:05:09.592Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---sliver-c2-implant-activity-pattern-2db44608 2026-04-25T16:05:09.329Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---silenttrinity-stager-execution-dbc8710d 2026-04-25T16:05:09.073Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---sharpwsuswsuspendu-execution-ac6432a6 2026-04-25T16:05:08.827Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---sharpview-execution-da107f48 2026-04-25T16:05:08.582Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---sharpup-privesc-tool-execution-39c74f02 2026-04-25T16:05:08.335Z monthly 0.6 https://detectionlint.org/library/sigma-hktl---sharpsuccessor-privilege-escalation-tool-execution-6bde09bd 2026-04-25T16:05:08.093Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---sharpmove-tool-execution-cb447c0f 2026-04-25T16:05:07.847Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---sharpldapwhoami-execution-bf0a9e66 2026-04-25T16:05:07.587Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---sharpevtmute-execution-855a2d19 2026-04-25T16:05:07.328Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---sharpersist-execution-67e974ed 2026-04-25T16:05:07.078Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---sharpldapmonitor-execution-2b9e8a84 2026-04-25T16:05:06.833Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---sharpimpersonation-execution-39015169 2026-04-25T16:05:06.574Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---sharpdpapi-execution-ed16d05f 2026-04-25T16:05:06.329Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---sharpchisel-execution-2dff6022 2026-04-25T16:05:06.081Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---ppid-spoofing-selectmyparent-tool-execution-44701305 2026-04-25T16:05:05.831Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---securityxploded-execution-616cfbda 2026-04-25T16:05:05.575Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---safetykatz-execution-de63afa9 2026-04-25T16:05:05.324Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---rubeus-execution-0939f16f 2026-04-25T16:05:05.072Z monthly 0.6 https://detectionlint.org/library/sigma-potential-smb-relay-attack-tool-execution-dbf10f3b 2026-04-25T16:05:04.830Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---redmimicry-winnti-playbook-execution-1eb3c5f6 2026-04-25T16:05:04.581Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---quarks-pwdump-execution-9128e06b 2026-04-25T16:05:04.223Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---pypykatz-credentials-dumping-activity-36f7b3a6 2026-04-25T16:05:03.956Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---purplesharp-execution-53aa28d6 2026-04-25T16:05:03.714Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---powertool-execution-62ff4105 2026-04-25T16:05:03.420Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---default-powersploitempire-scheduled-task-creation-23ba3e79 2026-04-25T16:05:03.171Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---pchunter-execution-c017c7f9 2026-04-25T16:05:02.914Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---netexec-execution-cacc34b6 2026-04-25T16:05:02.664Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---mimikatz-execution-0d99e0cc 2026-04-25T16:05:02.407Z monthly 0.6 https://detectionlint.org/library/sigma-potential-meterpretercobaltstrike-activity-19b3f56b 2026-04-25T16:05:02.150Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---localpotato-execution-73c5d9b5 2026-04-25T16:05:01.904Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---lazagne-execution-7ef74b3d 2026-04-25T16:05:01.656Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---krbrelayup-execution-7988b04f 2026-04-25T16:05:01.406Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---remotekrbrelay-execution-695cb3ea 2026-04-25T16:05:01.142Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---krbrelay-execution-be1b625e 2026-04-25T16:05:00.864Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---koadic-execution-4fc39d27 2026-04-25T16:05:00.606Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---jlaive-in-memory-assembly-execution-b388a321 2026-04-25T16:05:00.362Z monthly 0.6 https://detectionlint.org/library/sigma-invoke-obfuscation-var-launcher-obfuscation-f79e3350 2026-04-25T16:05:00.116Z monthly 0.6 https://detectionlint.org/library/sigma-invoke-obfuscation-via-use-mshta-ff91895f 2026-04-25T16:04:59.868Z monthly 0.6 https://detectionlint.org/library/sigma-invoke-obfuscation-via-use-clip-b76bd7e7 2026-04-25T16:04:59.618Z monthly 0.6 https://detectionlint.org/library/sigma-invoke-obfuscation-via-stdin-29a19ab9 2026-04-25T16:04:59.368Z monthly 0.6 https://detectionlint.org/library/sigma-invoke-obfuscation-compress-obfuscation-dd23fd82 2026-04-25T16:04:59.125Z monthly 0.6 https://detectionlint.org/library/sigma-invoke-obfuscation-var-launcher-35bdc54f 2026-04-25T16:04:58.868Z monthly 0.6 https://detectionlint.org/library/sigma-invoke-obfuscation-stdin-launcher-858e1164 2026-04-25T16:04:58.615Z monthly 0.6 https://detectionlint.org/library/sigma-invoke-obfuscation-obfuscated-iex-invocation-983541e7 2026-04-25T16:04:58.365Z monthly 0.6 https://detectionlint.org/library/sigma-invoke-obfuscation-clip-launcher-d6221d64 2026-04-25T16:04:58.119Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---inveigh-execution-e842fae7 2026-04-25T16:04:57.860Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---impersonate-execution-a0672f67 2026-04-25T16:04:57.605Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---impacket-tools-execution-516eebfd 2026-04-25T16:04:57.354Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---potential-impacket-lateral-movement-activity-7cbff6f5 2026-04-25T16:04:57.093Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---hydra-password-bruteforce-execution-c4584306 2026-04-25T16:04:56.852Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---htrannatbypass-execution-c9659802 2026-04-25T16:04:56.599Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---hollowreaper-execution-3646ae59 2026-04-25T16:04:56.350Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---hashcat-password-cracker-execution-0b90be32 2026-04-25T16:04:56.101Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---handlekatz-lsass-dumper-execution-feee4522 2026-04-25T16:04:55.847Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---gmer-rootkit-detector-and-remover-execution-f1ba0762 2026-04-25T16:04:55.603Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool-execution---pe-metadata-16ae7b9f 2026-04-25T16:04:55.311Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool-execution---imphash-bce3a7bc 2026-04-25T16:04:55.067Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---winrm-access-via-evil-winrm-55ee7c04 2026-04-25T16:04:54.817Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---empire-powershell-uac-bypass-f84c5fbc 2026-04-25T16:04:54.560Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---empire-powershell-launch-parameters-c07f78a6 2026-04-25T16:04:54.322Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---edrsilencer-execution-ea281ef3 2026-04-25T16:04:54.083Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---edr-freeze-execution-77f6eed5 2026-04-25T16:04:53.837Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---dumpert-process-dumper-execution-d2335a35 2026-04-25T16:04:53.576Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---doppelanger-lsass-dumper-execution-352b7e92 2026-04-25T16:04:53.328Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---dinjector-powershell-cradle-execution-8b372db6 2026-04-25T16:04:53.087Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---createminidump-execution-90376199 2026-04-25T16:04:52.832Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---crackmapexec-powershell-obfuscation-01fee0c4 2026-04-25T16:04:52.591Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---crackmapexec-process-patterns-fcdd8f20 2026-04-25T16:04:52.323Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---crackmapexec-execution-patterns-2fd0b402 2026-04-25T16:04:52.062Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---crackmapexec-execution-cd0fb111 2026-04-25T16:04:51.811Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---covenant-powershell-launcher-1dae8c64 2026-04-25T16:04:51.559Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---coercedpotato-execution-009dbbf8 2026-04-25T16:04:51.306Z monthly 0.6 https://detectionlint.org/library/sigma-potential-cobaltstrike-process-patterns-6de1df35 2026-04-25T16:04:51.055Z monthly 0.6 https://detectionlint.org/library/sigma-cobaltstrike-load-by-rundll32-ded6b5f6 2026-04-25T16:04:50.811Z monthly 0.6 https://detectionlint.org/library/sigma-operator-bloopers-cobalt-strike-modules-fe2cf059 2026-04-25T16:04:50.549Z monthly 0.6 https://detectionlint.org/library/sigma-operator-bloopers-cobalt-strike-commands-f20293ea 2026-04-25T16:04:50.289Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---certipy-execution-ba1ff0d2 2026-04-25T16:04:50.043Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---certify-execution-003bcf98 2026-04-25T16:04:49.800Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---f-secure-c3-load-by-rundll32-15c11bde 2026-04-25T16:04:49.554Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---bloodhoundsharphound-execution-19bfcdb5 2026-04-25T16:04:49.305Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---adcspwn-execution-0682ca91 2026-04-25T16:04:48.964Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-hhexe-execution-f78bed69 2026-04-25T16:04:48.689Z monthly 0.6 https://detectionlint.org/library/sigma-html-help-hhexe-suspicious-child-process-ce9717a0 2026-04-25T16:04:48.437Z monthly 0.6 https://detectionlint.org/library/sigma-remote-chm-file-downloadexecution-via-hhexe-5b416d3e 2026-04-25T16:04:48.187Z monthly 0.6 https://detectionlint.org/library/sigma-hhexe-execution-384f6524 2026-04-25T16:04:47.936Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-gup-usage-094471c8 2026-04-25T16:04:47.680Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-child-process-of-notepad-updater---gupexe-0d2b51ab 2026-04-25T16:04:47.433Z monthly 0.6 https://detectionlint.org/library/sigma-file-download-using-notepad-gup-utility-0f909be6 2026-04-25T16:04:47.181Z monthly 0.6 https://detectionlint.org/library/sigma-arbitrary-binary-execution-using-gup-utility-e510e870 2026-04-25T16:04:46.918Z monthly 0.6 https://detectionlint.org/library/sigma-gpresult-display-group-policy-information-b8bda339 2026-04-25T16:04:46.675Z monthly 0.6 https://detectionlint.org/library/sigma-file-encryptiondecryption-via-gpg4win-from-suspicious-locati-5ac45d8f 2026-04-25T16:04:46.436Z monthly 0.6 https://detectionlint.org/library/sigma-portable-gpgexe-execution-3f2148a1 2026-04-25T16:04:46.181Z monthly 0.6 https://detectionlint.org/library/sigma-file-encryption-using-gpg4win-29502048 2026-04-25T16:04:45.935Z monthly 0.6 https://detectionlint.org/library/sigma-file-decryption-using-gpg4win-bb03f6bd 2026-04-25T16:04:45.683Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-googleupdate-child-process-84f9e569 2026-04-25T16:04:45.442Z monthly 0.6 https://detectionlint.org/library/sigma-github-self-hosted-runner-execution-7e648ada 2026-04-25T16:04:45.201Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-git-clone-d400f293 2026-04-25T16:04:44.958Z monthly 0.6 https://detectionlint.org/library/sigma-arbitrary-file-download-via-gfxdownloadwrapperexe-2fe29bf2 2026-04-25T16:04:44.712Z monthly 0.6 https://detectionlint.org/library/sigma-potential-arbitrary-command-execution-via-ftpexe-67c0f11a 2026-04-25T16:04:44.463Z monthly 0.6 https://detectionlint.org/library/sigma-fsutil-suspicious-invocation-eed8c14e 2026-04-25T16:04:44.218Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-ntfs-symlink-behavior-modification-1b284eab 2026-04-25T16:04:43.970Z monthly 0.6 https://detectionlint.org/library/sigma-fsutil-drive-enumeration-3f4d9119 2026-04-25T16:04:43.716Z monthly 0.6 https://detectionlint.org/library/sigma-use-of-fsharp-interpreters-bef33027 2026-04-25T16:04:43.470Z monthly 0.6 https://detectionlint.org/library/sigma-uncommon-filesystem-load-attempt-by-formatcom-e282ce84 2026-04-25T16:04:43.204Z monthly 0.6 https://detectionlint.org/library/sigma-forfiles-command-execution-fe645b85 2026-04-25T16:04:42.943Z monthly 0.6 https://detectionlint.org/library/sigma-forfilesexe-child-process-masquerading-d95aa559 2026-04-25T16:04:42.690Z monthly 0.6 https://detectionlint.org/library/sigma-sysmon-driver-unloaded-via-fltmcexe-d0ef4d61 2026-04-25T16:04:42.436Z monthly 0.6 https://detectionlint.org/library/sigma-filter-driver-unloaded-via-fltmcexe-9cd68f31 2026-04-25T16:04:42.196Z monthly 0.6 https://detectionlint.org/library/sigma-fingerexe-execution-0c50cac3 2026-04-25T16:04:41.943Z monthly 0.6 https://detectionlint.org/library/sigma-sysmon-discovery-via-default-driver-altitude-using-findstrex-f57554d6 2026-04-25T16:04:41.689Z monthly 0.6 https://detectionlint.org/library/sigma-insensitive-subfolder-search-via-findstrexe-ba5c8590 2026-04-25T16:04:41.434Z monthly 0.6 https://detectionlint.org/library/sigma-security-tools-keyword-lookup-via-findstrexe-30e29aa6 2026-04-25T16:04:41.178Z monthly 0.6 https://detectionlint.org/library/sigma-recon-command-output-piped-to-findstrexe-7dbffbfc 2026-04-25T16:04:40.917Z monthly 0.6 https://detectionlint.org/library/sigma-permission-misconfiguration-reconnaissance-via-findstrexe-69ba652f 2026-04-25T16:04:40.672Z monthly 0.6 https://detectionlint.org/library/sigma-lsass-process-reconnaissance-via-findstrexe-9f046378 2026-04-25T16:04:40.398Z monthly 0.6 https://detectionlint.org/library/sigma-findstr-launching-lnk-file-ba19a02b 2026-04-25T16:04:40.139Z monthly 0.6 https://detectionlint.org/library/sigma-findstr-gpp-passwords-918588cd 2026-04-25T16:04:39.888Z monthly 0.6 https://detectionlint.org/library/sigma-remote-file-download-via-findstrexe-d3763b39 2026-04-25T16:04:39.634Z monthly 0.6 https://detectionlint.org/library/sigma-explorer-nouaccheck-flag-f5b663bc 2026-04-25T16:04:39.393Z monthly 0.6 https://detectionlint.org/library/sigma-file-explorer-folder-opened-using-explorer-folder-shortcut-v-946cfbe2 2026-04-25T16:04:39.135Z monthly 0.6 https://detectionlint.org/library/sigma-explorer-process-tree-break-5f30baf7 2026-04-25T16:04:38.886Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-cabinet-file-expansion-e9dec41f 2026-04-25T16:04:38.625Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-event-viewer-child-process-b12625d6 2026-04-25T16:04:38.380Z monthly 0.6 https://detectionlint.org/library/sigma-security-event-logging-disabled-via-minint-registry-key---pr-cfff1083 2026-04-25T16:04:38.140Z monthly 0.6 https://detectionlint.org/library/sigma-esentutl-steals-browser-information-dc21b45d 2026-04-25T16:04:37.895Z monthly 0.6 https://detectionlint.org/library/sigma-copying-sensitive-files-with-credential-data-a713616d 2026-04-25T16:04:37.645Z monthly 0.6 https://detectionlint.org/library/sigma-esentutl-gather-credentials-91b63dcc 2026-04-25T16:04:37.404Z monthly 0.6 https://detectionlint.org/library/sigma-new-capture-session-launched-via-dxcapexe-065953c2 2026-04-25T16:04:37.148Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-dumpminitool-execution-d2167d41 2026-04-25T16:04:36.896Z monthly 0.6 https://detectionlint.org/library/sigma-dumpminitool-execution-4c11274e 2026-04-25T16:04:36.641Z monthly 0.6 https://detectionlint.org/library/sigma-potential-windows-defender-av-bypass-via-dump64exe-rename-a42b5ffc 2026-04-25T16:04:36.386Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-kernel-dump-using-dtrace-eb5b30c1 2026-04-25T16:04:36.125Z monthly 0.6 https://detectionlint.org/library/sigma-domain-trust-discovery-via-dsquery-c297d3ae 2026-04-25T16:04:35.875Z monthly 0.6 https://detectionlint.org/library/sigma-potential-password-spraying-attempt-using-dsaclsexe-35665287 2026-04-25T16:04:35.622Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-over-permissive-permissions-granted-using-dsacls-88362a27 2026-04-25T16:04:35.374Z monthly 0.6 https://detectionlint.org/library/sigma-driverqueryexe-execution-5f859923 2026-04-25T16:04:35.133Z monthly 0.6 https://detectionlint.org/library/sigma-potential-recon-activity-using-driverqueryexe-ee432d58 2026-04-25T16:04:34.876Z monthly 0.6 https://detectionlint.org/library/sigma-process-memory-dump-via-dotnet-dump-c903955a 2026-04-25T16:04:34.614Z monthly 0.6 https://detectionlint.org/library/sigma-binary-proxy-execution-via-dotnet-traceexe-4532ba4e 2026-04-25T16:04:34.344Z monthly 0.6 https://detectionlint.org/library/sigma-arbitrary-dll-or-csproj-code-execution-via-dotnetexe-c857d5f8 2026-04-25T16:04:34.094Z monthly 0.6 https://detectionlint.org/library/sigma-potential-application-whitelisting-bypass-via-dnxexe-c44372fb 2026-04-25T16:04:33.722Z monthly 0.6 https://detectionlint.org/library/sigma-new-dns-serverlevelplugindll-installed-via-dnscmdexe-4e7f7e3a 2026-04-25T16:04:33.473Z monthly 0.6 https://detectionlint.org/library/sigma-potential-discovery-activity-via-dnscmdexe-76c2cbfe 2026-04-25T16:04:33.223Z monthly 0.6 https://detectionlint.org/library/sigma-unusual-child-process-of-dnsexe-0d7c4496 2026-04-25T16:04:32.975Z monthly 0.6 https://detectionlint.org/library/sigma-dns-exfiltration-and-tunneling-tools-execution-d3dea254 2026-04-25T16:04:32.711Z monthly 0.6 https://detectionlint.org/library/sigma-dllhostexe-execution-anomaly-3590e47d 2026-04-25T16:04:32.457Z monthly 0.6 https://detectionlint.org/library/sigma-dll-sideloading-by-vmware-xfer-utility-f46fca1e 2026-04-25T16:04:32.204Z monthly 0.6 https://detectionlint.org/library/sigma-dism-remove-online-package-d5fd7381 2026-04-25T16:04:31.948Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-web-access-feature-enabled-via-dism-60eb6876 2026-04-25T16:04:31.705Z monthly 0.6 https://detectionlint.org/library/sigma-diskshadow-script-mode---execution-from-potential-suspicious-6886e4ba 2026-04-25T16:04:31.444Z monthly 0.6 https://detectionlint.org/library/sigma-diskshadow-script-mode---uncommon-script-extension-execution-6bb20616 2026-04-25T16:04:31.201Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-child-process-of-diskshadowexe-a54c7b78 2026-04-25T16:04:30.943Z monthly 0.6 https://detectionlint.org/library/sigma-system-information-discovery-via-registry-queries-b4546665 2026-04-25T16:04:30.684Z monthly 0.6 https://detectionlint.org/library/sigma-dirlister-execution-cc4949b4 2026-04-25T16:04:30.431Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-child-process-of-clickonce-applicatio-730c6c6f 2026-04-25T16:04:30.189Z monthly 0.6 https://detectionlint.org/library/sigma-arbitrary-msi-download-via-devinitexe-81cada5a 2026-04-25T16:04:29.945Z monthly 0.6 https://detectionlint.org/library/sigma-potential-dll-sideloading-via-deviceenrollerexe-b8a010b3 2026-04-25T16:04:29.690Z monthly 0.6 https://detectionlint.org/library/sigma-devicecredentialdeployment-execution-395e2027 2026-04-25T16:04:29.434Z monthly 0.6 https://detectionlint.org/library/sigma-devcon-execution-disabling-vmware-vmci-device-b4470062 2026-04-25T16:04:29.177Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-desktopimgdownldr-command-e8856d32 2026-04-25T16:04:28.934Z monthly 0.6 https://detectionlint.org/library/sigma-remote-file-download-via-desktopimgdownldr-utility-e94c5d4f 2026-04-25T16:04:28.687Z monthly 0.6 https://detectionlint.org/library/sigma-windows-defender-context-menu-removed-70a31478 2026-04-25T16:04:28.441Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-defender-threat-severity-default-action-set-to-al-7856ce9f 2026-04-25T16:04:28.190Z monthly 0.6 https://detectionlint.org/library/sigma-uncommon-child-process-of-defaultpackexe-798436a6 2026-04-25T16:04:27.948Z monthly 0.6 https://detectionlint.org/library/sigma-manageengine-endpoint-central-dctask64exe-potential-abuse-230ffcf6 2026-04-25T16:04:27.705Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-customshellhost-execution-99624ada 2026-04-25T16:04:27.458Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-curlexe-download-6488ac19 2026-04-25T16:04:27.201Z monthly 0.6 https://detectionlint.org/library/sigma-local-file-read-using-curlexe-770b4b5a 2026-04-25T16:04:26.952Z monthly 0.6 https://detectionlint.org/library/sigma-insecure-proxydoh-transfer-via-curlexe-f6d1d9e5 2026-04-25T16:04:26.710Z monthly 0.6 https://detectionlint.org/library/sigma-insecure-transfer-via-curlexe-19b789e6 2026-04-25T16:04:26.463Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-file-download-from-file-sharing-domain-via-curlex-b715daea 2026-04-25T16:04:26.218Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-file-download-from-ip-via-curlexe-898556d6 2026-04-25T16:04:25.969Z monthly 0.6 https://detectionlint.org/library/sigma-file-download-from-ip-url-via-curlexe-8d9ff37a 2026-04-25T16:04:25.705Z monthly 0.6 https://detectionlint.org/library/sigma-curl-web-request-with-potential-custom-user-agent-ee443609 2026-04-25T16:04:25.461Z monthly 0.6 https://detectionlint.org/library/sigma-potential-cookies-session-hijacking-c321b471 2026-04-25T16:04:25.220Z monthly 0.6 https://detectionlint.org/library/sigma-active-directory-structure-export-via-csvdeexe-b88c9156 2026-04-25T16:04:24.193Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-use-of-csharp-interactive-console-9b461bf7 2026-04-25T16:04:22.833Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-csiexe-usage-1b685425 2026-04-25T16:04:21.977Z monthly 0.6 https://detectionlint.org/library/sigma-cscexe-execution-form-potentially-suspicious-parent-c26bdcbc 2026-04-25T16:04:20.803Z monthly 0.6 https://detectionlint.org/library/sigma-dynamic-net-compilation-via-cscexe-55bd515c 2026-04-25T16:04:19.771Z monthly 0.6 https://detectionlint.org/library/sigma-windows-credential-guard-registry-tampering-via-commandline-f9229438 2026-04-25T16:04:19.529Z monthly 0.6 https://detectionlint.org/library/sigma-createdump-process-dump-483f4fe0 2026-04-25T16:04:19.279Z monthly 0.6 https://detectionlint.org/library/sigma-new-dmsa-service-account-created-in-specific-ous-ba5ca2c3 2026-04-25T16:04:19.033Z monthly 0.6 https://detectionlint.org/library/sigma-control-panel-items-a2a45fac 2026-04-25T16:04:18.698Z monthly 0.6 https://detectionlint.org/library/sigma-conhost-spawned-by-uncommon-parent-process-3a4cd3f2 2026-04-25T16:04:18.458Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-child-processes-spawned-by-conhost-7b8d27a8 2026-04-25T16:04:18.188Z monthly 0.6 https://detectionlint.org/library/sigma-uncommon-child-process-of-conhostexe-2ac14d8e 2026-04-25T16:04:17.941Z monthly 0.6 https://detectionlint.org/library/sigma-conhostexe-commandline-path-traversal-4f70fa71 2026-04-25T16:04:17.693Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-high-integritylevel-conhost-legacy-option-55caeeed 2026-04-25T16:04:17.443Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-executed-from-headless-conhost-process-55fd1208 2026-04-25T16:04:17.192Z monthly 0.6 https://detectionlint.org/library/sigma-arbitrary-file-download-via-configsecuritypolicyexe-a5e43ad8 2026-04-25T16:04:16.948Z monthly 0.6 https://detectionlint.org/library/sigma-openedr-spawning-command-shell-81c36420 2026-04-25T16:04:16.697Z monthly 0.6 https://detectionlint.org/library/sigma-cmstp-execution-process-creation-970f4b48 2026-04-25T16:04:16.448Z monthly 0.6 https://detectionlint.org/library/sigma-potential-arbitrary-file-download-via-cmdl32exe-833cb90c 2026-04-25T16:04:16.205Z monthly 0.6 https://detectionlint.org/library/sigma-potential-reconnaissance-for-cached-credentials-via-cmdkeyex-10a8e786 2026-04-25T16:04:15.956Z monthly 0.6 https://detectionlint.org/library/sigma-new-generic-credentials-added-via-cmdkeyexe-81c2ef72 2026-04-25T16:04:15.702Z monthly 0.6 https://detectionlint.org/library/sigma-unusual-parent-process-for-cmdexe-d71f8423 2026-04-25T16:04:15.451Z monthly 0.6 https://detectionlint.org/library/sigma-potential-downloadupload-activity-using-type-command-0a1a559e 2026-04-25T16:04:15.207Z monthly 0.6 https://detectionlint.org/library/sigma-persistence-via-sticky-key-backdoor-1206d0a2 2026-04-25T16:04:14.958Z monthly 0.6 https://detectionlint.org/library/sigma-sticky-key-like-backdoor-execution-c93d1221 2026-04-25T16:04:14.709Z monthly 0.6 https://detectionlint.org/library/sigma-read-contents-from-stdin-via-cmdexe-d57f367f 2026-04-25T16:04:14.460Z monthly 0.6 https://detectionlint.org/library/sigma-copy-from-volumeshadowcopy-via-cmdexe-b5ddfc56 2026-04-25T16:04:14.209Z monthly 0.6 https://detectionlint.org/library/sigma-directory-removal-via-rmdir-7ed8e328 2026-04-25T16:04:13.938Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-cmd-shell-output-redirect-00ef3e31 2026-04-25T16:04:13.695Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-pingdel-command-combination-4d4d6e2b 2026-04-25T16:04:13.435Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-pingcopy-command-combination-efd6322e 2026-04-25T16:04:13.192Z monthly 0.6 https://detectionlint.org/library/sigma-potential-commandline-path-traversal-via-cmdexe-669fcb6d 2026-04-25T16:04:12.911Z monthly 0.6 https://detectionlint.org/library/sigma-ntdllpipe-like-activity-execution-36df1513 2026-04-25T16:04:12.652Z monthly 0.6 https://detectionlint.org/library/sigma-cmdexe-missing-space-characters-execution-anomaly-d0e986c6 2026-04-25T16:04:12.402Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-file-execution-from-internet-hosted-webdav-share-f13bed6d 2026-04-25T16:04:12.117Z monthly 0.6 https://detectionlint.org/library/sigma-volumeshadowcopy-symlink-creation-via-mklink-bc4f21ce 2026-04-25T16:04:11.870Z monthly 0.6 https://detectionlint.org/library/sigma-potential-privilege-escalation-using-symlink-between-osk-and-52e64f41 2026-04-25T16:04:11.621Z monthly 0.6 https://detectionlint.org/library/sigma-cmd-launched-with-hidden-start-flags-to-suspicious-targets-2c74dbc0 2026-04-25T16:04:11.371Z monthly 0.6 https://detectionlint.org/library/sigma-command-line-execution-with-suspicious-url-and-appdata-strin-16990207 2026-04-25T16:04:11.127Z monthly 0.6 https://detectionlint.org/library/sigma-potential-dosfuscation-activity-670b1eed 2026-04-25T16:04:10.877Z monthly 0.6 https://detectionlint.org/library/sigma-file-and-subfolder-enumeration-via-dir-command-f7c0ed99 2026-04-25T16:04:10.632Z monthly 0.6 https://detectionlint.org/library/sigma-greedy-file-deletion-using-del-c884b198 2026-04-25T16:04:10.379Z monthly 0.6 https://detectionlint.org/library/sigma-file-deletion-via-del-74a2bd7c 2026-04-25T16:04:10.130Z monthly 0.6 https://detectionlint.org/library/sigma-curl-download-and-execute-combination-4981c40b 2026-04-25T16:04:09.886Z monthly 0.6 https://detectionlint.org/library/sigma-copy-dmpdump-files-from-remote-share-via-cmdexe-115bcd9f 2026-04-25T16:04:09.630Z monthly 0.6 https://detectionlint.org/library/sigma-change-default-file-association-to-executable-via-assoc-d98d35d6 2026-04-25T16:04:09.379Z monthly 0.6 https://detectionlint.org/library/sigma-change-default-file-association-via-assoc-5fcbb55b 2026-04-25T16:04:09.134Z monthly 0.6 https://detectionlint.org/library/sigma-cloudflared-tunnel-execution-537ccfd8 2026-04-25T16:04:08.882Z monthly 0.6 https://detectionlint.org/library/sigma-cloudflared-tunnel-connections-cleanup-f4d04862 2026-04-25T16:04:08.627Z monthly 0.6 https://detectionlint.org/library/sigma-cloudflared-quick-tunnel-execution-20007733 2026-04-25T16:04:08.371Z monthly 0.6 https://detectionlint.org/library/sigma-cloudflared-portable-execution-a9873bce 2026-04-25T16:04:08.122Z monthly 0.6 https://detectionlint.org/library/sigma-data-copied-to-clipboard-via-clipexe-254678f6 2026-04-25T16:04:07.859Z monthly 0.6 https://detectionlint.org/library/sigma-process-access-via-trolleyexpress-exclusion-9edaf314 2026-04-25T16:04:07.612Z monthly 0.6 https://detectionlint.org/library/sigma-deleted-data-overwritten-via-cipherexe-4a0a8179 2026-04-25T16:04:07.365Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-codepage-switch-via-chcp-e1ad99a0 2026-04-25T16:04:07.119Z monthly 0.6 https://detectionlint.org/library/sigma-console-codepage-lookup-via-chcp-c1302120 2026-04-25T16:04:06.860Z monthly 0.6 https://detectionlint.org/library/sigma-potential-ntlm-coercion-via-certutilexe-a21f71c5 2026-04-25T16:04:06.608Z monthly 0.6 https://detectionlint.org/library/sigma-certificate-exported-via-certutilexe-071aabb6 2026-04-25T16:04:06.352Z monthly 0.6 https://detectionlint.org/library/sigma-file-in-suspicious-location-encoded-to-base64-via-certutilex-68739ee3 2026-04-25T16:04:06.101Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-file-encoded-to-base64-via-certutilexe-4204c1e7 2026-04-25T16:04:05.854Z monthly 0.6 https://detectionlint.org/library/sigma-file-encoded-to-base64-via-certutilexe-fd5b6a55 2026-04-25T16:04:05.599Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-file-downloaded-from-file-sharing-website-via-cer-0dc2eae7 2026-04-25T16:04:05.349Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-file-downloaded-from-direct-ip-via-certutilexe-cb7b2675 2026-04-25T16:04:05.087Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-download-via-certutilexe-b2c5b7ac 2026-04-25T16:04:04.609Z monthly 0.6 https://detectionlint.org/library/sigma-file-decoded-from-base64hex-via-certutilexe-17c5a45c 2026-04-25T16:04:03.716Z monthly 0.6 https://detectionlint.org/library/sigma-new-root-certificate-installed-via-certutilexe-89ba25b9 2026-04-25T16:04:02.248Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-certreq-command-to-download-901342ae 2026-04-25T16:04:01.596Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-dll-loaded-via-certocexe-3115c591 2026-04-25T16:04:01.325Z monthly 0.6 https://detectionlint.org/library/sigma-dll-loaded-via-certocexe-49f21495 2026-04-25T16:04:01.081Z monthly 0.6 https://detectionlint.org/library/sigma-file-download-from-ip-based-url-via-certocexe-cbe89a97 2026-04-25T16:04:00.829Z monthly 0.6 https://detectionlint.org/library/sigma-file-download-via-certocexe-90e8c995 2026-04-25T16:04:00.571Z monthly 0.6 https://detectionlint.org/library/sigma-new-root-certificate-installed-via-certmgrexe-241e2dbd 2026-04-25T16:04:00.328Z monthly 0.6 https://detectionlint.org/library/sigma-potential-binary-proxy-execution-via-cdbexe-4c70aa59 2026-04-25T16:04:00.080Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-calculator-usage-9742fa44 2026-04-25T16:03:59.832Z monthly 0.6 https://detectionlint.org/library/sigma-tor-clientbrowser-execution-64425327 2026-04-25T16:03:59.578Z monthly 0.6 https://detectionlint.org/library/sigma-browser-started-with-remote-debugging-716b427a 2026-04-25T16:03:59.337Z monthly 0.6 https://detectionlint.org/library/sigma-file-download-from-browser-process-via-inline-url-8bb724b6 2026-04-25T16:03:59.090Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-chromium-browser-instance-executed-with-custom-ex-758b9cd1 2026-04-25T16:03:58.845Z monthly 0.6 https://detectionlint.org/library/sigma-chromium-browser-headless-execution-to-mockbin-like-site-9313da26 2026-04-25T16:03:58.585Z monthly 0.6 https://detectionlint.org/library/sigma-chromium-browser-instance-executed-with-custom-extension-cac7f07b 2026-04-25T16:03:58.327Z monthly 0.6 https://detectionlint.org/library/sigma-file-download-with-headless-browser-6f1b4254 2026-04-25T16:03:58.077Z monthly 0.6 https://detectionlint.org/library/sigma-browser-execution-in-headless-mode-ec254770 2026-04-25T16:03:57.820Z monthly 0.6 https://detectionlint.org/library/sigma-potential-data-stealing-via-chromium-headless-debugging-3b852f27 2026-04-25T16:03:57.558Z monthly 0.6 https://detectionlint.org/library/sigma-monitoring-for-persistence-via-bits-c3d16270 2026-04-25T16:03:57.309Z monthly 0.6 https://detectionlint.org/library/sigma-file-download-via-bitsadmin-to-a-suspicious-target-folder-3457d466 2026-04-25T16:03:57.061Z monthly 0.6 https://detectionlint.org/library/sigma-file-with-suspicious-extension-downloaded-via-bitsadmin-25677903 2026-04-25T16:03:56.809Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-download-from-file-sharing-website-via-bitsadmin-911e33a7 2026-04-25T16:03:56.562Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-download-from-direct-ip-via-bitsadmin-8b04564c 2026-04-25T16:03:56.313Z monthly 0.6 https://detectionlint.org/library/sigma-file-download-via-bitsadmin-351c9620 2026-04-25T16:03:56.050Z monthly 0.6 https://detectionlint.org/library/sigma-bitlockertogoexe-execution-af662507 2026-04-25T16:03:55.802Z monthly 0.6 https://detectionlint.org/library/sigma-uncommon-child-process-of-bginfoexe-590f4439 2026-04-25T16:03:55.553Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-child-process-of-bginfoexe-f4c23b75 2026-04-25T16:03:55.294Z monthly 0.6 https://detectionlint.org/library/sigma-data-export-from-mssql-table-via-bcpexe-f6fc174b 2026-04-25T16:03:55.050Z monthly 0.6 https://detectionlint.org/library/sigma-potential-ransomware-or-unauthorized-mbr-tampering-via-bcded-15b8d0a6 2026-04-25T16:03:54.799Z monthly 0.6 https://detectionlint.org/library/sigma-boot-configuration-tampering-via-bcdeditexe-427a4c4f 2026-04-25T16:03:54.549Z monthly 0.6 https://detectionlint.org/library/sigma-indirect-command-execution-from-script-file-via-bashexe-532b7bd9 2026-04-25T16:03:54.304Z monthly 0.6 https://detectionlint.org/library/sigma-indirect-inline-command-execution-via-bashexe-d3219707 2026-04-25T16:03:54.048Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-bitlocker-access-agent-update-utility-execution-39019116 2026-04-25T16:03:53.792Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-autorun-registry-modified-via-wmi-c03338b3 2026-04-25T16:03:53.541Z monthly 0.6 https://detectionlint.org/library/sigma-audit-policy-tampering-via-auditpol-464ed49a 2026-04-25T16:03:53.288Z monthly 0.6 https://detectionlint.org/library/sigma-audit-policy-tampering-via-nt-resource-kit-auditpol-9e634835 2026-04-25T16:03:53.034Z monthly 0.6 https://detectionlint.org/library/sigma-set-suspicious-files-as-system-files-using-attribexe-e9fa5445 2026-04-25T16:03:52.768Z monthly 0.6 https://detectionlint.org/library/sigma-hiding-files-with-attribexe-2d15f397 2026-04-25T16:03:52.500Z monthly 0.6 https://detectionlint.org/library/sigma-uncommon-assistive-technology-applications-execution-via-atb-e9f2503c 2026-04-25T16:03:52.245Z monthly 0.6 https://detectionlint.org/library/sigma-interactive-at-job-c6b01dd3 2026-04-25T16:03:51.987Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-aspnet-compilation-via-aspnetcompiler-2e107a3d 2026-04-25T16:03:51.733Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-child-process-of-aspnetcompiler-d36be250 2026-04-25T16:03:51.480Z monthly 0.6 https://detectionlint.org/library/sigma-aspnetcompiler-execution-e9665380 2026-04-25T16:03:51.235Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-arcsocexe-child-process-0d69f0aa 2026-04-25T16:03:50.972Z monthly 0.6 https://detectionlint.org/library/sigma-uncommon-child-process-of-appvlpexe-1dd93821 2026-04-25T16:03:50.700Z monthly 0.6 https://detectionlint.org/library/sigma-windows-amsi-related-registry-tampering-via-commandline-e1cb7abb 2026-04-25T16:03:50.446Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-agentexecutor-powershell-execution-62bab30e 2026-04-25T16:03:50.194Z monthly 0.6 https://detectionlint.org/library/sigma-agentexecutor-powershell-execution-0c98e05f 2026-04-25T16:03:49.934Z monthly 0.6 https://detectionlint.org/library/sigma-potential-adplusexe-abuse-fffe2193 2026-04-25T16:03:49.681Z monthly 0.6 https://detectionlint.org/library/sigma-addinutilexe-execution-from-uncommon-directory-dc12c2e0 2026-04-25T16:03:49.433Z monthly 0.6 https://detectionlint.org/library/sigma-uncommon-addinutilexe-commandline-execution-6b674955 2026-04-25T16:03:49.181Z monthly 0.6 https://detectionlint.org/library/sigma-uncommon-child-process-of-addinutilexe-5b17f9b2 2026-04-25T16:03:48.923Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-addinutilexe-commandline-execution-74aa1f56 2026-04-25T16:03:48.667Z monthly 0.6 https://detectionlint.org/library/sigma-potential-dll-injection-via-acccheckconsole-d14e6d24 2026-04-25T16:03:48.409Z monthly 0.6 https://detectionlint.org/library/sigma-compress-data-and-lock-with-password-for-exfiltration-with-7-17c2f325 2026-04-25T16:03:48.152Z monthly 0.6 https://detectionlint.org/library/sigma-7zip-compressing-dump-files-c3089e12 2026-04-25T16:03:47.789Z monthly 0.6 https://detectionlint.org/library/sigma-service-registry-permissions-weakness-check-0c403fa4 2026-04-25T15:40:51.546Z monthly 0.6 https://detectionlint.org/library/sigma-network-connection-initiated-by-imewdbldexe-7035864b 2026-04-25T15:40:51.050Z monthly 0.6 https://detectionlint.org/library/kql-rpm-package-installed-by-unusual-parent-process-1cc3fd67 2026-04-25T15:40:50.631Z monthly 0.6 https://detectionlint.org/library/kql-multiple-alerts-in-different-attck-tactics-on-a-single-host-5203eadb 2026-04-25T15:40:50.128Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-file-creation-by-openedrs-itsmservice-6878f8cc 2026-04-25T15:40:49.388Z monthly 0.6 https://detectionlint.org/library/sigma-dll-sideloading-of-shellchromeapidll-ab50fd80 2026-04-25T15:40:49.382Z monthly 0.6 https://detectionlint.org/library/sigma-windows-credential-guard-related-registry-value-deleted---re-5318ba3c 2026-04-25T15:40:16.730Z monthly 0.6 https://detectionlint.org/library/spl-linux-high-frequency-of-file-deletion-in-etc-folder-08d65c71 2026-04-25T15:40:16.230Z monthly 0.6 https://detectionlint.org/library/sigma-login-to-disabled-account-34cae106 2026-04-25T15:40:15.228Z monthly 0.6 https://detectionlint.org/library/sigma-process-initiated-network-connection-to-ngrok-domain-bc90fa17 2026-04-25T15:40:14.308Z monthly 0.6 https://detectionlint.org/library/spl-windows-autostart-execution-lsass-driver-registry-modificati-6cac218a 2026-04-25T15:40:10.791Z monthly 0.6 https://detectionlint.org/library/sigma-disabled-mfa-to-bypass-authentication-mechanisms-6527024d 2026-04-25T15:40:10.283Z monthly 0.6 https://detectionlint.org/library/kql-rare-smb-connection-to-the-internet-cb64bdda 2026-04-25T15:40:09.285Z monthly 0.6 https://detectionlint.org/library/spl-windows-dll-search-order-hijacking-with-iscsicpl-f99ef33b 2026-04-25T15:40:08.699Z monthly 0.6 https://detectionlint.org/library/sigma-azure-domain-federation-settings-modified-9276c952 2026-04-25T15:40:08.280Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-file-creation-activity-from-fake-recyclebin-folde-7bbd4ff9 2026-04-25T15:39:29.534Z monthly 0.6 https://detectionlint.org/library/sigma-sharphound-recon-account-discovery-a16b6ec6 2026-04-25T15:39:29.100Z monthly 0.6 https://detectionlint.org/library/sigma-potential-ransomware-activity-using-legalnotice-message-f75ea7cd 2026-04-25T15:39:28.527Z monthly 0.6 https://detectionlint.org/library/sigma-hidden-flag-set-on-filedirectory-via-chflags---macos-8ec1ad53 2026-04-25T15:39:28.027Z monthly 0.6 https://detectionlint.org/library/sigma-automated-collection-bookmarks-using-get-childitem-powershel-4f285fe9 2026-04-25T15:39:27.607Z monthly 0.6 https://detectionlint.org/library/kql-genai-process-connection-to-unusual-domain-2e6bd02f 2026-04-25T15:39:27.451Z monthly 0.6 https://detectionlint.org/library/sigma-user-removed-from-group-with-ca-policy-modification-access-f21ddf59 2026-04-25T15:39:15.275Z monthly 0.6 https://detectionlint.org/library/sigma-azure-kubernetes-events-deleted-02771811 2026-04-25T15:39:14.859Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-via-chm-helper-dll-4187bff5 2026-04-25T15:39:14.356Z monthly 0.6 https://detectionlint.org/library/spl-first-time-seen-child-process-of-zoom-a2ee0a5d 2026-04-25T15:39:13.044Z monthly 0.6 https://detectionlint.org/library/sigma-potential-ccleanerreactivatordll-sideloading-f46f56ad 2026-04-25T15:39:13.024Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_guardduty_publishing_destination_deleted-c5f65e92 2026-04-25T15:38:53.424Z monthly 0.6 https://detectionlint.org/library/spl-creation-of-lsass-dump-with-taskmgr-feb19062 2026-04-25T15:38:52.922Z monthly 0.6 https://detectionlint.org/library/sigma-windows-defender-service-disabled---registry-909c03c5 2026-04-25T15:38:52.476Z monthly 0.6 https://detectionlint.org/library/spl-petitpotam-suspicious-kerberos-tgt-request-48c6446d 2026-04-25T15:38:51.921Z monthly 0.6 https://detectionlint.org/library/yara-l-geoip_user_login_from_multiple_states_or_countries-da8c271e 2026-04-25T15:38:51.512Z monthly 0.6 https://detectionlint.org/library/spl-windows-hunting-system-account-targeting-lsass-23c4f804 2026-04-25T15:38:50.708Z monthly 0.6 https://detectionlint.org/library/sigma-increased-failed-authentications-of-any-type-ef7a8732 2026-04-25T15:38:12.398Z monthly 0.6 https://detectionlint.org/library/kql-silk-typhoon-suspicious-um-service-error-075916c3 2026-04-25T15:38:11.481Z monthly 0.6 https://detectionlint.org/library/sigma-ca-policy-removed-by-non-approved-actor-c3a52315 2026-04-25T15:38:10.479Z monthly 0.6 https://detectionlint.org/library/sigma-use-of-hidden-paths-or-files-b0ebd2c7 2026-04-25T15:38:09.976Z monthly 0.6 https://detectionlint.org/library/sigma-bitbucket-secret-scanning-rule-deleted-4616ce93 2026-04-25T15:38:09.951Z monthly 0.6 https://detectionlint.org/library/kql-unusual-login-via-system-user-097a24cc 2026-04-25T15:38:05.146Z monthly 0.6 https://detectionlint.org/library/kql-unusual-web-config-file-access-f46c50b8 2026-04-25T15:38:04.564Z monthly 0.6 https://detectionlint.org/library/spl-shai-hulud-2-exfiltration-artifact-files-36d8ad4f 2026-04-25T15:38:04.144Z monthly 0.6 https://detectionlint.org/library/kql-end-user-consent-stopped-due-to-risk-based-consent-ffb0f72f 2026-04-25T15:38:03.641Z monthly 0.6 https://detectionlint.org/library/sigma-aws-enableregion-command-monitoring-bcbb8f7b 2026-04-25T15:38:03.396Z monthly 0.6 https://detectionlint.org/library/sigma-aruba-network-service-potential-dll-sideloading-9b7861b7 2026-04-25T15:37:40.248Z monthly 0.6 https://detectionlint.org/library/sigma-new-federated-domain-added-db541ce9 2026-04-25T15:37:39.665Z monthly 0.6 https://detectionlint.org/library/kql-service-principal-assigned-privileged-role-2bad49f5 2026-04-25T15:37:39.170Z monthly 0.6 https://detectionlint.org/library/spl-remcos-rat-file-creation-in-remcos-folder-650ac384 2026-04-25T15:37:38.826Z monthly 0.6 https://detectionlint.org/library/sigma-uncommon-file-created-in-office-startup-folder-6188b8ab 2026-04-25T15:37:38.727Z monthly 0.6 https://detectionlint.org/library/sigma-new-bginfoexe-custom-db-path-registry-configuration-76147612 2026-04-25T15:37:29.963Z monthly 0.6 https://detectionlint.org/library/sigma-azure-service-principal-created-be8cd743 2026-04-25T15:37:29.547Z monthly 0.6 https://detectionlint.org/library/spl-powershell-disable-security-monitoring-42bf2e78 2026-04-25T15:37:28.956Z monthly 0.6 https://detectionlint.org/library/sigma-office-application-initiated-network-connection-over-uncommo-14c0bf53 2026-04-25T15:37:28.457Z monthly 0.6 https://detectionlint.org/library/sigma-aws-guardduty-important-change-fba5595b 2026-04-25T15:37:27.794Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-file-write-to-sharepoint-layouts-directory-97253451 2026-04-25T15:36:59.374Z monthly 0.6 https://detectionlint.org/library/spl-creation-of-shadow-copy-with-wmic-and-powershell-9be97a6d 2026-04-25T15:36:58.437Z monthly 0.6 https://detectionlint.org/library/spl-kerberos-pre-authentication-flag-disabled-in-useraccountcont-838c245f 2026-04-25T15:36:57.354Z monthly 0.6 https://detectionlint.org/library/spl-domain-account-discovery-with-wmic-a02034d1 2026-04-25T15:36:56.965Z monthly 0.6 https://detectionlint.org/library/spl-windows-cisco-secure-endpoint-related-service-stopped-42eae873 2026-04-25T15:36:44.330Z monthly 0.6 https://detectionlint.org/library/sigma-com-object-hijacking-via-modification-of-default-system-clsi-f709bb27 2026-04-25T15:36:42.743Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-wuauclt-network-connection-9213e7f5 2026-04-25T15:36:42.346Z monthly 0.6 https://detectionlint.org/library/sigma-azure-dns-zone-modified-or-deleted-f754f1ad 2026-04-25T15:36:41.857Z monthly 0.6 https://detectionlint.org/library/sigma-app-granted-privileged-delegated-or-app-permissions-eb003f83 2026-04-25T15:36:21.671Z monthly 0.6 https://detectionlint.org/library/sigma-pdf-file-created-by-regeditexe-d9013726 2026-04-25T15:36:21.172Z monthly 0.6 https://detectionlint.org/library/sigma-gotoassist-temporary-installation-artefact-2ca16551 2026-04-25T15:36:20.756Z monthly 0.6 https://detectionlint.org/library/kql-rpc-remote-procedure-call-to-the-internet-cf4235a7 2026-04-25T15:36:20.269Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-space-characters-in-typedpaths-registry-path---fi-1e1cafc4 2026-04-25T15:36:16.360Z monthly 0.6 https://detectionlint.org/library/sigma-bpfdoor-tcp-ports-redirect-22dbfba7 2026-04-25T15:36:15.942Z monthly 0.6 https://detectionlint.org/library/sigma-uac-bypass-abusing-winsat-path-parsing---registry-6091a4c5 2026-04-25T15:36:15.449Z monthly 0.6 https://detectionlint.org/library/sigma-execution-dll-of-choice-using-wabexe-9a161aa0 2026-04-25T15:36:14.857Z monthly 0.6 https://detectionlint.org/library/kql-inbound-connection-to-an-unsecure-elasticsearch-node-eb1f5740 2026-04-25T15:36:14.440Z monthly 0.6 https://detectionlint.org/library/sigma-hybridconnectionmanager-service-installation---registry-2c0d2351 2026-04-25T15:36:13.967Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_ec2_ami_or_snapshot_shared_publicly-524bd054 2026-04-25T15:36:13.963Z monthly 0.6 https://detectionlint.org/library/spl-process-creating-lnk-file-in-suspicious-location-f4210df0 2026-04-25T15:35:36.310Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-get-information-for-smb-share-230a4d90 2026-04-25T15:35:35.727Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-volume-shadow-copy-vss_psdll-load-825561ba 2026-04-25T15:35:35.226Z monthly 0.6 https://detectionlint.org/library/kql-ipsec-nat-traversal-port-activity-8030f102 2026-04-25T15:35:34.724Z monthly 0.6 https://detectionlint.org/library/sigma-potential-com-object-hijacking-via-treatas-subkey---registry-b6a3d880 2026-04-25T15:35:34.308Z monthly 0.6 https://detectionlint.org/library/spl-ms-exchange-mailbox-replication-service-writing-active-serve-90507cdd 2026-04-25T15:35:33.946Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-creation-txt-file-in-user-desktop-b76ecec8 2026-04-25T15:35:33.931Z monthly 0.6 https://detectionlint.org/library/sigma-remote-dll-load-via-rundll32exe-76500868 2026-04-25T15:35:29.771Z monthly 0.6 https://detectionlint.org/library/spl-windows-ad-replication-request-initiated-from-unsanctioned-l-b9db7c1e 2026-04-25T15:35:29.190Z monthly 0.6 https://detectionlint.org/library/kql-azure-diagnostic-settings-removed-from-a-resource-4243d3e3 2026-04-25T15:35:28.684Z monthly 0.6 https://detectionlint.org/library/sigma-disable-privacy-settings-experience-in-registry-ee83a54a 2026-04-25T15:35:28.269Z monthly 0.6 https://detectionlint.org/library/kql-user-account-created-and-deleted-within-10-mins-ddf05d13 2026-04-25T15:35:27.271Z monthly 0.6 https://detectionlint.org/library/sigma-access-of-sudoers-file-content-2e9a5c54 2026-04-25T15:35:26.881Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-via-microsoft-office-add-in-25269f0e 2026-04-25T15:34:49.508Z monthly 0.6 https://detectionlint.org/library/sigma-remote-server-service-abuse-for-lateral-movement-bca57a51 2026-04-25T15:34:49.009Z monthly 0.6 https://detectionlint.org/library/spl-clop-ransomware-known-service-name-d8330557 2026-04-25T15:34:48.590Z monthly 0.6 https://detectionlint.org/library/spl-regsvr32-with-known-silent-switch-cmdline-9fc7d029 2026-04-25T15:34:48.005Z monthly 0.6 https://detectionlint.org/library/sigma-azure-vpn-connection-modified-or-deleted-5e520057 2026-04-25T15:34:47.586Z monthly 0.6 https://detectionlint.org/library/spl-linux-deletion-of-ssl-certificate-94348759 2026-04-25T15:34:47.007Z monthly 0.6 https://detectionlint.org/library/kql-unknown-execution-of-binary-with-rwx-memory-region-91b47b39 2026-04-25T15:34:43.931Z monthly 0.6 https://detectionlint.org/library/sigma-clipboard-collection-with-xclip-tool-0bf5c63d 2026-04-25T15:34:43.428Z monthly 0.6 https://detectionlint.org/library/spl-windows-file-collection-via-copy-utilities-4691f4f6 2026-04-25T15:34:42.924Z monthly 0.6 https://detectionlint.org/library/spl-steal-or-forge-authentication-certificates-behavior-identifi-f0bde1ed 2026-04-25T15:34:42.430Z monthly 0.6 https://detectionlint.org/library/spl-disabled-kerberos-pre-authentication-discovery-with-get-adus-4f3177d8 2026-04-25T15:34:41.927Z monthly 0.6 https://detectionlint.org/library/sigma-amsi-disabled-via-registry-modification-ba43810a 2026-04-25T15:34:41.518Z monthly 0.6 https://detectionlint.org/library/sigma-potential-gobrat-file-discovery-via-grep-3e29e82c 2026-04-25T15:34:41.170Z monthly 0.6 https://detectionlint.org/library/spl-disable-security-logs-using-minint-registry-25262a5a 2026-04-25T15:34:08.299Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-binaries-and-scripts-in-public-folder-a583bf93 2026-04-25T15:34:07.804Z monthly 0.6 https://detectionlint.org/library/kql-modification-of-dynamic-linker-preload-shared-object-c3098cef 2026-04-25T15:34:07.300Z monthly 0.6 https://detectionlint.org/library/sigma-aws-console-getsignintoken-potential-abuse-0bfc5c95 2026-04-25T15:34:06.879Z monthly 0.6 https://detectionlint.org/library/sigma-syncappvpublishingserver-execution-to-bypass-powershell-rest-14fe623d 2026-04-25T15:34:06.434Z monthly 0.6 https://detectionlint.org/library/sigma-roles-are-not-being-used-37714727 2026-04-25T15:34:05.965Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-odbc-driver-registered-5a36b58f 2026-04-25T15:34:05.959Z monthly 0.6 https://detectionlint.org/library/sigma-iis-webserver-access-logs-deleted-6ecb2f0d 2026-04-25T15:33:42.191Z monthly 0.6 https://detectionlint.org/library/spl-remote-process-instantiation-via-wmi-b903be35 2026-04-25T15:33:41.190Z monthly 0.6 https://detectionlint.org/library/kql-potential-shadow-credentials-added-to-ad-object-d9b0e1a6 2026-04-25T15:33:40.770Z monthly 0.6 https://detectionlint.org/library/sigma-azure-virtual-network-modified-or-deleted-08dab8e1 2026-04-25T15:33:39.776Z monthly 0.6 https://detectionlint.org/library/spl-unloading-amsi-via-reflection-02c38302 2026-04-25T15:33:39.298Z monthly 0.6 https://detectionlint.org/library/spl-linux-ingress-tool-transfer-with-curl-b8c490ba 2026-04-25T15:33:31.414Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-via-scrobjdll-com-hijacking-bf0e35d7 2026-04-25T15:33:30.913Z monthly 0.6 https://detectionlint.org/library/kql-potential-macos-ssh-brute-force-detected-4b6f334e 2026-04-25T15:33:30.494Z monthly 0.6 https://detectionlint.org/library/sigma-psexec-service-file-creation-1ec5a841 2026-04-25T15:33:30.082Z monthly 0.6 https://detectionlint.org/library/sigma-azure-virtual-network-device-modified-or-deleted-7ac9a2e7 2026-04-25T15:33:29.411Z monthly 0.6 https://detectionlint.org/library/spl-disable-amsi-through-registry-2e9da69c 2026-04-25T15:33:29.053Z monthly 0.6 https://detectionlint.org/library/sigma-macro-enabled-in-a-potentially-suspicious-document-2402dd39 2026-04-25T15:33:29.050Z monthly 0.6 https://detectionlint.org/library/spl-rundll32-createremotethread-in-browser-427f5700 2026-04-25T15:32:56.199Z monthly 0.6 https://detectionlint.org/library/sigma-vmmap-unsigned-dbghelpdll-potential-sideloading-a479fb2b 2026-04-25T15:32:55.696Z monthly 0.6 https://detectionlint.org/library/kql-anomalous-single-factor-signin-fe6efef7 2026-04-25T15:32:54.693Z monthly 0.6 https://detectionlint.org/library/spl-cisco-nvm---mshtml-or-mshta-network-execution-without-url-in-fb54ef12 2026-04-25T15:32:54.193Z monthly 0.6 https://detectionlint.org/library/sigma-app-granted-microsoft-permissions-8055f739 2026-04-25T15:32:53.866Z monthly 0.6 https://detectionlint.org/library/sigma-audit-rules-deleted-via-auditctl-001ccae2 2026-04-25T15:32:53.860Z monthly 0.6 https://detectionlint.org/library/kql-powershell-script-with-windows-defender-tampering-capabiliti-d8791712 2026-04-25T15:32:49.691Z monthly 0.6 https://detectionlint.org/library/sigma-azure-ad-threat-intelligence-bf2c5e0e 2026-04-25T15:32:48.685Z monthly 0.6 https://detectionlint.org/library/sigma-microsoft-office-dll-sideload-130e77d9 2026-04-25T15:32:48.264Z monthly 0.6 https://detectionlint.org/library/sigma-cisco-file-deletion-c76e378a 2026-04-25T15:32:47.783Z monthly 0.6 https://detectionlint.org/library/kql-linux-audio-recording-activity-detected-d4d05090 2026-04-25T15:32:47.339Z monthly 0.6 https://detectionlint.org/library/sigma-opencanary---mysql-login-attempt-cf79f4b4 2026-04-25T15:32:47.337Z monthly 0.6 https://detectionlint.org/library/sigma-scheduled-cron-taskjob---linux-f5e630f3 2026-04-25T15:32:14.090Z monthly 0.6 https://detectionlint.org/library/sigma-remote-registry-lateral-movement-65262ffb 2026-04-25T15:32:13.648Z monthly 0.6 https://detectionlint.org/library/spl-cisco-isovalent---kprobe-spike-2ca593c1 2026-04-25T15:32:13.091Z monthly 0.6 https://detectionlint.org/library/sigma-unsigned-dll-loaded-by-windows-utility-3a3316af 2026-04-25T15:32:12.678Z monthly 0.6 https://detectionlint.org/library/spl-windows-app-layer-protocol-wermgr-connect-to-namedpipe-ee386daf 2026-04-25T15:32:11.952Z monthly 0.6 https://detectionlint.org/library/kql-potential-active-directory-replication-account-backdoor-70c3b32f 2026-04-25T15:32:09.835Z monthly 0.6 https://detectionlint.org/library/spl-recursive-delete-of-directory-in-batch-cmd-27f8a6e7 2026-04-25T15:32:09.332Z monthly 0.6 https://detectionlint.org/library/spl-detect-renamed-7-zip-26407127 2026-04-25T15:32:08.845Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-file-created-in-perflogs-ee5db7ab 2026-04-25T15:32:08.444Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_api_call_outside_of_organization-cc378742 2026-04-25T15:32:07.861Z monthly 0.6 https://detectionlint.org/library/kql-unusual-interactive-shell-launched-from-system-user-c7ca48c4 2026-04-25T15:32:07.856Z monthly 0.6 https://detectionlint.org/library/sigma-new-kind-of-network-nkn-detection-51509a67 2026-04-25T13:59:57.094Z monthly 0.6 https://detectionlint.org/library/sigma-creation-of-non-existent-system-dll-526585ca 2026-04-25T13:59:56.820Z monthly 0.6 https://detectionlint.org/library/sigma-successful-iis-shortname-fuzzing-scan-f89c3b95 2026-04-25T13:59:56.731Z monthly 0.6 https://detectionlint.org/library/sigma-steganography-unzip-hidden-information-from-picture-file-a0252ac8 2026-04-25T13:59:56.639Z monthly 0.6 https://detectionlint.org/library/sigma-network-connection-initiated-to-cloudflared-tunnels-domains-8b538457 2026-04-25T13:59:56.546Z monthly 0.6 https://detectionlint.org/library/sigma-stale-accounts-in-a-privileged-role-43036803 2026-04-25T13:59:56.453Z monthly 0.6 https://detectionlint.org/library/sigma-granting-of-permissions-to-an-account-e8729d09 2026-04-25T13:59:56.363Z monthly 0.6 https://detectionlint.org/library/sigma-wmi-activescripteventconsumers-activity-via-scrconsexe-dll-l-7396aeee 2026-04-25T13:59:56.272Z monthly 0.6 https://detectionlint.org/library/sigma-creation-of-pod-in-system-namespace-98b25d96 2026-04-25T13:59:56.182Z monthly 0.6 https://detectionlint.org/library/kql-unusual-network-connection-to-suspicious-top-level-domain-127e65aa 2026-04-25T13:59:56.093Z monthly 0.6 https://detectionlint.org/library/sigma-file-with-uncommon-extension-created-by-an-office-applicatio-558f11b8 2026-04-25T13:59:55.908Z monthly 0.6 https://detectionlint.org/library/sigma-legitimate-application-writing-files-in-uncommon-location-49842054 2026-04-25T13:59:55.818Z monthly 0.6 https://detectionlint.org/library/sigma-new-dll-added-to-appinit_dlls-registry-key-681216dd 2026-04-25T13:59:55.730Z monthly 0.6 https://detectionlint.org/library/kql-service-principal-authentication-attempt-from-new-country-b892b948 2026-04-25T13:59:55.635Z monthly 0.6 https://detectionlint.org/library/sigma-outbound-network-connection-to-public-ip-via-winlogon-6ae4554b 2026-04-25T13:59:55.544Z monthly 0.6 https://detectionlint.org/library/sigma-potential-dll-sideloading-of-dbghelpdll-21208667 2026-04-25T13:59:55.453Z monthly 0.6 https://detectionlint.org/library/sigma-communication-to-uncommon-destination-ports-00317526 2026-04-25T13:59:55.362Z monthly 0.6 https://detectionlint.org/library/sigma-manipulation-of-user-computer-or-group-security-principals-a-f78740bf 2026-04-25T13:59:55.270Z monthly 0.6 https://detectionlint.org/library/spl-windows-enable-win32-scheduledjob-via-registry-47f594f6 2026-04-25T13:59:54.816Z monthly 0.6 https://detectionlint.org/library/kql-new-country-signin-with-correct-password-55ee3f91 2026-04-25T13:59:54.723Z monthly 0.6 https://detectionlint.org/library/spl-excessive-number-of-service-control-start-as-disabled-b2f73ee8 2026-04-25T13:59:54.633Z monthly 0.6 https://detectionlint.org/library/spl-rubeus-kerberos-ticket-exports-through-winlogon-access-7398bff6 2026-04-25T13:59:54.543Z monthly 0.6 https://detectionlint.org/library/sigma-azure-point-to-site-vpn-modified-or-deleted-09c37567 2026-04-25T13:59:54.360Z monthly 0.6 https://detectionlint.org/library/sigma-user-added-to-an-administrators-azure-ad-role-42038783 2026-04-25T13:59:54.269Z monthly 0.6 https://detectionlint.org/library/sigma-new-connection-initiated-to-potential-dead-drop-resolver-dom-d1e43659 2026-04-25T13:59:54.177Z monthly 0.6 https://detectionlint.org/library/sigma-password-policy-discovery-with-get-addefaultdomainpasswordpo-5e88b036 2026-04-25T13:59:54.088Z monthly 0.6 https://detectionlint.org/library/kql-delegated-managed-service-account-modification-by-an-unusual-424df716 2026-04-25T13:59:53.904Z monthly 0.6 https://detectionlint.org/library/kql-unusual-network-connection-to-suspicious-web-service-3b524653 2026-04-25T13:59:53.812Z monthly 0.6 https://detectionlint.org/library/spl-cisco-nvm---suspicious-network-connection-initiated-via-msxs-473ccb9a 2026-04-25T13:59:53.722Z monthly 0.6 https://detectionlint.org/library/sigma-publisher-attachment-file-dropped-in-suspicious-location-60873a34 2026-04-25T13:59:53.632Z monthly 0.6 https://detectionlint.org/library/sigma-fax-service-dll-search-order-hijack-3e971f9b 2026-04-25T13:59:53.449Z monthly 0.6 https://detectionlint.org/library/sigma-access-to-windows-credential-history-file-by-uncommon-applic-87c28266 2026-04-25T13:59:53.266Z monthly 0.6 https://detectionlint.org/library/spl-unusual-number-of-computer-service-tickets-requested-d7b41594 2026-04-25T13:59:53.176Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-network-connection-to-ip-lookup-service-apis-ee3d6955 2026-04-25T13:59:53.086Z monthly 0.6 https://detectionlint.org/library/spl-windows-ad-short-lived-domain-account-serviceprincipalname-69ff3631 2026-04-25T13:59:52.996Z monthly 0.6 https://detectionlint.org/library/kql-unusual-discovery-signal-alert-with-unusual-process-executab-98a9661f 2026-04-25T13:59:52.903Z monthly 0.6 https://detectionlint.org/library/sigma-load-of-rstrtmgrdll-by-an-uncommon-process-222e6403 2026-04-25T13:59:52.813Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-renamed-comsvcs-dll-loaded-by-rundll32-a2071438 2026-04-25T13:59:52.722Z monthly 0.6 https://detectionlint.org/library/sigma-driver-added-to-disallowed-images-in-hvci---registry-fb23bf86 2026-04-25T13:59:52.630Z monthly 0.6 https://detectionlint.org/library/sigma-change-winevt-channel-access-permission-via-registry-bf9d4ff9 2026-04-25T13:59:52.537Z monthly 0.6 https://detectionlint.org/library/spl-cisco-nvm---suspicious-network-connection-to-ip-lookup-servi-f3b7c0d3 2026-04-25T13:59:52.448Z monthly 0.6 https://detectionlint.org/library/sigma-change-user-account-associated-with-the-fax-service-c9fd1cda 2026-04-25T13:59:52.357Z monthly 0.6 https://detectionlint.org/library/sigma-potential-dll-sideloading-of-libcurldll-via-gupexe-3592e31b 2026-04-25T13:59:52.265Z monthly 0.6 https://detectionlint.org/library/spl-unusual-number-of-remote-endpoint-authentication-events-147ef507 2026-04-25T13:59:52.175Z monthly 0.6 https://detectionlint.org/library/sigma-aws-route-53-domain-transferred-to-another-account-85653edb 2026-04-25T13:59:52.084Z monthly 0.6 https://detectionlint.org/library/kql-suspicious-linking-of-existing-user-to-external-user-7da15879 2026-04-25T13:59:51.993Z monthly 0.6 https://detectionlint.org/library/sigma-wmiprvse-wbemcomn-dll-hijack-f6edb7f6 2026-04-25T13:59:51.902Z monthly 0.6 https://detectionlint.org/library/spl-windows-find-domain-organizational-units-with-getdomainou-3240b84a 2026-04-25T13:59:51.843Z monthly 0.6 https://detectionlint.org/library/sigma-cisco-denial-of-service-9dbea36c 2026-04-25T13:59:51.726Z monthly 0.6 https://detectionlint.org/library/kql-group-created-then-added-to-built-in-domain-local-or-global--d80df7ae 2026-04-25T13:59:51.712Z monthly 0.6 https://detectionlint.org/library/sigma-guest-users-invited-to-tenant-by-non-approved-inviters-2d66aad9 2026-04-25T13:59:51.298Z monthly 0.6 https://detectionlint.org/library/spl-windows-ad-serviceprincipalname-added-to-domain-account-51df38c6 2026-04-25T13:59:51.069Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-dns-query-indicating-kerberos-coercion-via-dns-ob-34912b2d 2026-04-25T13:59:50.978Z monthly 0.6 https://detectionlint.org/library/kql-high-number-of-process-andor-service-terminations-26441ea9 2026-04-25T13:59:50.792Z monthly 0.6 https://detectionlint.org/library/sigma-account-disabled-or-blocked-for-sign-in-attempts-b1fb9b92 2026-04-25T13:59:50.698Z monthly 0.6 https://detectionlint.org/library/sigma-network-communication-initiated-to-file-sharing-domains-from-20a672b1 2026-04-25T13:59:50.607Z monthly 0.6 https://detectionlint.org/library/sigma-unusual-file-deletion-by-dnsexe-94256741 2026-04-25T13:59:50.513Z monthly 0.6 https://detectionlint.org/library/sigma-potential-in-memory-download-and-compile-of-payloads-68d652f7 2026-04-25T13:59:50.422Z monthly 0.6 https://detectionlint.org/library/kql-addition-of-a-temporary-access-pass-to-a-privileged-account-e9d096e0 2026-04-25T13:59:50.332Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_guardduty_trusted_or_threat_ip_lists_tampered-645eda77 2026-04-25T13:59:50.243Z monthly 0.6 https://detectionlint.org/library/sigma-removal-of-index-value-to-hide-schedule-task---registry-110096d6 2026-04-25T13:59:50.151Z monthly 0.6 https://detectionlint.org/library/sigma-uncommon-extension-in-keyboard-layout-ime-file-registry-valu-edb750e5 2026-04-25T13:59:50.051Z monthly 0.6 https://detectionlint.org/library/sigma-network-connection-initiated-to-btunnels-domains-69d76c9e 2026-04-25T13:59:49.960Z monthly 0.6 https://detectionlint.org/library/kql-smb-windows-file-sharing-activity-to-the-internet-fc43566c 2026-04-25T13:59:49.870Z monthly 0.6 https://detectionlint.org/library/sigma-files-with-system-dll-name-in-unsuspected-locations-f248de19 2026-04-25T13:59:49.694Z monthly 0.6 https://detectionlint.org/library/sigma-creation-of-werfaultexewerdll-in-unusual-folder-7e337604 2026-04-25T13:59:49.595Z monthly 0.6 https://detectionlint.org/library/sigma-potential-dll-sideloading-of-non-existent-dlls-from-system-f-bb4841d7 2026-04-25T13:59:49.503Z monthly 0.6 https://detectionlint.org/library/kql-roshal-archive-rar-or-powershell-file-downloaded-from-the-in-f3ff83b4 2026-04-25T13:59:49.048Z monthly 0.6 https://detectionlint.org/library/sigma-deletion-of-volume-shadow-copies-via-wmi-with-powershell---p-721cb0a6 2026-04-25T13:59:48.959Z monthly 0.6 https://detectionlint.org/library/sigma-microsoft-365---unusual-volume-of-file-deletion-0121f896 2026-04-25T13:59:48.868Z monthly 0.6 https://detectionlint.org/library/sigma-disable-windows-defender-av-security-monitoring-8d7c4353 2026-04-25T13:59:48.685Z monthly 0.6 https://detectionlint.org/library/spl-linux-deletion-of-cron-jobs-f050b180 2026-04-25T13:59:48.514Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-loading-of-dbgcoredbghelp-dlls-from-uncommon-loca-16c29eb5 2026-04-25T13:59:48.412Z monthly 0.6 https://detectionlint.org/library/sigma-hiding-user-account-via-specialaccounts-registry-key-7dc776a1 2026-04-25T13:59:48.319Z monthly 0.6 https://detectionlint.org/library/sigma-potential-dll-sideloading-of-keyscrambleriedll-via-keyscramb-7d32c887 2026-04-25T13:59:48.046Z monthly 0.6 https://detectionlint.org/library/sigma-running-chrome-vpn-extensions-via-the-registry-2-vpn-extensi-43a60074 2026-04-25T13:59:47.966Z monthly 0.6 https://detectionlint.org/library/sigma-azure-active-directory-hybrid-health-ad-fs-new-server-4b4283ac 2026-04-25T13:59:47.866Z monthly 0.6 https://detectionlint.org/library/kql-user-account-added-to-built-in-domain-local-or-global-group-0c42a721 2026-04-25T13:59:47.683Z monthly 0.6 https://detectionlint.org/library/kql-guest-users-invited-to-tenant-by-new-inviters-f95f529d 2026-04-25T13:59:47.592Z monthly 0.6 https://detectionlint.org/library/sigma-network-connection-initiated-to-azurewebsitesnet-by-non-brow-1488a4d0 2026-04-25T13:59:47.501Z monthly 0.6 https://detectionlint.org/library/kql-time-series-anomaly-detection-for-total-volume-of-traffic-32e46764 2026-04-25T13:59:47.418Z monthly 0.6 https://detectionlint.org/library/kql-service-principal-name-spn-assigned-to-user-account-f54fea68 2026-04-25T13:59:47.321Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-gpo-discovery-with-get-gpo-fcb9aee5 2026-04-25T13:59:47.228Z monthly 0.6 https://detectionlint.org/library/sigma-azure-active-directory-hybrid-health-ad-fs-service-delete-4047f3a6 2026-04-25T13:59:47.136Z monthly 0.6 https://detectionlint.org/library/sigma-download-file-to-potentially-suspicious-directory-via-wget-14737602 2026-04-25T13:59:47.046Z monthly 0.6 https://detectionlint.org/library/sigma-abuse-of-service-permissions-to-hide-services-via-set-servic-5ca40d0a 2026-04-25T13:59:46.954Z monthly 0.6 https://detectionlint.org/library/kql-microsoft-entra-id-health-service-agents-registry-keys-acces-92f69fe5 2026-04-25T13:59:46.865Z monthly 0.6 https://detectionlint.org/library/sigma-communication-to-ngrok-tunneling-service-initiated-4ce74f56 2026-04-25T13:59:46.681Z monthly 0.6 https://detectionlint.org/library/sigma-removal-of-amsi-provider-registry-keys-5654e9e0 2026-04-25T13:59:46.590Z monthly 0.6 https://detectionlint.org/library/sigma-creation-of-a-local-hidden-user-account-by-registry-428895c6 2026-04-25T13:59:46.500Z monthly 0.6 https://detectionlint.org/library/spl-cisco-nvm---rundll32-abuse-of-mshtmldll-for-payload-download-631d4980 2026-04-25T13:59:46.456Z monthly 0.6 https://detectionlint.org/library/kql-first-time-seen-remote-monitoring-and-management-tool-81f79230 2026-04-25T13:59:46.410Z monthly 0.6 https://detectionlint.org/library/spl-unusual-number-of-kerberos-service-tickets-requested-0013ed36 2026-04-25T13:59:46.315Z monthly 0.6 https://detectionlint.org/library/spl-monitor-registry-keys-for-print-monitors-0c1fd7f2 2026-04-25T13:59:46.275Z monthly 0.6 https://detectionlint.org/library/sigma-communication-to-localtonet-tunneling-service-initiated-a4a6e09c 2026-04-25T13:59:45.955Z monthly 0.6 https://detectionlint.org/library/sigma-add-port-monitor-persistence-in-registry-2ca72e54 2026-04-25T13:59:45.901Z monthly 0.6 https://detectionlint.org/library/sigma-malicious-usage-of-imds-credentials-outside-of-aws-infrastru-866bd39c 2026-04-25T13:59:45.855Z monthly 0.6 https://detectionlint.org/library/kql-authentications-of-privileged-accounts-outside-of-expected-c-f65656b9 2026-04-25T13:59:45.765Z monthly 0.6 https://detectionlint.org/library/sigma-awl-bypass-with-winrmvbs-and-malicious-wsmptyxslwsmtxtxsl----a7c19aac 2026-04-25T13:59:45.720Z monthly 0.6 https://detectionlint.org/library/kql-microsoft-entra-id-health-monitoring-agent-registry-keys-acc-df4eaf44 2026-04-25T13:59:45.716Z monthly 0.6 https://detectionlint.org/library/sigma-aws-sts-getcalleridentity-enumeration-via-trufflehog-0ac6ba13 2026-04-25T13:59:01.008Z monthly 0.6 https://detectionlint.org/library/sigma-network-connection-initiated-to-devtunnels-domain-517daf61 2026-04-25T13:59:00.824Z monthly 0.6 https://detectionlint.org/library/sigma-disable-internal-tools-or-feature-in-registry-1e74af5d 2026-04-25T13:59:00.733Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-call-to-win32_nteventlogfile-class----e0c52e1b 2026-04-25T13:59:00.461Z monthly 0.6 https://detectionlint.org/library/sigma-clr-dll-loaded-via-office-applications-dcc0e789 2026-04-25T13:59:00.370Z monthly 0.6 https://detectionlint.org/library/kql-fortigate-administrator-account-creation-from-unusual-source-a1b48463 2026-04-25T13:59:00.187Z monthly 0.6 https://detectionlint.org/library/sigma-new-dll-added-to-appcertdlls-registry-key-e605e26f 2026-04-25T13:59:00.006Z monthly 0.6 https://detectionlint.org/library/sigma-potential-rjvplatformdll-sideloading-from-non-default-locati-f0d5286c 2026-04-25T13:58:59.914Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_iam_compromised_key_quarantine_policy_attached-7db84627 2026-04-25T13:58:59.733Z monthly 0.6 https://detectionlint.org/library/sigma-etw-logging-disabled-for-rpcrt4dll-0a1ed14c 2026-04-25T13:58:59.644Z monthly 0.6 https://detectionlint.org/library/sigma-users-authenticating-to-other-azure-ad-tenants-0679b71d 2026-04-25T13:58:59.459Z monthly 0.6 https://detectionlint.org/library/sigma-dns-events-related-to-mining-pools-93c72290 2026-04-25T13:58:59.277Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-execution-of-renamed-sysinternals-tools---registr-2df452be 2026-04-25T13:58:59.186Z monthly 0.6 https://detectionlint.org/library/spl-windows-access-token-winlogon-duplicate-handle-in-uncommon-p-f345ade0 2026-04-25T13:58:59.096Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-via-new-amsi-providers---registry-7ec4865f 2026-04-25T13:58:59.005Z monthly 0.6 https://detectionlint.org/library/sigma-new-kubernetes-service-account-created-df11ac62 2026-04-25T13:58:58.914Z monthly 0.6 https://detectionlint.org/library/kql-ad-account-with-dont-expire-password-636d7a6e 2026-04-25T13:58:58.744Z monthly 0.6 https://detectionlint.org/library/kql-potential-kerberos-coercion-via-dns-based-spn-spoofing-c06390cd 2026-04-25T13:58:58.564Z monthly 0.6 https://detectionlint.org/library/kql-enumeration-of-privileged-local-groups-membership-cdc00f3d 2026-04-25T13:58:58.459Z monthly 0.6 https://detectionlint.org/library/sigma-new-netsh-helper-dll-registered-from-a-suspicious-location-fa6f371c 2026-04-25T13:58:58.367Z monthly 0.6 https://detectionlint.org/library/spl-cisco-nvm---webserver-download-from-file-sharing-website-f51b7d84 2026-04-25T13:58:58.280Z monthly 0.6 https://detectionlint.org/library/sigma-testing-usage-of-uncommonly-used-port-8febac78 2026-04-25T13:58:58.186Z monthly 0.6 https://detectionlint.org/library/sigma-sign-in-failure-due-to-conditional-access-requirements-not-m-acd2aed4 2026-04-25T13:58:58.095Z monthly 0.6 https://detectionlint.org/library/sigma-vhd-image-download-via-browser-f5dc8618 2026-04-25T13:58:58.004Z monthly 0.6 https://detectionlint.org/library/spl-windows-defender-asr-or-threat-configuration-tamper-8f656c5b 2026-04-25T13:58:57.913Z monthly 0.6 https://detectionlint.org/library/sigma-microsoft-vba-for-outlook-addin-loaded-via-outlook-2ee5f7ce 2026-04-25T13:58:57.823Z monthly 0.6 https://detectionlint.org/library/sigma-disable-tamper-protection-on-windows-defender-57edb336 2026-04-25T13:58:57.641Z monthly 0.6 https://detectionlint.org/library/kql-dmsa-account-creation-by-an-unusual-user-9351f142 2026-04-25T13:58:57.549Z monthly 0.6 https://detectionlint.org/library/sigma-azure-kubernetes-service-account-modified-or-deleted-c50841d2 2026-04-25T13:58:57.457Z monthly 0.6 https://detectionlint.org/library/sigma-creation-of-a-local-user-account-dead2ec0 2026-04-25T13:58:57.367Z monthly 0.6 https://detectionlint.org/library/kql-privileged-user-logon-from-new-asn-f9d03936 2026-04-25T13:58:57.276Z monthly 0.6 https://detectionlint.org/library/spl-windows-audit-policy-excluded-category-via-auditpol-f1a4d7ee 2026-04-25T13:58:57.002Z monthly 0.6 https://detectionlint.org/library/sigma-network-connection-initiated-via-fingerexe-90d0f0aa 2026-04-25T13:58:56.912Z monthly 0.6 https://detectionlint.org/library/sigma-dll-loaded-from-suspicious-location-via-cmsptexe-631c30f0 2026-04-25T13:58:56.820Z monthly 0.6 https://detectionlint.org/library/sigma-azure-container-registry-created-or-deleted-f654813a 2026-04-25T13:58:56.729Z monthly 0.6 https://detectionlint.org/library/spl-disable-windows-behavior-monitoring-086e092d 2026-04-25T13:58:56.638Z monthly 0.6 https://detectionlint.org/library/sigma-http-request-to-low-reputation-tld-or-suspicious-file-extens-7b105590 2026-04-25T13:58:56.547Z monthly 0.6 https://detectionlint.org/library/spl-disabled-kerberos-pre-authentication-discovery-with-powervie-193dd827 2026-04-25T13:58:56.460Z monthly 0.6 https://detectionlint.org/library/sigma-network-connection-initiated-by-regsvr32exe-86bb5609 2026-04-25T13:58:56.365Z monthly 0.6 https://detectionlint.org/library/sigma-new-federated-domain-added---exchange-97888086 2026-04-25T13:58:56.275Z monthly 0.6 https://detectionlint.org/library/sigma-registry-persistence-via-service-in-safe-mode-025cbe99 2026-04-25T13:58:56.183Z monthly 0.6 https://detectionlint.org/library/sigma-net-ngenassemblyusagelog-registry-key-tamper-ef992a87 2026-04-25T13:58:56.091Z monthly 0.6 https://detectionlint.org/library/sigma-new-bginfoexe-custom-wmi-query-registry-configuration-1592c5b6 2026-04-25T13:58:56.001Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-service-dacl-modification-via-set-service-cmdlet--298127fc 2026-04-25T13:58:55.910Z monthly 0.6 https://detectionlint.org/library/sigma-office-application-initiated-network-connection-to-non-local-d68cc47e 2026-04-25T13:58:55.818Z monthly 0.6 https://detectionlint.org/library/sigma-removal-of-potential-com-hijacking-registry-keys-88d1bf0e 2026-04-25T13:58:55.727Z monthly 0.6 https://detectionlint.org/library/sigma-outbound-rdp-connections-over-non-standard-tools-412709e0 2026-04-25T13:58:55.545Z monthly 0.6 https://detectionlint.org/library/sigma-regasmexe-initiating-network-connection-to-public-ip-94e6fe93 2026-04-25T13:58:55.454Z monthly 0.6 https://detectionlint.org/library/sigma-aws-identity-center-identity-provider-change-57d10070 2026-04-25T13:58:55.181Z monthly 0.6 https://detectionlint.org/library/sigma-creation-of-a-diagcab-9f01a5b1 2026-04-25T13:58:54.999Z monthly 0.6 https://detectionlint.org/library/sigma-esentutl-volume-shadow-copy-service-keys-92649394 2026-04-25T13:58:54.907Z monthly 0.6 https://detectionlint.org/library/sigma-malicious-ip-address-sign-in-suspicious-5c0cc361 2026-04-25T13:58:54.727Z monthly 0.6 https://detectionlint.org/library/yara-l-logins_from_terminated_employees-6ca1909d 2026-04-25T13:58:54.635Z monthly 0.6 https://detectionlint.org/library/sigma-potential-dll-sideloading-of-mpsvcdll-79c4f356 2026-04-25T13:58:54.544Z monthly 0.6 https://detectionlint.org/library/sigma-wmiprvse-wbemcomn-dll-hijack---file-c3754c06 2026-04-25T13:58:54.453Z monthly 0.6 https://detectionlint.org/library/sigma-uncommon-network-connection-initiated-by-certutilexe-2f3c61de 2026-04-25T13:58:54.361Z monthly 0.6 https://detectionlint.org/library/kql-renaming-of-openssh-binaries-34f69238 2026-04-25T13:58:54.272Z monthly 0.6 https://detectionlint.org/library/sigma-modification-or-deletion-of-an-aws-rds-cluster-7be9df2d 2026-04-25T13:58:54.088Z monthly 0.6 https://detectionlint.org/library/spl-detect-baron-samedit-cve-2021-3156-segfault-7f7699dc 2026-04-25T13:58:53.913Z monthly 0.6 https://detectionlint.org/library/spl-detect-baron-samedit-cve-2021-3156-via-osquery-69b29d91 2026-04-25T13:58:53.815Z monthly 0.6 https://detectionlint.org/library/sigma-potential-chrome-frame-helper-dll-sideloading-fc18f215 2026-04-25T13:58:53.736Z monthly 0.6 https://detectionlint.org/library/sigma-redmimicry-winnti-playbook-registry-manipulation-428a9c75 2026-04-25T13:58:53.716Z monthly 0.6 https://detectionlint.org/library/spl-windows-find-interesting-acl-with-findinterestingdomainacl-28704434 2026-04-25T13:58:53.626Z monthly 0.6 https://detectionlint.org/library/sigma-aws-iam-s3browser-templated-s3-bucket-policy-creation-78d32a90 2026-04-25T13:58:53.561Z monthly 0.6 https://detectionlint.org/library/kql-wazuh---large-number-of-web-errors-from-an-ip-c600834f 2026-04-25T13:58:53.556Z monthly 0.6 https://detectionlint.org/library/kql-unusual-file-operation-by-dnsexe-21fb37ea 2026-04-25T13:58:53.270Z monthly 0.6 https://detectionlint.org/library/sigma-network-communication-initiated-to-portmapio-domain-0ee49ec4 2026-04-25T13:58:53.181Z monthly 0.6 https://detectionlint.org/library/sigma-number-of-resource-creation-or-deployment-activities-70cc765e 2026-04-25T13:58:53.088Z monthly 0.6 https://detectionlint.org/library/sigma-network-connection-initiated-by-addinutilexe-57991019 2026-04-25T13:58:52.998Z monthly 0.6 https://detectionlint.org/library/spl-hiding-files-and-directories-with-attrib-exe-496975c5 2026-04-25T13:58:52.908Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-file-download-from-file-sharing-domai-08e90d20 2026-04-25T13:58:52.815Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-desktop-background-change-via-registr-ebd5fadc 2026-04-25T13:58:52.542Z monthly 0.6 https://detectionlint.org/library/sigma-creation-exe-for-service-with-unquoted-path-fefb63f7 2026-04-25T13:58:52.450Z monthly 0.6 https://detectionlint.org/library/sigma-clipboard-collection-of-image-data-with-xclip-tool-e8e66d9c 2026-04-25T13:58:52.355Z monthly 0.6 https://detectionlint.org/library/sigma-esxi-admin-permission-assigned-to-account-via-esxcli-00717464 2026-04-25T13:58:52.264Z monthly 0.6 https://detectionlint.org/library/sigma-download-from-suspicious-dyndns-hosts-21aee08a 2026-04-25T13:58:52.084Z monthly 0.6 https://detectionlint.org/library/sigma-hijack-legit-rdp-session-to-move-laterally-35628d17 2026-04-25T13:58:51.993Z monthly 0.6 https://detectionlint.org/library/sigma-malicious-ip-address-sign-in-failure-rate-306495f1 2026-04-25T13:58:51.903Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_kms_key_disabled_or_scheduled_for_deletion-c295b917 2026-04-25T13:58:51.720Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-encoded-and-obfuscated-reflection-assembly-load-f-fc4d8007 2026-04-25T13:58:51.538Z monthly 0.6 https://detectionlint.org/library/sigma-activity-from-suspicious-ip-addresses-f7799957 2026-04-25T13:58:51.445Z monthly 0.6 https://detectionlint.org/library/spl-high-frequency-copy-of-files-in-network-share-2e289074 2026-04-25T13:58:51.266Z monthly 0.6 https://detectionlint.org/library/kql-high-number-of-process-terminations-fad70c1d 2026-04-25T13:58:51.174Z monthly 0.6 https://detectionlint.org/library/sigma-onenote-attachment-file-dropped-in-suspicious-location-580d4114 2026-04-25T13:58:51.084Z monthly 0.6 https://detectionlint.org/library/sigma-installation-of-teamviewer-desktop-54089877 2026-04-25T13:58:50.991Z monthly 0.6 https://detectionlint.org/library/kql-new-user-created-and-added-to-the-built-in-administrators-gr-4dbc7fb0 2026-04-25T13:58:50.901Z monthly 0.6 https://detectionlint.org/library/sigma-modification-of-ie-registry-settings-0ab06504 2026-04-25T13:58:50.810Z monthly 0.6 https://detectionlint.org/library/spl-windows-audit-policy-restored-via-auditpol-f75096e5 2026-04-25T13:58:50.721Z monthly 0.6 https://detectionlint.org/library/kql-suspicious-network-activity-to-the-internet-by-previously-un-108a20e6 2026-04-25T13:58:50.627Z monthly 0.6 https://detectionlint.org/library/sigma-gac-dll-loaded-via-office-applications-7b12046e 2026-04-25T13:58:50.545Z monthly 0.6 https://detectionlint.org/library/spl-windows-account-discovery-for-none-disable-user-account-f7dfa864 2026-04-25T13:58:50.445Z monthly 0.6 https://detectionlint.org/library/sigma-creation-of-an-user-account-b65ae8b3 2026-04-25T13:58:50.355Z monthly 0.6 https://detectionlint.org/library/sigma-network-connection-initiated-to-meganz-82c67957 2026-04-25T13:58:50.265Z monthly 0.6 https://detectionlint.org/library/sigma-measurable-increase-of-successful-authentications-b4cfc21f 2026-04-25T13:58:50.173Z monthly 0.6 https://detectionlint.org/library/sigma-steganography-hide-zip-information-in-picture-file-55d8c364 2026-04-25T13:58:50.082Z monthly 0.6 https://detectionlint.org/library/sigma-azure-owner-removed-from-application-or-service-principal-273e7add 2026-04-25T13:58:49.993Z monthly 0.6 https://detectionlint.org/library/kql-midnight-blizzard---suspicious-rundll32exe-execution-of-vbsc-00b1c73d 2026-04-25T13:58:49.915Z monthly 0.6 https://detectionlint.org/library/sigma-new-timeproviders-registered-with-uncommon-dll-name-499a4230 2026-04-25T13:58:49.893Z monthly 0.6 https://detectionlint.org/library/sigma-default-rdp-port-changed-to-non-standard-port-8fd66416 2026-04-25T13:58:49.802Z monthly 0.6 https://detectionlint.org/library/sigma-potential-dll-sideloading-of-dbgmodeldll-99c9881d 2026-04-25T13:58:49.744Z monthly 0.6 https://detectionlint.org/library/sigma-touch-suspicious-service-file-fc23880d 2026-04-25T13:58:49.730Z monthly 0.6 https://detectionlint.org/library/sigma-disable-administrative-share-creation-at-startup-a6098adf 2026-04-25T13:58:44.736Z monthly 0.6 https://detectionlint.org/library/sigma-security-support-provider-ssp-added-to-lsa-configuration-7a8ba578 2026-04-25T13:58:44.646Z monthly 0.6 https://detectionlint.org/library/sigma-potential-dll-sideloading-of-mscorsvcdll-e4293979 2026-04-25T13:58:44.555Z monthly 0.6 https://detectionlint.org/library/sigma-self-extraction-directive-file-created-in-potentially-suspic-99c3882b 2026-04-25T13:58:44.463Z monthly 0.6 https://detectionlint.org/library/spl-cisco-nvm---suspicious-file-download-via-headless-browser-63c3bc9b 2026-04-25T13:58:44.374Z monthly 0.6 https://detectionlint.org/library/sigma-potential-privilege-escalation-attempt-via-exelocal-techniqu-fd52dc57 2026-04-25T13:58:44.281Z monthly 0.6 https://detectionlint.org/library/kql-authentication-via-unusual-pam-grantor-a7efa543 2026-04-25T13:58:44.191Z monthly 0.6 https://detectionlint.org/library/sigma-azure-ad-account-credential-leaked-3260fe5b 2026-04-25T13:58:44.098Z monthly 0.6 https://detectionlint.org/library/sigma-network-connection-initiated-via-notepadexe-0f28ee6f 2026-04-25T13:58:44.008Z monthly 0.6 https://detectionlint.org/library/spl-windows-gather-victim-identity-sam-info-b02ad920 2026-04-25T13:58:43.917Z monthly 0.6 https://detectionlint.org/library/sigma-roles-activated-too-frequently-f4b381d2 2026-04-25T13:58:43.829Z monthly 0.6 https://detectionlint.org/library/sigma-disable-microsoft-defender-firewall-via-registry-6ab8edaf 2026-04-25T13:58:43.735Z monthly 0.6 https://detectionlint.org/library/kql-possible-contact-with-a-domain-generated-by-a-dga-ee10189e 2026-04-25T13:58:43.643Z monthly 0.6 https://detectionlint.org/library/sigma-potential-credential-dumping-via-lsass-silentprocessexit-tec-ccab5dae 2026-04-25T13:58:43.558Z monthly 0.6 https://detectionlint.org/library/kql-linux-video-recording-or-screenshot-activity-detected-6db5d340 2026-04-25T13:58:43.463Z monthly 0.6 https://detectionlint.org/library/spl-windows-chromium-process-launched-with-disable-popup-blockin-83d5d73d 2026-04-25T13:58:43.371Z monthly 0.6 https://detectionlint.org/library/spl-windows-cisco-secure-endpoint-uninstall-immunet-service-via--ea11b97e 2026-04-25T13:58:43.280Z monthly 0.6 https://detectionlint.org/library/spl-windows-audit-policy-auditing-option-disabled-via-auditpol-3ff26a7a 2026-04-25T13:58:43.192Z monthly 0.6 https://detectionlint.org/library/sigma-azure-device-no-longer-managed-or-compliant-1bb289bc 2026-04-25T13:58:43.099Z monthly 0.6 https://detectionlint.org/library/sigma-aws-route-53-domain-transfer-lock-disabled-01ef8430 2026-04-25T13:58:43.008Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-space-characters-in-runmru-registry-path---clickf-a76526f4 2026-04-25T13:58:42.826Z monthly 0.6 https://detectionlint.org/library/sigma-directory-service-restore-modedsrm-registry-value-tampering-9afa90f7 2026-04-25T13:58:42.734Z monthly 0.6 https://detectionlint.org/library/sigma-potential-petitpotam-attack-via-efs-rpc-calls-a394c020 2026-04-25T13:58:42.644Z monthly 0.6 https://detectionlint.org/library/sigma-esxi-storage-information-discovery-via-esxcli-fba45d48 2026-04-25T13:58:42.552Z monthly 0.6 https://detectionlint.org/library/sigma-google-cloud-service-account-disabled-or-deleted-611f4ca4 2026-04-25T13:58:42.462Z monthly 0.6 https://detectionlint.org/library/sigma-ie-zonemap-setting-downgraded-to-mycomputer-zone-for-http-pr-ccf3921d 2026-04-25T13:58:42.373Z monthly 0.6 https://detectionlint.org/library/sigma-antivirus-password-dumper-detection-f8ce7c08 2026-04-25T13:58:42.098Z monthly 0.6 https://detectionlint.org/library/kql-smtp-on-port-26tcp-236e8557 2026-04-25T13:58:42.006Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-via-shim-database-in-uncommon-location-19e20c43 2026-04-25T13:58:41.916Z monthly 0.6 https://detectionlint.org/library/spl-windows-files-and-dirs-access-rights-modification-via-icacls-8e92f48b 2026-04-25T13:58:41.778Z monthly 0.6 https://detectionlint.org/library/sigma-potential-dll-sideloading-of-dbgcoredll-e926bf7a 2026-04-25T13:58:41.643Z monthly 0.6 https://detectionlint.org/library/spl-windows-ad-gpo-new-cse-addition-a1c49c8c 2026-04-25T13:58:41.595Z monthly 0.6 https://detectionlint.org/library/sigma-unfamiliar-sign-in-properties-980a76b3 2026-04-25T13:58:41.461Z monthly 0.6 https://detectionlint.org/library/sigma-persistence-via-new-sip-provider-f3313ccd 2026-04-25T13:58:41.368Z monthly 0.6 https://detectionlint.org/library/sigma-execution-of-script-located-in-potentially-suspicious-direct-5e19a8ba 2026-04-25T13:58:41.287Z monthly 0.6 https://detectionlint.org/library/sigma-microsoft-excel-add-in-loaded-from-uncommon-location-8f40a6c1 2026-04-25T13:58:41.193Z monthly 0.6 https://detectionlint.org/library/sigma-potential-dll-sideloading-via-classicexplorer32dll-566fbaad 2026-04-25T13:58:41.095Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_iam_access_denied_discovery_events-c09b23e9 2026-04-25T13:58:41.006Z monthly 0.6 https://detectionlint.org/library/spl-detect-baron-samedit-cve-2021-3156-a7770d77 2026-04-25T13:58:40.914Z monthly 0.6 https://detectionlint.org/library/sigma-azure-application-gateway-modified-or-deleted-0f86dd14 2026-04-25T13:58:40.822Z monthly 0.6 https://detectionlint.org/library/spl-disable-defender-antivirus-registry-6fe14362 2026-04-25T13:58:40.731Z monthly 0.6 https://detectionlint.org/library/spl-windows-handle-duplication-in-known-uac-bypass-binaries-7b709110 2026-04-25T13:58:40.642Z monthly 0.6 https://detectionlint.org/library/sigma-potential-jndi-injection-exploitation-in-jvm-based-applicati-28226002 2026-04-25T13:58:40.458Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-inbox-forwarding-identity-protection-749be749 2026-04-25T13:58:40.276Z monthly 0.6 https://detectionlint.org/library/sigma-adexplorer-writing-complete-ad-snapshot-into-dat-file-5d9b565e 2026-04-25T13:58:40.094Z monthly 0.6 https://detectionlint.org/library/sigma-azure-subscription-permission-elevation-via-auditlogs-f664f58e 2026-04-25T13:58:40.010Z monthly 0.6 https://detectionlint.org/library/sigma-user-risk-and-mfa-registration-policy-updated-4aeed204 2026-04-25T13:58:39.905Z monthly 0.6 https://detectionlint.org/library/sigma-file-download-via-nscurl---macos-6a353f7d 2026-04-25T13:58:39.850Z monthly 0.6 https://detectionlint.org/library/sigma-tamper-with-sophos-av-registry-keys-cdddbcbb 2026-04-25T13:58:39.640Z monthly 0.6 https://detectionlint.org/library/sigma-potential-ognl-injection-exploitation-in-jvm-based-applicati-7582d0b5 2026-04-25T13:58:39.548Z monthly 0.6 https://detectionlint.org/library/sigma-network-connection-initiated-from-process-located-in-potenti-3446d67e 2026-04-25T13:58:39.459Z monthly 0.6 https://detectionlint.org/library/sigma-bitbucket-global-secret-scanning-rule-deleted-a56e1b3b 2026-04-25T13:58:39.368Z monthly 0.6 https://detectionlint.org/library/sigma-print-history-file-contents-dff05231 2026-04-25T13:58:39.276Z monthly 0.6 https://detectionlint.org/library/sigma-security-event-logging-disabled-via-minint-registry-key---re-22379dea 2026-04-25T13:58:39.187Z monthly 0.6 https://detectionlint.org/library/kql-url-added-to-application-from-unknown-domain-f546df83 2026-04-25T13:58:39.003Z monthly 0.6 https://detectionlint.org/library/sigma-bitbucket-secret-scanning-exempt-repository-added-a63baa97 2026-04-25T13:58:38.913Z monthly 0.6 https://detectionlint.org/library/sigma-potential-homoglyph-attack-using-lookalike-characters-in-fil-5a418f26 2026-04-25T13:58:38.823Z monthly 0.6 https://detectionlint.org/library/sigma-lolbas-onedrivestandaloneupdaterexe-proxy-download-57ebedbf 2026-04-25T13:58:38.731Z monthly 0.6 https://detectionlint.org/library/kql-unusual-discovery-signal-alert-with-unusual-process-command--2a7af796 2026-04-25T13:58:38.548Z monthly 0.6 https://detectionlint.org/library/sigma-lsass-full-dump-request-via-dumptype-registry-settings-5ad02174 2026-04-25T13:58:38.456Z monthly 0.6 https://detectionlint.org/library/sigma-activate-suppression-of-windows-security-center-notification-62b2d875 2026-04-25T13:58:38.366Z monthly 0.6 https://detectionlint.org/library/sigma-potential-dll-sideloading-via-jsschhlp-0b11514f 2026-04-25T13:58:38.274Z monthly 0.6 https://detectionlint.org/library/sigma-csexec-service-file-creation-67b851d2 2026-04-25T13:58:38.092Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-desktopimgdownldr-target-file-737a364c 2026-04-25T13:58:38.000Z monthly 0.6 https://detectionlint.org/library/sigma-outbound-network-connection-initiated-by-cmstpexe-0d58625d 2026-04-25T13:58:37.820Z monthly 0.6 https://detectionlint.org/library/spl-windows-execution-of-microsoft-msc-file-in-suspicious-path-4ad0b38c 2026-04-25T13:58:37.639Z monthly 0.6 https://detectionlint.org/library/spl-windows-audit-policy-cleared-via-auditpol-f6367631 2026-04-25T13:58:37.550Z monthly 0.6 https://detectionlint.org/library/sigma-guest-user-invited-by-non-approved-inviters-d1e7d672 2026-04-25T13:58:37.456Z monthly 0.6 https://detectionlint.org/library/sigma-sign-ins-from-non-compliant-devices-8ca22f5e 2026-04-25T13:58:37.364Z monthly 0.6 https://detectionlint.org/library/spl-linux-account-manipulation-of-ssh-config-and-keys-194cf8f8 2026-04-25T13:58:37.274Z monthly 0.6 https://detectionlint.org/library/spl-excessive-usage-of-sc-service-utility-05eab652 2026-04-25T13:58:37.091Z monthly 0.6 https://detectionlint.org/library/sigma-sign-in-from-malware-infected-ip-834d289c 2026-04-25T13:58:37.000Z monthly 0.6 https://detectionlint.org/library/spl-windows-account-discovery-for-sam-account-name-630bb914 2026-04-25T13:58:36.919Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-wordpad-outbound-connections-df3c363b 2026-04-25T13:58:36.819Z monthly 0.6 https://detectionlint.org/library/spl-cisco-nvm---suspicious-download-from-file-sharing-website-615715bf 2026-04-25T13:58:36.727Z monthly 0.6 https://detectionlint.org/library/spl-recon-avproduct-through-pwh-or-wmi-6a237d4f 2026-04-25T13:58:36.636Z monthly 0.6 https://detectionlint.org/library/sigma-potential-unconstrained-delegation-discovery-via-get-adcompu-a1ef22b7 2026-04-25T13:58:36.545Z monthly 0.6 https://detectionlint.org/library/sigma-account-created-and-deleted-within-a-close-time-frame-a2847171 2026-04-25T13:58:36.456Z monthly 0.6 https://detectionlint.org/library/sigma-user-added-to-group-with-ca-policy-modification-access-f7b1c4b1 2026-04-25T13:58:36.363Z monthly 0.6 https://detectionlint.org/library/spl-cisco-nvm---outbound-connection-to-suspicious-port-79dc2273 2026-04-25T13:58:36.272Z monthly 0.6 https://detectionlint.org/library/kql-service-principal-assigned-app-role-with-sensitive-access-865a6dd7 2026-04-25T13:58:36.180Z monthly 0.6 https://detectionlint.org/library/sigma-app-assigned-to-azure-rbacmicrosoft-entra-role-04dfbea3 2026-04-25T13:58:35.999Z monthly 0.6 https://detectionlint.org/library/sigma-diagnostic-library-sdiagengdll-loaded-by-msdtexe-0b9efb56 2026-04-25T13:58:35.911Z monthly 0.6 https://detectionlint.org/library/sigma-removal-of-sd-value-to-hide-schedule-task---registry-634ff1c8 2026-04-25T13:58:35.726Z monthly 0.6 https://detectionlint.org/library/sigma-outbound-network-connection-initiated-by-microsoft-dialer-9c13969b 2026-04-25T13:58:35.636Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-signins-from-a-non-registered-device-79eb866a 2026-04-25T13:58:35.543Z monthly 0.6 https://detectionlint.org/library/sigma-potential-remotefxvgpudisablementexe-abuse-1ad54b27 2026-04-25T13:58:35.452Z monthly 0.6 https://detectionlint.org/library/sigma-dns-query-to-external-service-interaction-domains-275ca1c0 2026-04-25T13:58:35.178Z monthly 0.6 https://detectionlint.org/library/kql-modification-of-the-mspkiaccountcredentials-64e98c64 2026-04-25T13:58:35.091Z monthly 0.6 https://detectionlint.org/library/sigma-disable-pua-protection-on-windows-defender-bcf9f734 2026-04-25T13:58:34.997Z monthly 0.6 https://detectionlint.org/library/sigma-fortigate---new-vpn-ssl-web-portal-added-9ba53397 2026-04-25T13:58:34.815Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-named-pipe-created-via-mkfifo-520f24f4 2026-04-25T13:58:34.723Z monthly 0.6 https://detectionlint.org/library/sigma-dll-search-order-hijackig-via-additional-space-in-path-a4fdfaf6 2026-04-25T13:58:34.635Z monthly 0.6 https://detectionlint.org/library/sigma-load-of-rstrtmgrdll-by-a-suspicious-process-e0b62157 2026-04-25T13:58:34.540Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-via-outlook-home-page-35a62f53 2026-04-25T13:58:34.451Z monthly 0.6 https://detectionlint.org/library/sigma-malicious-dll-file-dropped-in-the-teams-or-onedrive-folder-e49d375f 2026-04-25T13:58:34.360Z monthly 0.6 https://detectionlint.org/library/sigma-group-has-been-deleted-via-groupdel-15f27a5a 2026-04-25T13:58:34.268Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-wdac-policy-file-creation-6a976a08 2026-04-25T13:58:34.143Z monthly 0.6 https://detectionlint.org/library/sigma-opencanary---mssql-login-attempt-via-sqlauth-c7a487c1 2026-04-25T13:58:33.707Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-user-agents-related-to-recon-tools-9dc101a2 2026-04-25T13:58:33.620Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-oauth-app-file-download-activities-59b0fc37 2026-04-25T13:58:33.565Z monthly 0.6 https://detectionlint.org/library/sigma-new-file-exclusion-added-to-time-machine-via-tmutil---macos-2caf7d23 2026-04-25T13:58:33.546Z monthly 0.6 https://detectionlint.org/library/sigma-azure-kubernetes-pods-deleted-ef72a056 2026-04-25T13:58:33.084Z monthly 0.6 https://detectionlint.org/library/sigma-potential-packet-capture-activity-via-start-neteventsession--ff6893ac 2026-04-25T13:58:32.904Z monthly 0.6 https://detectionlint.org/library/sigma-potential-local-file-read-vulnerability-in-jvm-based-applica-9b319b36 2026-04-25T13:58:32.818Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-outbound-smtp-connections-4b00aa10 2026-04-25T13:58:32.721Z monthly 0.6 https://detectionlint.org/library/spl-cisco-isovalent---nsenter-usage-in-kubernetes-pod-155e6ce1 2026-04-25T13:58:32.629Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-dotnet-clr-usage-log-artifact-f73493df 2026-04-25T13:58:32.539Z monthly 0.6 https://detectionlint.org/library/sigma-activity-performed-by-terminated-user-00235dae 2026-04-25T13:58:32.452Z monthly 0.6 https://detectionlint.org/library/sigma-new-root-or-ca-or-authroot-certificate-to-store-8e3a3cae 2026-04-25T13:58:32.264Z monthly 0.6 https://detectionlint.org/library/kql-file-creation-in-varlog-via-suspicious-process-91d3020c 2026-04-25T13:58:32.173Z monthly 0.6 https://detectionlint.org/library/sigma-azure-kubernetes-cronjob-eb9b3491 2026-04-25T13:58:32.081Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-via-excel-add-in---registry-32ae724f 2026-04-25T13:58:31.991Z monthly 0.6 https://detectionlint.org/library/spl-windows-dll-side-loading-process-child-of-calc-3ffd4391 2026-04-25T13:58:31.900Z monthly 0.6 https://detectionlint.org/library/sigma-windows-terminal-profile-settings-modification-by-uncommon-p-9ef90cea 2026-04-25T13:58:31.808Z monthly 0.6 https://detectionlint.org/library/kql-user-account-exposed-to-kerberoasting-e270c29a 2026-04-25T13:58:31.718Z monthly 0.6 https://detectionlint.org/library/kql-file-creation-in-world-writable-directory-by-unusual-process-d219ff06 2026-04-25T13:58:31.627Z monthly 0.6 https://detectionlint.org/library/sigma-aws-guardduty-detector-deleted-or-updated-727fcbfc 2026-04-25T13:58:31.535Z monthly 0.6 https://detectionlint.org/library/sigma-registry-persistence-via-explorer-run-key-5f10d721 2026-04-25T13:58:31.444Z monthly 0.6 https://detectionlint.org/library/sigma-esxi-vsan-information-discovery-via-esxcli-2ad83ae8 2026-04-25T13:58:31.263Z monthly 0.6 https://detectionlint.org/library/sigma-azure-kubernetes-cluster-created-or-deleted-9686b394 2026-04-25T13:58:31.183Z monthly 0.6 https://detectionlint.org/library/spl-windows-cisco-secure-endpoint-stop-immunet-service-via-sfc-e60aad97 2026-04-25T13:58:31.089Z monthly 0.6 https://detectionlint.org/library/spl-registry-keys-used-for-privilege-escalation-3c6a41c7 2026-04-25T13:58:30.989Z monthly 0.6 https://detectionlint.org/library/sigma-saml-token-issuer-anomaly-59c97323 2026-04-25T13:58:30.899Z monthly 0.6 https://detectionlint.org/library/sigma-potential-file-extension-spoofing-using-right-to-left-overri-c3e5fcd8 2026-04-25T13:58:30.806Z monthly 0.6 https://detectionlint.org/library/sigma-uncommon-outbound-kerberos-connection-96284fa1 2026-04-25T13:58:30.623Z monthly 0.6 https://detectionlint.org/library/sigma-disable-windows-firewall-by-registry-7eb1edc1 2026-04-25T13:58:30.532Z monthly 0.6 https://detectionlint.org/library/sigma-delegated-permissions-granted-for-all-users-9fad4684 2026-04-25T13:58:30.441Z monthly 0.6 https://detectionlint.org/library/kql-account-added-and-removed-from-privileged-groups-c3552a13 2026-04-25T13:58:30.352Z monthly 0.6 https://detectionlint.org/library/sigma-adsi-cache-file-creation-by-uncommon-tool-1c35b755 2026-04-25T13:58:30.259Z monthly 0.6 https://detectionlint.org/library/sigma-os-architecture-discovery-via-grep-0f2b9c81 2026-04-25T13:58:30.167Z monthly 0.6 https://detectionlint.org/library/sigma-wfp-filter-added-via-registry-d861d407 2026-04-25T13:58:30.077Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-as-a-service-in-registry-1dafb147 2026-04-25T13:58:29.803Z monthly 0.6 https://detectionlint.org/library/sigma-periodic-backup-for-system-registry-hives-enabled-8b5ee0ea 2026-04-25T13:58:29.623Z monthly 0.6 https://detectionlint.org/library/spl-windows-drivers-loaded-by-signature-2358528b 2026-04-25T13:58:29.532Z monthly 0.6 https://detectionlint.org/library/sigma-download-from-suspicious-tld---blacklist-3f331d3b 2026-04-25T13:58:29.439Z monthly 0.6 https://detectionlint.org/library/spl-short-lived-windows-accounts-fdf1d84e 2026-04-25T13:58:29.352Z monthly 0.6 https://detectionlint.org/library/sigma-potential-remotefxvgpudisablementexe-abuse---powershell-scri-ade27529 2026-04-25T13:58:29.167Z monthly 0.6 https://detectionlint.org/library/sigma-monero-crypto-coin-mining-pool-lookup-dd87d217 2026-04-25T13:58:29.075Z monthly 0.6 https://detectionlint.org/library/spl-living-off-the-land-detection-deb93c65 2026-04-25T13:58:28.983Z monthly 0.6 https://detectionlint.org/library/kql-dpkg-package-installed-by-unusual-parent-process-b34ab582 2026-04-25T13:58:28.893Z monthly 0.6 https://detectionlint.org/library/sigma-nslookup-powershell-download-cradle-201b6e3b 2026-04-25T13:58:28.802Z monthly 0.6 https://detectionlint.org/library/sigma-uncommon-file-created-by-notepad-updater-gupexe-10ddee12 2026-04-25T13:58:28.619Z monthly 0.6 https://detectionlint.org/library/sigma-windows-laps-credential-dump-from-entra-id-14a84721 2026-04-25T13:58:28.529Z monthly 0.6 https://detectionlint.org/library/sigma-iso-or-image-mount-indicator-in-recent-files-b1494df6 2026-04-25T13:58:28.439Z monthly 0.6 https://detectionlint.org/library/sigma-network-connection-initiated-by-eqnedt32exe-b048bb87 2026-04-25T13:58:28.346Z monthly 0.6 https://detectionlint.org/library/sigma-esxi-vm-list-discovery-via-esxcli-f67cdcb6 2026-04-25T13:58:28.255Z monthly 0.6 https://detectionlint.org/library/kql-unusual-sshd-child-process-f1aed130 2026-04-25T13:58:27.985Z monthly 0.6 https://detectionlint.org/library/spl-allow-inbound-traffic-by-firewall-rule-registry-9db4187a 2026-04-25T13:58:27.891Z monthly 0.6 https://detectionlint.org/library/sigma-access-to-potentially-sensitive-sysvol-files-by-uncommon-app-dea42aed 2026-04-25T13:58:27.803Z monthly 0.6 https://detectionlint.org/library/sigma-new-run-key-pointing-to-suspicious-folder-187ad910 2026-04-25T13:58:27.710Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_account_leaving_or_removed_from_organization-eaa9803f 2026-04-25T13:58:27.527Z monthly 0.6 https://detectionlint.org/library/sigma-osacompile-execution-by-potentially-suspicious-appletosascri-ce02ee87 2026-04-25T13:58:27.436Z monthly 0.6 https://detectionlint.org/library/kql-failed-logon-attempts-by-valid-accounts-within-10-mins-4a6dce0a 2026-04-25T13:58:27.346Z monthly 0.6 https://detectionlint.org/library/sigma-runmru-registry-key-deletion---registry-fd184bbd 2026-04-25T13:58:27.254Z monthly 0.6 https://detectionlint.org/library/spl-local-account-discovery-with-wmic-0ce31954 2026-04-25T13:58:27.163Z monthly 0.6 https://detectionlint.org/library/sigma-vba-dll-loaded-via-office-application-3d9d836a 2026-04-25T13:58:27.071Z monthly 0.6 https://detectionlint.org/library/sigma-logon-from-a-risky-ip-address-514636f7 2026-04-25T13:58:26.980Z monthly 0.6 https://detectionlint.org/library/sigma-uncommon-microsoft-office-trusted-location-added-6d259b1c 2026-04-25T13:58:26.889Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-possible-access-or-modification-of-sshd-config--c86eda1a 2026-04-25T13:58:26.705Z monthly 0.6 https://detectionlint.org/library/sigma-opencanary---mssql-login-attempt-via-windows-authentication-5bd42554 2026-04-25T13:58:26.611Z monthly 0.6 https://detectionlint.org/library/sigma-aws-snapshot-backup-exfiltration-f51c4544 2026-04-25T13:58:26.594Z monthly 0.6 https://detectionlint.org/library/sigma-use-of-legacy-authentication-protocols-3eb3d923 2026-04-25T13:58:26.422Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_iam_activity_by_s3_browser_utility-89239078 2026-04-25T13:58:26.412Z monthly 0.6 https://detectionlint.org/library/sigma-azure-service-principal-removed-5aa4bb99 2026-04-25T13:58:26.164Z monthly 0.6 https://detectionlint.org/library/spl-cisco-isovalent---access-to-cloud-metadata-service-6a4d804c 2026-04-25T13:58:25.974Z monthly 0.6 https://detectionlint.org/library/sigma-publicly-accessible-rdp-service-62cf1e1b 2026-04-25T13:58:25.883Z monthly 0.6 https://detectionlint.org/library/kql-interactive-shell-launched-via-unusual-parent-process-in-a-c-ddaed745 2026-04-25T13:58:25.791Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-run-key-from-download-91e1c995 2026-04-25T13:58:25.698Z monthly 0.6 https://detectionlint.org/library/sigma-potential-cobaltstrike-service-installations---registry-29a6379e 2026-04-25T13:58:25.607Z monthly 0.6 https://detectionlint.org/library/kql-sunburst-suspicious-solarwinds-child-processes-4ee23cb0 2026-04-25T13:58:25.518Z monthly 0.6 https://detectionlint.org/library/spl-windows-ad-privileged-account-sid-history-addition-9c9f8db1 2026-04-25T13:58:25.335Z monthly 0.6 https://detectionlint.org/library/sigma-successful-authentications-from-countries-you-do-not-operate-96ddc47d 2026-04-25T13:58:25.242Z monthly 0.6 https://detectionlint.org/library/sigma-azure-login-bypassing-conditional-access-policies-a05ee3c4 2026-04-25T13:58:25.151Z monthly 0.6 https://detectionlint.org/library/sigma-clfssys-loaded-by-process-located-in-a-potential-suspicious--0d973b24 2026-04-25T13:58:25.060Z monthly 0.6 https://detectionlint.org/library/sigma-potential-registry-persistence-attempt-via-windows-telemetry-14e3c07c 2026-04-25T13:58:24.972Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_iam_administrator_access_policy_attached-7d60be6f 2026-04-25T13:58:24.880Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-access-to-sensitive-file-extensions---zeek-66274907 2026-04-25T13:58:24.788Z monthly 0.6 https://detectionlint.org/library/spl-linux-possible-access-or-modification-of-sshd-config-file-d3f55149 2026-04-25T13:58:24.606Z monthly 0.6 https://detectionlint.org/library/spl-linux-possible-append-cronjob-entry-on-existing-cronjob-file-d09c6f4a 2026-04-25T13:58:24.425Z monthly 0.6 https://detectionlint.org/library/sigma-process-monitor-driver-creation-by-non-sysinternals-binary-0a88d7e4 2026-04-25T13:58:24.335Z monthly 0.6 https://detectionlint.org/library/sigma-office-macro-file-download-51e427a9 2026-04-25T13:58:24.242Z monthly 0.6 https://detectionlint.org/library/spl-disabling-windows-local-security-authority-defences-via-regi-1aee1053 2026-04-25T13:58:24.151Z monthly 0.6 https://detectionlint.org/library/sigma-file-creation-in-suspicious-directory-by-msdtexe-b593ddd0 2026-04-25T13:58:24.062Z monthly 0.6 https://detectionlint.org/library/sigma-atbroker-registry-change-f7faaf2b 2026-04-25T13:58:23.969Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-invocation-of-shell-via-rsync-ad374726 2026-04-25T13:58:23.878Z monthly 0.6 https://detectionlint.org/library/sigma-registry-tampering-by-potentially-suspicious-processes-3877b68b 2026-04-25T13:58:23.788Z monthly 0.6 https://detectionlint.org/library/sigma-disable-windows-event-logging-via-registry-b0718f93 2026-04-25T13:58:23.697Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-download-and-execute-pattern-via-curlwget-5260e1f6 2026-04-25T13:58:23.605Z monthly 0.6 https://detectionlint.org/library/spl-windows-curl-download-to-suspicious-path-b7a3080c 2026-04-25T13:58:23.513Z monthly 0.6 https://detectionlint.org/library/sigma-access-to-crypto-currency-wallets-by-uncommon-applications-5de7cd7e 2026-04-25T13:58:23.422Z monthly 0.6 https://detectionlint.org/library/sigma-clipboard-collection-with-xclip-tool---auditd-ca55e716 2026-04-25T13:58:23.331Z monthly 0.6 https://detectionlint.org/library/spl-windows-applocker-privilege-escalation-via-unauthorized-bypa-08e36869 2026-04-25T13:58:23.242Z monthly 0.6 https://detectionlint.org/library/sigma-azure-network-firewall-policy-modified-or-deleted-664fee81 2026-04-25T13:58:23.147Z monthly 0.6 https://detectionlint.org/library/sigma-delete-defender-scan-shellex-context-menu-registry-key-b5e93ecb 2026-04-25T13:58:23.056Z monthly 0.6 https://detectionlint.org/library/sigma-trusted-path-bypass-via-windows-directory-spoofing-b61da999 2026-04-25T13:58:22.964Z monthly 0.6 https://detectionlint.org/library/sigma-potential-powershell-console-history-access-attempt-via-hist-37e30936 2026-04-25T13:58:22.785Z monthly 0.6 https://detectionlint.org/library/spl-windows-application-whitelisting-bypass-attempt-via-rundll32-d4c478d8 2026-04-25T13:58:22.692Z monthly 0.6 https://detectionlint.org/library/sigma-ca-policy-updated-by-non-approved-actor-232a549c 2026-04-25T13:58:22.603Z monthly 0.6 https://detectionlint.org/library/sigma-files-with-system-process-name-in-unsuspected-locations-a15b995e 2026-04-25T13:58:22.511Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-file-drop-by-exchange-43826999 2026-04-25T13:58:22.327Z monthly 0.6 https://detectionlint.org/library/spl-excessive-usage-of-cacls-app-04c26391 2026-04-25T13:58:22.236Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-path-in-keyboard-layout-ime-file-registry-value-628bf5bf 2026-04-25T13:58:22.144Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-via-outlook-today-page-cd9a3100 2026-04-25T13:58:22.054Z monthly 0.6 https://detectionlint.org/library/sigma-azure-kubernetes-network-policy-change-36459040 2026-04-25T13:58:21.958Z monthly 0.6 https://detectionlint.org/library/sigma-temporary-access-pass-added-to-an-account-41ca07a6 2026-04-25T13:58:21.848Z monthly 0.6 https://detectionlint.org/library/sigma-bitbucket-user-details-export-attempt-detected-953bbe59 2026-04-25T13:58:21.833Z monthly 0.6 https://detectionlint.org/library/spl-windows-cabinet-file-extraction-via-expand-b33cef71 2026-04-25T13:57:29.682Z monthly 0.6 https://detectionlint.org/library/sigma-windows-event-log-access-tampering-via-registry-9b60fdb0 2026-04-25T13:57:29.593Z monthly 0.6 https://detectionlint.org/library/sigma-user-added-to-admin-group-via-dseditgroup-5b3b7b5c 2026-04-25T13:57:29.500Z monthly 0.6 https://detectionlint.org/library/sigma-pua---advanced-ipport-scanner-update-check-6c3b1ff3 2026-04-25T13:57:29.229Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-volume-shadow-copy-vsstracedll-load-005d28a6 2026-04-25T13:57:29.139Z monthly 0.6 https://detectionlint.org/library/spl-windows-audit-policy-disabled-via-legacy-auditpol-e5d764dc 2026-04-25T13:57:29.047Z monthly 0.6 https://detectionlint.org/library/sigma-rare-subscription-level-operations-in-azure-d69c7822 2026-04-25T13:57:28.955Z monthly 0.6 https://detectionlint.org/library/spl-windows-clipboard-data-via-get-clipboard-a0f6447a 2026-04-25T13:57:28.867Z monthly 0.6 https://detectionlint.org/library/sigma-azure-keyvault-key-modified-or-deleted-356a6c80 2026-04-25T13:57:28.772Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-process-discovery-with-get-process-fc05a6f8 2026-04-25T13:57:28.594Z monthly 0.6 https://detectionlint.org/library/spl-domain-group-discovery-with-wmic-a5605e7a 2026-04-25T13:57:28.500Z monthly 0.6 https://detectionlint.org/library/sigma-drop-binaries-into-spool-drivers-color-folder-0915026b 2026-04-25T13:57:28.411Z monthly 0.6 https://detectionlint.org/library/sigma-uac-bypass-abusing-winsat-path-parsing---file-b483bd75 2026-04-25T13:57:28.319Z monthly 0.6 https://detectionlint.org/library/sigma-new-country-15ab8bff 2026-04-25T13:57:28.138Z monthly 0.6 https://detectionlint.org/library/sigma-fortigate---new-firewall-policy-added-3bd31591 2026-04-25T13:57:27.954Z monthly 0.6 https://detectionlint.org/library/sigma-potential-malicious-usage-of-cloudtrail-system-manager-3d394a4a 2026-04-25T13:57:27.862Z monthly 0.6 https://detectionlint.org/library/spl-impacket-lateral-movement-wmiexec-commandline-parameters-f9e83b2e 2026-04-25T13:57:27.679Z monthly 0.6 https://detectionlint.org/library/sigma-active-directory-group-enumeration-with-get-adgroup-76606aa1 2026-04-25T13:57:27.592Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-lnk-double-extension-file-created-93c5efde 2026-04-25T13:57:27.498Z monthly 0.6 https://detectionlint.org/library/sigma-remote-schedule-task-lateral-movement-via-itaskschedulerserv-3444f031 2026-04-25T13:57:27.316Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_alb_insecure_ssl_policy-70d7e581 2026-04-25T13:57:27.227Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-via-event-viewer-eventsasp-c0209bb0 2026-04-25T13:57:27.134Z monthly 0.6 https://detectionlint.org/library/spl-sunburst-correlation-dll-and-network-event-b5725d55 2026-04-25T13:57:27.043Z monthly 0.6 https://detectionlint.org/library/sigma-registry-persistence-mechanisms-in-recycle-bin-2f736f14 2026-04-25T13:57:26.861Z monthly 0.6 https://detectionlint.org/library/spl-suspicious-regsvr32-register-suspicious-path-c9a23ec6 2026-04-25T13:57:26.769Z monthly 0.6 https://detectionlint.org/library/spl-allow-file-and-printing-sharing-in-firewall-15ce36a0 2026-04-25T13:57:26.681Z monthly 0.6 https://detectionlint.org/library/sigma-wdigest-credguard-registry-modification-f712ca48 2026-04-25T13:57:26.587Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-doas-conf-file-creation-f688503e 2026-04-25T13:57:26.317Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-new-psdrive-to-admin-share-eb48c5db 2026-04-25T13:57:26.224Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-via-typedpaths-8f97711c 2026-04-25T13:57:26.134Z monthly 0.6 https://detectionlint.org/library/sigma-advanced-ip-scanner---file-event-f9983674 2026-04-25T13:57:25.952Z monthly 0.6 https://detectionlint.org/library/sigma-bloodhound-collection-files-9a10039f 2026-04-25T13:57:25.863Z monthly 0.6 https://detectionlint.org/library/sigma-add-disallowrun-execution-to-registry-2273b1b7 2026-04-25T13:57:25.769Z monthly 0.6 https://detectionlint.org/library/sigma-syslog-clearing-or-removal-via-system-utilities-acf84eac 2026-04-25T13:57:25.678Z monthly 0.6 https://detectionlint.org/library/spl-detect-use-of-cmd-exe-to-launch-script-interpreters-42823823 2026-04-25T13:57:25.588Z monthly 0.6 https://detectionlint.org/library/sigma-payload-decoded-and-decrypted-via-built-in-utilities-cab9a71c 2026-04-25T13:57:25.495Z monthly 0.6 https://detectionlint.org/library/spl-windows-file-and-directory-permissions-enable-inheritance-c4994215 2026-04-25T13:57:25.405Z monthly 0.6 https://detectionlint.org/library/sigma-steganography-hide-files-with-steghide-793c93de 2026-04-25T13:57:25.223Z monthly 0.6 https://detectionlint.org/library/sigma-potential-abuse-of-linux-magic-system-request-key-5fc56197 2026-04-25T13:57:25.043Z monthly 0.6 https://detectionlint.org/library/sigma-gathernetworkinfovbs-reconnaissance-script-output-f1da9f02 2026-04-25T13:57:24.768Z monthly 0.6 https://detectionlint.org/library/sigma-esxi-system-information-discovery-via-esxcli-0070047c 2026-04-25T13:57:24.676Z monthly 0.6 https://detectionlint.org/library/spl-serviceprincipalnames-discovery-with-setspn-4014d5ec 2026-04-25T13:57:24.588Z monthly 0.6 https://detectionlint.org/library/sigma-registry-entries-for-azorult-malware-a62f8220 2026-04-25T13:57:24.403Z monthly 0.6 https://detectionlint.org/library/sigma-remote-schedule-task-recon-via-itaskschedulerservice-106e5b08 2026-04-25T13:57:24.314Z monthly 0.6 https://detectionlint.org/library/sigma-potential-autologger-sessions-tampering-2be3a467 2026-04-25T13:57:24.247Z monthly 0.6 https://detectionlint.org/library/sigma-aws-ecs-task-definition-that-queries-the-credential-endpoint-4af2f599 2026-04-25T13:57:24.137Z monthly 0.6 https://detectionlint.org/library/sigma-potential-xxe-exploitation-attempt-in-jvm-based-application-16b5359c 2026-04-25T13:57:23.949Z monthly 0.6 https://detectionlint.org/library/sigma-bitbucket-project-secret-scanning-allowlist-added-15df78da 2026-04-25T13:57:23.857Z monthly 0.6 https://detectionlint.org/library/sigma-potential-startup-shortcut-persistence-via-powershellexe-a93b60d7 2026-04-25T13:57:23.676Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-network-connection-to-notion-api-d7d719b1 2026-04-25T13:57:23.583Z monthly 0.6 https://detectionlint.org/library/kql-windows-cryptoapi-spoofing-vulnerability-cve-2020-0601---cur-5eb257f4 2026-04-25T13:57:23.402Z monthly 0.6 https://detectionlint.org/library/spl-windows-ad-add-self-to-group-363ce497 2026-04-25T13:57:23.218Z monthly 0.6 https://detectionlint.org/library/sigma-bulk-deletion-changes-to-privileged-account-permissions-207ce2a2 2026-04-25T13:57:23.126Z monthly 0.6 https://detectionlint.org/library/spl-windows-chrome-auto-update-disabled-via-registry-217b76f4 2026-04-25T13:57:23.036Z monthly 0.6 https://detectionlint.org/library/sigma-esxi-account-creation-via-esxcli-487a4c1c 2026-04-25T13:57:22.945Z monthly 0.6 https://detectionlint.org/library/sigma-delete-volume-shadow-copies-via-wmi-with-powershell-a841dc84 2026-04-25T13:57:22.854Z monthly 0.6 https://detectionlint.org/library/kql-pe-file-dropped-in-color-profile-folder-3a2ee2ed 2026-04-25T13:57:22.764Z monthly 0.6 https://detectionlint.org/library/sigma-github-repository-pages-site-changed-to-public-f33efe94 2026-04-25T13:57:22.674Z monthly 0.6 https://detectionlint.org/library/sigma-uncommon-connection-to-active-directory-web-services-4ae56560 2026-04-25T13:57:22.582Z monthly 0.6 https://detectionlint.org/library/spl-windows-bitdefender-submission-wizard-dll-sideloading-9e8cad03 2026-04-25T13:57:22.492Z monthly 0.6 https://detectionlint.org/library/sigma-special-file-creation-via-mknod-syscall-ed033360 2026-04-25T13:57:22.401Z monthly 0.6 https://detectionlint.org/library/sigma-modification-of-ldsopreload-30f84dca 2026-04-25T13:57:22.309Z monthly 0.6 https://detectionlint.org/library/kql-user-account-enabled-and-disabled-within-10-mins-1b03592c 2026-04-25T13:57:22.219Z monthly 0.6 https://detectionlint.org/library/sigma-microsoft-teams-sensitive-file-access-by-uncommon-applicatio-89bfe238 2026-04-25T13:57:22.127Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-via-netsh-helper-dll---registry-dd280730 2026-04-25T13:57:21.946Z monthly 0.6 https://detectionlint.org/library/spl-windows-file-download-via-certutil-788025dd 2026-04-25T13:57:21.764Z monthly 0.6 https://detectionlint.org/library/sigma-f5-big-ip-icontrol-rest-api-command-execution---webserver-f5ac1183 2026-04-25T13:57:21.673Z monthly 0.6 https://detectionlint.org/library/spl-detection-of-tools-built-by-nirsoft-6ad85194 2026-04-25T13:57:21.589Z monthly 0.6 https://detectionlint.org/library/kql-silk-typhoon-new-um-service-child-process-e50900ec 2026-04-25T13:57:21.399Z monthly 0.6 https://detectionlint.org/library/sigma-docker-container-discovery-via-dockerenv-listing-47eda222 2026-04-25T13:57:21.308Z monthly 0.6 https://detectionlint.org/library/spl-windows-chromium-browser-launched-with-small-window-size-7e8e5226 2026-04-25T13:57:21.216Z monthly 0.6 https://detectionlint.org/library/sigma-disable-of-etw-trace---powershell-feb9ea2f 2026-04-25T13:57:21.128Z monthly 0.6 https://detectionlint.org/library/spl-child-processes-of-spoolsv-exe-eb832d42 2026-04-25T13:57:21.035Z monthly 0.6 https://detectionlint.org/library/sigma-container-residence-discovery-via-proc-virtual-fs-9bc91159 2026-04-25T13:57:20.944Z monthly 0.6 https://detectionlint.org/library/spl-enable-wdigest-uselogoncredential-registry-92136588 2026-04-25T13:57:20.852Z monthly 0.6 https://detectionlint.org/library/spl-windows-ad-cross-domain-sid-history-addition-a4fe62fe 2026-04-25T13:57:20.761Z monthly 0.6 https://detectionlint.org/library/sigma-remote-printing-abuse-for-lateral-movement-c6f69ccb 2026-04-25T13:57:20.671Z monthly 0.6 https://detectionlint.org/library/sigma-adwind-rat-jrat-file-artifact-7f667d4d 2026-04-25T13:57:20.581Z monthly 0.6 https://detectionlint.org/library/sigma-azure-firewall-rule-collection-modified-or-deleted-ebb1e541 2026-04-25T13:57:20.487Z monthly 0.6 https://detectionlint.org/library/sigma-abusable-dll-potential-sideloading-from-suspicious-location-903acc81 2026-04-25T13:57:20.397Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-dmphdmp-file-creation-93251b69 2026-04-25T13:57:20.306Z monthly 0.6 https://detectionlint.org/library/sigma-failed-authentications-from-countries-you-do-not-operate-out-640b1eb9 2026-04-25T13:57:20.215Z monthly 0.6 https://detectionlint.org/library/spl-cisco-isovalent---potential-escape-to-host-2e774003 2026-04-25T13:57:20.123Z monthly 0.6 https://detectionlint.org/library/sigma-user-added-to-rootsudoers-group-using-usermod-5058084b 2026-04-25T13:57:19.942Z monthly 0.6 https://detectionlint.org/library/sigma-terminal-server-client-connection-history-cleared---registry-1b537aa4 2026-04-25T13:57:19.850Z monthly 0.6 https://detectionlint.org/library/sigma-user-added-to-admin-group-via-dscl-11ae9da1 2026-04-25T13:57:19.759Z monthly 0.6 https://detectionlint.org/library/sigma-usage-of-renamed-sysinternals-tools---registryset-acfabdaf 2026-04-25T13:57:19.667Z monthly 0.6 https://detectionlint.org/library/spl-windows-audit-policy-security-descriptor-tampering-via-audit-cb990976 2026-04-25T13:57:19.578Z monthly 0.6 https://detectionlint.org/library/sigma-dotnet-assembly-dll-loaded-via-office-application-6de5b92b 2026-04-25T13:57:19.485Z monthly 0.6 https://detectionlint.org/library/spl-file-download-or-read-to-pipe-execution-48f16e8d 2026-04-25T13:57:19.302Z monthly 0.6 https://detectionlint.org/library/sigma-remote-task-creation-via-atsvc-named-pipe---zeek-cd153533 2026-04-25T13:57:19.122Z monthly 0.6 https://detectionlint.org/library/sigma-dhcp-callout-dll-installation-2f86466b 2026-04-25T13:57:19.032Z monthly 0.6 https://detectionlint.org/library/sigma-network-connection-initiated-to-visual-studio-code-tunnels-d-031628e1 2026-04-25T13:57:18.938Z monthly 0.6 https://detectionlint.org/library/sigma-potential-azure-browser-sso-abuse-1c624b06 2026-04-25T13:57:18.849Z monthly 0.6 https://detectionlint.org/library/sigma-azure-firewall-rule-configuration-modified-or-deleted-4540ca4c 2026-04-25T13:57:18.756Z monthly 0.6 https://detectionlint.org/library/sigma-winrar-creating-files-in-startup-locations-2d290b5e 2026-04-25T13:57:18.665Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-via-autodialdll-ae218fc1 2026-04-25T13:57:18.573Z monthly 0.6 https://detectionlint.org/library/spl-credential-dumping-via-symlink-to-shadow-copy-3d04aaad 2026-04-25T13:57:18.483Z monthly 0.6 https://detectionlint.org/library/sigma-potential-dll-sideloading-via-vmware-xfer-4301467f 2026-04-25T13:57:18.394Z monthly 0.6 https://detectionlint.org/library/spl-cisco-isovalent---cron-job-creation-496f840a 2026-04-25T13:57:18.317Z monthly 0.6 https://detectionlint.org/library/spl-windows-domain-account-discovery-via-get-netcomputer-1947dceb 2026-04-25T13:57:18.244Z monthly 0.6 https://detectionlint.org/library/sigma-screen-capture-with-xwd-f31872b2 2026-04-25T13:57:18.132Z monthly 0.6 https://detectionlint.org/library/spl-suspicious-rundll32-dllregisterserver-17457e4a 2026-04-25T13:57:17.126Z monthly 0.6 https://detectionlint.org/library/spl-windows-create-local-administrator-account-via-net-ca39f802 2026-04-25T13:57:17.038Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-macos-firmware-activity-16da0593 2026-04-25T13:57:16.945Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-logging-disabled-via-registry-key-tampering-1735feeb 2026-04-25T13:57:16.855Z monthly 0.6 https://detectionlint.org/library/spl-connectwise-screenconnect-path-traversal-windows-sacl-774d2978 2026-04-25T13:57:16.761Z monthly 0.6 https://detectionlint.org/library/sigma-change-the-fax-dll-d3d765c2 2026-04-25T13:57:16.306Z monthly 0.6 https://detectionlint.org/library/sigma-new-odbc-driver-registered-508e3aa8 2026-04-25T13:57:16.238Z monthly 0.6 https://detectionlint.org/library/sigma-dll-load-by-system-process-from-suspicious-locations-0b0459d5 2026-04-25T13:57:16.126Z monthly 0.6 https://detectionlint.org/library/sigma-local-system-accounts-discovery---macos-05f99670 2026-04-25T13:57:16.097Z monthly 0.6 https://detectionlint.org/library/sigma-remote-access-tool---anydesk-incoming-connection-241b4a8d 2026-04-25T13:57:15.850Z monthly 0.6 https://detectionlint.org/library/sigma-iso-file-created-within-temp-folders-876543fc 2026-04-25T13:57:15.580Z monthly 0.6 https://detectionlint.org/library/sigma-register-new-ifiltre-for-persistence-c453ec55 2026-04-25T13:57:15.488Z monthly 0.6 https://detectionlint.org/library/spl-domain-group-discovery-with-adsisearcher-a7331309 2026-04-25T13:57:15.398Z monthly 0.6 https://detectionlint.org/library/kql-successful-ssh-authentication-from-unusual-ip-address-1ddef3fd 2026-04-25T13:57:15.306Z monthly 0.6 https://detectionlint.org/library/spl-windows-file-share-discovery-with-powerview-da498fb7 2026-04-25T13:57:15.226Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-nopasswd-entry-in-sudoers-file-c105dbf9 2026-04-25T13:57:15.126Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-via-visual-studio-tools-for-office-836fd725 2026-04-25T13:57:15.035Z monthly 0.6 https://detectionlint.org/library/sigma-aws-user-login-profile-was-modified-d29c5712 2026-04-25T13:57:14.941Z monthly 0.6 https://detectionlint.org/library/sigma-screensaver-registry-key-set-d78759f2 2026-04-25T13:57:14.850Z monthly 0.6 https://detectionlint.org/library/spl-nltest-domain-trust-discovery-63cf5a96 2026-04-25T13:57:14.669Z monthly 0.6 https://detectionlint.org/library/spl-windows-boot-or-logon-autostart-execution-in-startup-folder-76dc123a 2026-04-25T13:57:14.578Z monthly 0.6 https://detectionlint.org/library/spl-windows-bluetooth-service-installed-from-uncommon-location-3d60cb07 2026-04-25T13:57:14.487Z monthly 0.6 https://detectionlint.org/library/sigma-disable-windows-defender-functionalities-via-registry-keys-73f56677 2026-04-25T13:57:14.395Z monthly 0.6 https://detectionlint.org/library/sigma-esxi-syslog-configuration-change-via-esxcli-c365e65f 2026-04-25T13:57:14.304Z monthly 0.6 https://detectionlint.org/library/spl-windows-default-rdp-file-creation-by-non-mstsc-process-504a14c1 2026-04-25T13:57:14.213Z monthly 0.6 https://detectionlint.org/library/sigma-sign-ins-by-unknown-devices-92a4f7fc 2026-04-25T13:57:14.033Z monthly 0.6 https://detectionlint.org/library/sigma-potential-system-dll-sideloading-from-non-system-locations-3e18cd5d 2026-04-25T13:57:13.862Z monthly 0.6 https://detectionlint.org/library/sigma-antivirus-ransomware-detection-495145d9 2026-04-25T13:57:13.773Z monthly 0.6 https://detectionlint.org/library/sigma-potential-pendingfilerenameoperations-tampering-edee4360 2026-04-25T13:57:13.672Z monthly 0.6 https://detectionlint.org/library/kql-rare-rdp-connections-4f50b349 2026-04-25T13:57:13.577Z monthly 0.6 https://detectionlint.org/library/spl-detect-excessive-account-lockouts-from-endpoint-a778f432 2026-04-25T13:57:13.488Z monthly 0.6 https://detectionlint.org/library/kql-potential-lsass-memory-dump-via-psscapturesnapshot-561163fa 2026-04-25T13:57:13.396Z monthly 0.6 https://detectionlint.org/library/sigma-disable-exploit-guard-network-protection-on-windows-defender-b27b678f 2026-04-25T13:57:13.303Z monthly 0.6 https://detectionlint.org/library/sigma-possible-impacket-secretdump-remote-activity---zeek-4bd6f405 2026-04-25T13:57:13.219Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-deno-file-written-from-remote-source-0f078e59 2026-04-25T13:57:13.123Z monthly 0.6 https://detectionlint.org/library/spl-windows-dnsadmins-new-member-added-1b0adc6f 2026-04-25T13:57:13.036Z monthly 0.6 https://detectionlint.org/library/kql-tainted-out-of-tree-kernel-module-load-385abf77 2026-04-25T13:57:12.760Z monthly 0.6 https://detectionlint.org/library/sigma-remote-schedule-task-lateral-movement-via-atsvc-ff084f63 2026-04-25T13:57:12.668Z monthly 0.6 https://detectionlint.org/library/sigma-vmmap-signed-dbghelpdll-potential-sideloading-d52642c6 2026-04-25T13:57:12.581Z monthly 0.6 https://detectionlint.org/library/sigma-system-control-panel-item-loaded-from-uncommon-location-d92b91ce 2026-04-25T13:57:12.485Z monthly 0.6 https://detectionlint.org/library/spl-creation-of-shadow-copy-63fe783f 2026-04-25T13:57:12.394Z monthly 0.6 https://detectionlint.org/library/sigma-unusual-file-modification-by-dnsexe-e1baac31 2026-04-25T13:57:12.302Z monthly 0.6 https://detectionlint.org/library/sigma-aws-s3-bucket-versioning-disable-d8878bcf 2026-04-25T13:57:12.217Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-aspx-file-drop-by-exchange-6d0f0573 2026-04-25T13:57:12.122Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-files-in-default-gpo-folder-5ced9e03 2026-04-25T13:57:12.032Z monthly 0.6 https://detectionlint.org/library/sigma-amsidll-loaded-via-lolbin-process-b09b6935 2026-04-25T13:57:11.939Z monthly 0.6 https://detectionlint.org/library/sigma-fortigate---new-administrator-account-created-91c1c46a 2026-04-25T13:57:11.755Z monthly 0.6 https://detectionlint.org/library/sigma-recon-activity-via-sasec-4b935da2 2026-04-25T13:57:11.664Z monthly 0.6 https://detectionlint.org/library/sigma-potential-rjvplatformdll-sideloading-from-default-location-3908c6b6 2026-04-25T13:57:11.574Z monthly 0.6 https://detectionlint.org/library/spl-hide-user-account-from-sign-in-screen-a44bb907 2026-04-25T13:57:11.488Z monthly 0.6 https://detectionlint.org/library/sigma-activity-from-infrequent-country-9b9fa469 2026-04-25T13:57:11.392Z monthly 0.6 https://detectionlint.org/library/spl-windows-audit-policy-disabled-via-auditpol-3a2c5daa 2026-04-25T13:57:11.299Z monthly 0.6 https://detectionlint.org/library/sigma-potential-powershell-obfuscation-via-reversed-commands-340865b6 2026-04-25T13:57:11.208Z monthly 0.6 https://detectionlint.org/library/sigma-aws-config-disabling-channelrecorder-396135c6 2026-04-25T13:57:11.117Z monthly 0.6 https://detectionlint.org/library/spl-cisco-isovalent---pods-running-offensive-tools-9b8175aa 2026-04-25T13:57:11.026Z monthly 0.6 https://detectionlint.org/library/sigma-opencanary---host-port-scan-syn-scan-d1126093 2026-04-25T13:57:10.843Z monthly 0.6 https://detectionlint.org/library/sigma-users-added-to-global-or-device-admin-roles-3b027631 2026-04-25T13:57:10.754Z monthly 0.6 https://detectionlint.org/library/sigma-potential-iviewersdll-sideloading-945a364a 2026-04-25T13:57:10.569Z monthly 0.6 https://detectionlint.org/library/sigma-potential-dll-file-download-via-powershell-invoke-webrequest-ea9bdcd2 2026-04-25T13:57:10.415Z monthly 0.6 https://detectionlint.org/library/sigma-named-pipe-created-via-mkfifo-b8661f6d 2026-04-25T13:57:10.296Z monthly 0.6 https://detectionlint.org/library/sigma-github-push-protection-bypass-detected-fc365f74 2026-04-25T13:57:10.205Z monthly 0.6 https://detectionlint.org/library/spl-windows-disable-lock-workstation-feature-through-registry-d58114e6 2026-04-25T13:57:10.113Z monthly 0.6 https://detectionlint.org/library/sigma-azure-keyvault-secrets-modified-or-deleted-ed8343f8 2026-04-25T13:57:10.022Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-wsman-provider-image-loads-9015c1d0 2026-04-25T13:57:09.940Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-history-file-operations-45bc9044 2026-04-25T13:57:09.852Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-connection-to-remote-account-835eb5fa 2026-04-25T13:57:09.657Z monthly 0.6 https://detectionlint.org/library/spl-remote-process-instantiation-via-winrm-and-winrs-aa9999fa 2026-04-25T13:57:09.566Z monthly 0.6 https://detectionlint.org/library/spl-detect-outlook-exe-writing-a-zip-file-8ca3802d 2026-04-25T13:57:09.475Z monthly 0.6 https://detectionlint.org/library/sigma-pim-approvals-and-deny-elevation-52e256ee 2026-04-25T13:57:09.384Z monthly 0.6 https://detectionlint.org/library/spl-windows-credentials-from-password-stores-chrome-copied-in-te-174a8cd7 2026-04-25T13:57:09.294Z monthly 0.6 https://detectionlint.org/library/sigma-activity-from-anonymous-ip-addresses-32794652 2026-04-25T13:57:09.202Z monthly 0.6 https://detectionlint.org/library/sigma-system-integrity-protection-sip-disabled-d4911967 2026-04-25T13:57:09.113Z monthly 0.6 https://detectionlint.org/library/sigma-registry-modification-to-hidden-file-extension-4f85cf8f 2026-04-25T13:57:09.034Z monthly 0.6 https://detectionlint.org/library/spl-windows-disable-change-password-through-registry-c414e5a0 2026-04-25T13:57:08.930Z monthly 0.6 https://detectionlint.org/library/sigma-potential-suspicious-change-to-sensitivecritical-files-9fd7bb7e 2026-04-25T13:57:08.838Z monthly 0.6 https://detectionlint.org/library/spl-windows-account-access-removal-via-logoff-exec-5f703348 2026-04-25T13:57:08.748Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-scheduled-task-write-to-system32-tasks-82313978 2026-04-25T13:57:08.657Z monthly 0.6 https://detectionlint.org/library/sigma-dmsa-service-account-created-in-specific-ous---powershell-541aa78a 2026-04-25T13:57:08.566Z monthly 0.6 https://detectionlint.org/library/sigma-root-account-enable-via-dsenableroot-af02f9c2 2026-04-25T13:57:08.475Z monthly 0.6 https://detectionlint.org/library/sigma-outbound-network-connection-initiated-by-script-interpreter-127f2122 2026-04-25T13:57:08.387Z monthly 0.6 https://detectionlint.org/library/sigma-potential-antivirus-software-dll-sideloading-056b5743 2026-04-25T13:57:08.298Z monthly 0.6 https://detectionlint.org/library/spl-windows-defender-asr-rule-disabled-32c74930 2026-04-25T13:57:08.202Z monthly 0.6 https://detectionlint.org/library/sigma-evtx-created-in-uncommon-location-36f530d3 2026-04-25T13:57:08.111Z monthly 0.6 https://detectionlint.org/library/sigma-azure-key-vault-modified-or-deleted-aa9b5229 2026-04-25T13:57:07.838Z monthly 0.6 https://detectionlint.org/library/sigma-potential-initial-access-via-dll-search-order-hijacking-3a808cb9 2026-04-25T13:57:07.657Z monthly 0.6 https://detectionlint.org/library/spl-windows-group-discovery-via-net-09105929 2026-04-25T13:57:07.473Z monthly 0.6 https://detectionlint.org/library/sigma-clickonce-trust-prompt-tampering-dd15701f 2026-04-25T13:57:07.382Z monthly 0.6 https://detectionlint.org/library/kql-authentication-attempt-from-new-country-be18f03a 2026-04-25T13:57:07.292Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---remotekrbrelay-smb-relay-secrets-dump-module-indi-512638a2 2026-04-25T13:57:07.199Z monthly 0.6 https://detectionlint.org/library/sigma-enumerate-credentials-from-windows-credential-manager-with-p-6895d157 2026-04-25T13:57:07.109Z monthly 0.6 https://detectionlint.org/library/sigma-esxi-network-configuration-discovery-via-esxcli-7da17388 2026-04-25T13:57:07.018Z monthly 0.6 https://detectionlint.org/library/spl-windows-global-object-access-audit-list-cleared-via-auditpol-96c6240d 2026-04-25T13:57:06.928Z monthly 0.6 https://detectionlint.org/library/spl-windows-consolehost-history-file-deletion-00f28371 2026-04-25T13:57:06.836Z monthly 0.6 https://detectionlint.org/library/sigma-kubernetes-cronjobjob-modification-16b32058 2026-04-25T13:57:06.752Z monthly 0.6 https://detectionlint.org/library/sigma-potential-eventlog-file-location-tampering-621e0ab2 2026-04-25T13:57:06.654Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-volume-shadow-copy-vssapidll-load-ecf58c0f 2026-04-25T13:57:06.564Z monthly 0.6 https://detectionlint.org/library/spl-linux-high-frequency-of-file-deletion-in-boot-folder-abc3c8dd 2026-04-25T13:57:06.471Z monthly 0.6 https://detectionlint.org/library/spl-windows-dll-search-order-hijacking-hunt-with-sysmon-12f9dfdf 2026-04-25T13:57:06.383Z monthly 0.6 https://detectionlint.org/library/sigma-potential-container-discovery-via-inodes-listing-c92b7b7a 2026-04-25T13:57:06.200Z monthly 0.6 https://detectionlint.org/library/sigma-ses-identity-has-been-deleted-440cf3d2 2026-04-25T13:57:06.067Z monthly 0.6 https://detectionlint.org/library/spl-spoolsv-writing-a-dll-7379f851 2026-04-25T13:57:05.330Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-tcp-tunnel-via-powershell-script-8b93f93f 2026-04-25T13:57:05.240Z monthly 0.6 https://detectionlint.org/library/sigma-disable-security-events-logging-adding-reg-key-minint-7642cda4 2026-04-25T13:57:05.059Z monthly 0.6 https://detectionlint.org/library/spl-advanced-ip-or-port-scanner-execution-4f3df886 2026-04-25T13:57:04.969Z monthly 0.6 https://detectionlint.org/library/sigma-aws-elasticache-security-group-created-027461e0 2026-04-25T13:57:04.877Z monthly 0.6 https://detectionlint.org/library/spl-windows-excessive-service-stop-attempt-75a1737f 2026-04-25T13:57:04.785Z monthly 0.6 https://detectionlint.org/library/kql-potential-persistence-via-login-hook-72296943 2026-04-25T13:57:04.605Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-possible-append-cronjob-entry-on-existing-cronj-e7c450ff 2026-04-25T13:57:04.511Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-via-outlook-form-6bb5da8f 2026-04-25T13:57:04.421Z monthly 0.6 https://detectionlint.org/library/sigma-windows-defender-threat-severity-default-action-modified-845b3bb2 2026-04-25T13:57:04.238Z monthly 0.6 https://detectionlint.org/library/sigma-bitbucket-global-permission-changed-4922ef99 2026-04-25T13:57:04.147Z monthly 0.6 https://detectionlint.org/library/kql-azure-vm-run-command-operations-executing-a-unique-powershel-6921d978 2026-04-25T13:57:03.965Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-via-appcompat-registerapprestart-layer-7ed7ceea 2026-04-25T13:57:03.875Z monthly 0.6 https://detectionlint.org/library/kql-file-permission-modification-in-writable-directory-bf5880b7 2026-04-25T13:57:03.790Z monthly 0.6 https://detectionlint.org/library/sigma-aws-s3-data-management-tampering-880d32e8 2026-04-25T13:57:03.693Z monthly 0.6 https://detectionlint.org/library/spl-active-directory-lateral-movement-identified-870a0e42 2026-04-25T13:57:03.512Z monthly 0.6 https://detectionlint.org/library/sigma-jamf-mdm-potential-suspicious-child-process-ed6fa5b9 2026-04-25T13:57:03.327Z monthly 0.6 https://detectionlint.org/library/sigma-office-macro-file-creation-c1615956 2026-04-25T13:57:03.236Z monthly 0.6 https://detectionlint.org/library/sigma-rdp-file-created-by-uncommon-application-ac2ff62d 2026-04-25T13:57:03.144Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-file-created-via-onenote-application-e315a144 2026-04-25T13:57:03.053Z monthly 0.6 https://detectionlint.org/library/sigma-uac-bypass-via-wsreset-ca82af43 2026-04-25T13:57:02.963Z monthly 0.6 https://detectionlint.org/library/sigma-aws-rds-master-password-change-0656eb07 2026-04-25T13:57:02.906Z monthly 0.6 https://detectionlint.org/library/kql-default-cobalt-strike-team-server-certificate-52db5a84 2026-04-25T13:57:02.868Z monthly 0.6 https://detectionlint.org/library/sigma-ntdsdit-creation-by-uncommon-parent-process-7d93bc1e 2026-04-25T13:57:02.507Z monthly 0.6 https://detectionlint.org/library/sigma-kubernetes-secrets-modified-or-deleted-d7432168 2026-04-25T13:57:02.418Z monthly 0.6 https://detectionlint.org/library/kql-potential-privilege-escalation-via-sudoers-file-modification-543ee360 2026-04-25T13:57:02.328Z monthly 0.6 https://detectionlint.org/library/spl-suspicious-computer-account-name-change-596490ae 2026-04-25T13:57:02.230Z monthly 0.6 https://detectionlint.org/library/sigma-zip-a-folder-with-powershell-for-staging-in-temp---powershel-bbe6188e 2026-04-25T13:57:02.138Z monthly 0.6 https://detectionlint.org/library/sigma-azure-kubernetes-sensitive-role-access-1d63b3cf 2026-04-25T13:57:02.047Z monthly 0.6 https://detectionlint.org/library/sigma-disk-image-creation-via-hdiutil---macos-25040801 2026-04-25T13:57:01.954Z monthly 0.6 https://detectionlint.org/library/sigma-google-workspace-role-modified-or-deleted-d0c3fe93 2026-04-25T13:57:01.866Z monthly 0.6 https://detectionlint.org/library/spl-excessive-attempt-to-disable-services-803e52f0 2026-04-25T13:57:01.773Z monthly 0.6 https://detectionlint.org/library/kql-linux-clipboard-activity-detected-6acd46a5 2026-04-25T13:57:01.592Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_ec2_high_number_of_api_calls-2ff16f65 2026-04-25T13:57:01.501Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_iam_access_analyzer_deleted-7c7aeb0c 2026-04-25T13:57:01.410Z monthly 0.6 https://detectionlint.org/library/sigma-aws-vpc-flow-logs-deleted-26ed17f9 2026-04-25T13:57:01.317Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-private-keys-and-certificate-enumeration-70b71c53 2026-04-25T13:57:01.135Z monthly 0.6 https://detectionlint.org/library/sigma-potential-amsi-com-server-hijacking-fc7cd69f 2026-04-25T13:57:01.043Z monthly 0.6 https://detectionlint.org/library/spl-windows-ad-domain-controller-audit-policy-disabled-454dcf0a 2026-04-25T13:57:00.954Z monthly 0.6 https://detectionlint.org/library/spl-excessive-number-of-taskhost-processes-61d22ede 2026-04-25T13:57:00.771Z monthly 0.6 https://detectionlint.org/library/sigma-file-deleted-via-sysinternals-sdelete-0f298620 2026-04-25T13:57:00.682Z monthly 0.6 https://detectionlint.org/library/sigma-too-many-global-admins-c713b07d 2026-04-25T13:57:00.501Z monthly 0.6 https://detectionlint.org/library/sigma-flush-iptables-ufw-chain-0ae9d53c 2026-04-25T13:57:00.406Z monthly 0.6 https://detectionlint.org/library/sigma-run-once-task-configuration-in-registry-7cccedbf 2026-04-25T13:57:00.314Z monthly 0.6 https://detectionlint.org/library/spl-windows-credentials-from-password-stores-chrome-localstate-a-0e014f18 2026-04-25T13:57:00.226Z monthly 0.6 https://detectionlint.org/library/sigma-bpftrace-unsafe-option-usage-15bedde7 2026-04-25T13:57:00.133Z monthly 0.6 https://detectionlint.org/library/spl-print-spooler-failed-to-load-a-plug-in-be08ce5d 2026-04-25T13:56:59.861Z monthly 0.6 https://detectionlint.org/library/spl-windows-esx-admins-group-creation-security-event-1e13a352 2026-04-25T13:56:59.771Z monthly 0.6 https://detectionlint.org/library/sigma-dll-load-via-lsass-3d8bc369 2026-04-25T13:56:59.680Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-via-plistbuddy-cfe2a922 2026-04-25T13:56:59.588Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_cloudfront_insecure_ssl_policy-8327b22b 2026-04-25T13:56:59.497Z monthly 0.6 https://detectionlint.org/library/sigma-system-and-hardware-information-discovery-9d6a2f70 2026-04-25T13:56:59.407Z monthly 0.6 https://detectionlint.org/library/sigma-obfuscated-powershell-msi-install-via-windowsinstaller-com-5c25cad0 2026-04-25T13:56:59.315Z monthly 0.6 https://detectionlint.org/library/sigma-remote-schedule-task-lateral-movement-via-sasec-e15b0896 2026-04-25T13:56:59.224Z monthly 0.6 https://detectionlint.org/library/spl-windows-forest-discovery-with-getforestdomain-c58731d0 2026-04-25T13:56:59.135Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-preload-hijack-via-preload-file-17b77394 2026-04-25T13:56:59.042Z monthly 0.6 https://detectionlint.org/library/spl-suspicious-rundll32-startw-a9b4a406 2026-04-25T13:56:58.952Z monthly 0.6 https://detectionlint.org/library/sigma-new-bginfoexe-custom-vbscript-registry-configuration-16d7a4a6 2026-04-25T13:56:58.859Z monthly 0.6 https://detectionlint.org/library/sigma-ntdsdit-creation-by-uncommon-process-4436b490 2026-04-25T13:56:58.769Z monthly 0.6 https://detectionlint.org/library/sigma-remote-access-tool---team-viewer-session-started-on-macos-ho-5b8689be 2026-04-25T13:56:58.703Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-microsoft-office-child-process---macos-6c705380 2026-04-25T13:56:58.671Z monthly 0.6 https://detectionlint.org/library/kql-unusual-remote-file-creation-23403cf6 2026-04-25T13:56:58.519Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-core-dll-loaded-via-office-application-610f59ca 2026-04-25T13:56:58.404Z monthly 0.6 https://detectionlint.org/library/sigma-google-workspace-user-granted-admin-privileges-96855645 2026-04-25T13:56:58.313Z monthly 0.6 https://detectionlint.org/library/kql-unusual-scheduled-task-update-0819aa95 2026-04-25T13:56:58.223Z monthly 0.6 https://detectionlint.org/library/sigma-google-cloud-kubernetes-cronjob-55926362 2026-04-25T13:56:58.131Z monthly 0.6 https://detectionlint.org/library/sigma-aslr-disabled-via-sysctl-or-direct-syscall---linux-f2c00c61 2026-04-25T13:56:58.043Z monthly 0.6 https://detectionlint.org/library/spl-windows-access-token-manipulation-winlogon-duplicate-token-h-ef81b66a 2026-04-25T13:56:57.952Z monthly 0.6 https://detectionlint.org/library/spl-rundll32-process-creating-exe-dll-files-1147684b 2026-04-25T13:56:57.863Z monthly 0.6 https://detectionlint.org/library/sigma-exchange-powershell-cmdlet-history-deleted-0ab458dd 2026-04-25T13:56:57.769Z monthly 0.6 https://detectionlint.org/library/spl-suspicious-plistbuddy-usage-via-osquery-adeb1c9e 2026-04-25T13:56:57.681Z monthly 0.6 https://detectionlint.org/library/sigma-uac-secure-desktop-prompt-disabled-3bee1dd3 2026-04-25T13:56:57.590Z monthly 0.6 https://detectionlint.org/library/spl-rundll-loading-dll-by-ordinal-1786256e 2026-04-25T13:56:57.502Z monthly 0.6 https://detectionlint.org/library/sigma-potential-attachment-manager-settings-attachments-tamper-b22841da 2026-04-25T13:56:57.405Z monthly 0.6 https://detectionlint.org/library/spl-windows-ad-dcshadow-privileges-acl-addition-caa55d00 2026-04-25T13:56:57.314Z monthly 0.6 https://detectionlint.org/library/sigma-pim-alert-setting-changes-to-disabled-68afe6f6 2026-04-25T13:56:57.223Z monthly 0.6 https://detectionlint.org/library/sigma-code-executed-via-office-add-in-xll-file-1eef0f77 2026-04-25T13:56:57.132Z monthly 0.6 https://detectionlint.org/library/spl-windows-esx-admins-group-creation-via-net-4e7c4aa2 2026-04-25T13:56:57.041Z monthly 0.6 https://detectionlint.org/library/sigma-password-reset-by-user-account-5a648dbd 2026-04-25T13:56:56.949Z monthly 0.6 https://detectionlint.org/library/spl-detect-regsvr32-application-control-bypass-383f7479 2026-04-25T13:56:56.859Z monthly 0.6 https://detectionlint.org/library/sigma-bitbucket-audit-log-configuration-updated-020babb0 2026-04-25T13:56:56.766Z monthly 0.6 https://detectionlint.org/library/spl-rundll32-with-no-command-line-arguments-with-network-c9f4864b 2026-04-25T13:56:56.674Z monthly 0.6 https://detectionlint.org/library/spl-rundll32-control-rundll-world-writable-directory-703f96fa 2026-04-25T13:56:56.584Z monthly 0.6 https://detectionlint.org/library/spl-detect-renamed-winrar-12285c0b 2026-04-25T13:56:56.493Z monthly 0.6 https://detectionlint.org/library/sigma-office-autorun-keys-modification-18d4fe56 2026-04-25T13:56:56.402Z monthly 0.6 https://detectionlint.org/library/sigma-cisco-local-accounts-8dc681bb 2026-04-25T13:56:56.309Z monthly 0.6 https://detectionlint.org/library/kql-conditional-access-policy-modified-by-new-user-0327c6e1 2026-04-25T13:56:56.130Z monthly 0.6 https://detectionlint.org/library/sigma-potential-xcsset-malware-infection-c6f9bb83 2026-04-25T13:56:56.036Z monthly 0.6 https://detectionlint.org/library/spl-mshta-spawning-rundll32-or-regsvr32-process-2e93a274 2026-04-25T13:56:55.948Z monthly 0.6 https://detectionlint.org/library/spl-cisco-isovalent---curl-execution-with-insecure-flags-58d45304 2026-04-25T13:56:55.764Z monthly 0.6 https://detectionlint.org/library/sigma-privileged-account-creation-14c7a589 2026-04-25T13:56:55.674Z monthly 0.6 https://detectionlint.org/library/spl-execution-of-file-with-multiple-extensions-2409ce20 2026-04-25T13:56:55.583Z monthly 0.6 https://detectionlint.org/library/sigma-antivirus-relevant-file-paths-alerts-024d55ff 2026-04-25T13:56:55.491Z monthly 0.6 https://detectionlint.org/library/spl-windows-compatibility-telemetry-tampering-through-registry-42526ff0 2026-04-25T13:56:55.400Z monthly 0.6 https://detectionlint.org/library/sigma-dotnet-clr-dll-loaded-by-scripting-applications-08cfc0a6 2026-04-25T13:56:55.335Z monthly 0.6 https://detectionlint.org/library/sigma-system-integrity-protection-sip-enumeration-b80e7e9d 2026-04-25T13:56:55.232Z monthly 0.6 https://detectionlint.org/library/spl-linux-ingress-tool-transfer-hunting-bdb17678 2026-04-25T13:56:55.113Z monthly 0.6 https://detectionlint.org/library/kql-web-shell-detection-script-process-child-of-common-web-proce-8c4aa39b 2026-04-25T13:56:54.833Z monthly 0.6 https://detectionlint.org/library/sigma-file-and-directory-discovery---macos-3d53ad19 2026-04-25T13:56:54.776Z monthly 0.6 https://detectionlint.org/library/spl-linux-service-file-created-in-systemd-directory-6d14c26a 2026-04-25T13:56:54.478Z monthly 0.6 https://detectionlint.org/library/sigma-remote-schedule-task-recon-via-atscv-6a67478e 2026-04-25T13:56:54.294Z monthly 0.6 https://detectionlint.org/library/spl-linux-indicator-removal-service-file-deletion-7456f6dc 2026-04-25T13:56:54.205Z monthly 0.6 https://detectionlint.org/library/sigma-steganography-extract-files-with-steghide-d15f5d4e 2026-04-25T13:56:54.160Z monthly 0.6 https://detectionlint.org/library/spl-linux-add-files-in-known-crontab-directories-4ed2f0f1 2026-04-25T13:56:54.105Z monthly 0.6 https://detectionlint.org/library/spl-add-or-set-windows-defender-exclusion-9d65135e 2026-04-25T13:56:54.015Z monthly 0.6 https://detectionlint.org/library/sigma-kubernetes-unauthorized-or-unauthenticated-access-fe09135f 2026-04-25T13:56:53.972Z monthly 0.6 https://detectionlint.org/library/kql-ad-fs-abnormal-eku-object-identifier-attribute-c9e21e88 2026-04-25T13:56:53.971Z monthly 0.6 https://detectionlint.org/library/sigma-azure-firewall-modified-or-deleted-1dc8e9f1 2026-04-25T13:56:50.051Z monthly 0.6 https://detectionlint.org/library/spl-windows-audit-policy-auditing-option-modified---registry-0289e7fc 2026-04-25T13:56:49.960Z monthly 0.6 https://detectionlint.org/library/spl-windows-deleted-registry-by-a-non-critical-process-file-path-e7b3c82d 2026-04-25T13:56:49.869Z monthly 0.6 https://detectionlint.org/library/spl-file-with-samsam-extension-088fa7e3 2026-04-25T13:56:49.777Z monthly 0.6 https://detectionlint.org/library/spl-suspicious-msbuild-rename-87403456 2026-04-25T13:56:49.504Z monthly 0.6 https://detectionlint.org/library/sigma-wmic-unquoted-services-path-lookup---powershell-0097243a 2026-04-25T13:56:49.411Z monthly 0.6 https://detectionlint.org/library/sigma-cobalt-strike-dns-beaconing-427596be 2026-04-25T13:56:49.320Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-wmi-win32_product-install-msi-49de00ca 2026-04-25T13:56:49.230Z monthly 0.6 https://detectionlint.org/library/sigma-user-added-to-privilege-role-9543278f 2026-04-25T13:56:49.139Z monthly 0.6 https://detectionlint.org/library/sigma-process-deletion-of-its-own-executable-a3329c5b 2026-04-25T13:56:49.047Z monthly 0.6 https://detectionlint.org/library/kql-abnormally-large-dns-response-30b46506 2026-04-25T13:56:48.955Z monthly 0.6 https://detectionlint.org/library/sigma-system-information-discovery-via-sysctl---macos-f5d6b728 2026-04-25T13:56:48.866Z monthly 0.6 https://detectionlint.org/library/kql-rpc-remote-procedure-call-from-the-internet-2406bbbc 2026-04-25T13:56:48.776Z monthly 0.6 https://detectionlint.org/library/spl-rundll32-control-rundll-hunt-69c6a85e 2026-04-25T13:56:48.685Z monthly 0.6 https://detectionlint.org/library/sigma-triple-cross-ebpf-rootkit-install-commands-3343555d 2026-04-25T13:56:48.593Z monthly 0.6 https://detectionlint.org/library/sigma-ads-zoneidentifier-deleted-by-uncommon-application-3a3c5dba 2026-04-25T13:56:48.502Z monthly 0.6 https://detectionlint.org/library/sigma-invalid-pim-license-61042efa 2026-04-25T13:56:48.411Z monthly 0.6 https://detectionlint.org/library/sigma-kerberos-network-traffic-rc4-ticket-encryption-7cd43c7f 2026-04-25T13:56:48.322Z monthly 0.6 https://detectionlint.org/library/kql-zoom-meeting-with-no-passcode-4550b939 2026-04-25T13:56:48.229Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-invoke-item-from-mount-diskimage-f0c8524b 2026-04-25T13:56:48.138Z monthly 0.6 https://detectionlint.org/library/spl-schcache-change-by-app-connect-and-create-adsi-object-0cf44e24 2026-04-25T13:56:47.957Z monthly 0.6 https://detectionlint.org/library/sigma-change-user-agents-with-webrequest-8b4b7641 2026-04-25T13:56:47.773Z monthly 0.6 https://detectionlint.org/library/sigma-clearing-windows-console-history-70266005 2026-04-25T13:56:47.682Z monthly 0.6 https://detectionlint.org/library/sigma-gatekeeper-bypass-via-xattr-ecf9f57e 2026-04-25T13:56:47.590Z monthly 0.6 https://detectionlint.org/library/sigma-microsoft-sync-center-suspicious-network-connections-24e28f7c 2026-04-25T13:56:47.501Z monthly 0.6 https://detectionlint.org/library/sigma-etw-logging-disabled-in-net-processes---sysmon-registry-d0fb146d 2026-04-25T13:56:47.408Z monthly 0.6 https://detectionlint.org/library/sigma-roles-assigned-outside-pim-3adfd213 2026-04-25T13:56:47.316Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-msexchangemailboxreplication-aspx-write-588911a8 2026-04-25T13:56:47.227Z monthly 0.6 https://detectionlint.org/library/sigma-potential-wazuh-security-platform-dll-sideloading-549e20f4 2026-04-25T13:56:47.045Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_backup_plan_deleted-5e0d9247 2026-04-25T13:56:46.954Z monthly 0.6 https://detectionlint.org/library/spl-add-defaultuser-and-password-in-registry-84ef2f58 2026-04-25T13:56:46.862Z monthly 0.6 https://detectionlint.org/library/sigma-winsock2-autorun-keys-modification-39720134 2026-04-25T13:56:46.771Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-download-and-execution-cradles-cc1e5ca6 2026-04-25T13:56:46.679Z monthly 0.6 https://detectionlint.org/library/sigma-new-ca-policy-by-non-approved-actor-e508406e 2026-04-25T13:56:46.588Z monthly 0.6 https://detectionlint.org/library/kql-unusual-process-modifying-genai-configuration-file-b2d73134 2026-04-25T13:56:46.507Z monthly 0.6 https://detectionlint.org/library/kql-user-state-changed-from-guest-to-member-e37efb12 2026-04-25T13:56:46.406Z monthly 0.6 https://detectionlint.org/library/spl-windows-credentials-in-registry-reg-query-a616326c 2026-04-25T13:56:46.338Z monthly 0.6 https://detectionlint.org/library/sigma-opencanary---rdp-new-connection-attempt-690ae2a1 2026-04-25T13:56:46.225Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_high_number_of_unknown_user_authentication_attempts-c2a02c2b 2026-04-25T13:56:46.135Z monthly 0.6 https://detectionlint.org/library/sigma-sticky-key-like-backdoor-usage---registry-a7f5c424 2026-04-25T13:56:46.044Z monthly 0.6 https://detectionlint.org/library/sigma-remote-registry-recon-3b179a20 2026-04-25T13:56:45.954Z monthly 0.6 https://detectionlint.org/library/spl-windows-defender-exclusion-registry-entry-a776194c 2026-04-25T13:56:45.861Z monthly 0.6 https://detectionlint.org/library/kql-rdp-remote-desktop-protocol-from-the-internet-23841a90 2026-04-25T13:56:45.768Z monthly 0.6 https://detectionlint.org/library/spl-suspicious-kerberos-service-ticket-request-7aa8dba0 2026-04-25T13:56:45.680Z monthly 0.6 https://detectionlint.org/library/spl-suspicious-ticket-granting-ticket-request-3432de34 2026-04-25T13:56:45.589Z monthly 0.6 https://detectionlint.org/library/sigma-aws-iam-s3browser-user-or-accesskey-creation-240d8e75 2026-04-25T13:56:45.497Z monthly 0.6 https://detectionlint.org/library/spl-windows-ad-replication-request-initiated-by-user-account-be09f2a5 2026-04-25T13:56:45.406Z monthly 0.6 https://detectionlint.org/library/sigma-system-info-discovery-via-sysinfo-syscall-db335a70 2026-04-25T13:56:45.316Z monthly 0.6 https://detectionlint.org/library/spl-windows-defender-asr-block-events-b053d882 2026-04-25T13:56:45.222Z monthly 0.6 https://detectionlint.org/library/sigma-bitbucket-unauthorized-access-to-a-resource-2e816d07 2026-04-25T13:56:45.135Z monthly 0.6 https://detectionlint.org/library/spl-windows-attempt-to-stop-security-service-65507c4c 2026-04-25T13:56:45.042Z monthly 0.6 https://detectionlint.org/library/sigma-winlogon-notify-key-logon-persistence-b9381221 2026-04-25T13:56:44.953Z monthly 0.6 https://detectionlint.org/library/sigma-aws-saml-provider-deletion-activity-ed86afc5 2026-04-25T13:56:44.859Z monthly 0.6 https://detectionlint.org/library/kql-suspicious-seincreasebasepriorityprivilege-use-0642b9d6 2026-04-25T13:56:44.770Z monthly 0.6 https://detectionlint.org/library/spl-remote-process-instantiation-via-wmi-and-powershell-897686b0 2026-04-25T13:56:44.682Z monthly 0.6 https://detectionlint.org/library/kql-network-activity-detected-via-kworker-33754f75 2026-04-25T13:56:44.603Z monthly 0.6 https://detectionlint.org/library/spl-windows-account-discovery-with-netuser-preauthnotrequire-0b42176b 2026-04-25T13:56:44.496Z monthly 0.6 https://detectionlint.org/library/sigma-ie-change-domain-zone-9a4b8ccf 2026-04-25T13:56:44.407Z monthly 0.6 https://detectionlint.org/library/kql-possible-resource-based-constrained-delegation-abuse-718823cf 2026-04-25T13:56:44.223Z monthly 0.6 https://detectionlint.org/library/sigma-new-root-certificate-authority-added-610e2262 2026-04-25T13:56:44.131Z monthly 0.6 https://detectionlint.org/library/sigma-gcp-access-policy-deleted-66e6bea1 2026-04-25T13:56:44.039Z monthly 0.6 https://detectionlint.org/library/sigma-allow-rdp-remote-assistance-feature-86be0064 2026-04-25T13:56:43.949Z monthly 0.6 https://detectionlint.org/library/spl-modify-acl-permission-to-files-or-folder-679e5395 2026-04-25T13:56:43.858Z monthly 0.6 https://detectionlint.org/library/sigma-webshell-regeorg-detection-via-web-logs-b76510bd 2026-04-25T13:56:43.767Z monthly 0.6 https://detectionlint.org/library/spl-log4shell-cve-2021-44228-exploitation-119160af 2026-04-25T13:56:43.677Z monthly 0.6 https://detectionlint.org/library/kql-potential-privilege-escalation-via-linux-dac-permissions-375b3391 2026-04-25T13:56:43.578Z monthly 0.6 https://detectionlint.org/library/sigma-potential-hidden-directory-creation-via-ntfs-index_allocatio-1cfc2d32 2026-04-25T13:56:43.488Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-console-history-logs-deleted-41677c21 2026-04-25T13:56:43.396Z monthly 0.6 https://detectionlint.org/library/sigma-gcp-break-glass-container-workload-deployed-35e60c47 2026-04-25T13:56:43.307Z monthly 0.6 https://detectionlint.org/library/sigma-hypervisor-enforced-paging-translation-disabled-dbb58687 2026-04-25T13:56:43.218Z monthly 0.6 https://detectionlint.org/library/sigma-etw-logging-disabled-for-scm-c6bc8251 2026-04-25T13:56:42.940Z monthly 0.6 https://detectionlint.org/library/sigma-transferring-files-with-credential-data-via-network-shares---2f2ceb76 2026-04-25T13:56:42.849Z monthly 0.6 https://detectionlint.org/library/spl-set-default-powershell-execution-policy-to-unrestricted-or-b-0c750f9a 2026-04-25T13:56:42.761Z monthly 0.6 https://detectionlint.org/library/sigma-potential-remotefxvgpudisablementexe-abuse---powershell-modu-b58ef812 2026-04-25T13:56:42.667Z monthly 0.6 https://detectionlint.org/library/sigma-potential-server-side-template-injection-in-velocity-859dd6dc 2026-04-25T13:56:42.486Z monthly 0.6 https://detectionlint.org/library/sigma-aws-iam-s3browser-loginprofile-creation-2a15e26d 2026-04-25T13:56:42.396Z monthly 0.6 https://detectionlint.org/library/spl-anomalous-usage-of-7zip-fb6965cc 2026-04-25T13:56:42.303Z monthly 0.6 https://detectionlint.org/library/sigma-office-macros-warning-disabled-8de80bf3 2026-04-25T13:56:42.213Z monthly 0.6 https://detectionlint.org/library/spl-suspicious-writes-to-windows-recycle-bin-006d23d4 2026-04-25T13:56:42.121Z monthly 0.6 https://detectionlint.org/library/sigma-history-file-deletion-9c3bf792 2026-04-25T13:56:42.029Z monthly 0.6 https://detectionlint.org/library/sigma-hidden-files-and-directories-b6e389ca 2026-04-25T13:56:41.848Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-file-created-in-outlook-temporary-directory-e3ffc5b7 2026-04-25T13:56:41.757Z monthly 0.6 https://detectionlint.org/library/sigma-winlogon-helper-dll-5190e979 2026-04-25T13:56:41.668Z monthly 0.6 https://detectionlint.org/library/spl-windows-disable-windows-group-policy-features-through-regist-a711dbcd 2026-04-25T13:56:41.485Z monthly 0.6 https://detectionlint.org/library/sigma-change-powershell-policies-to-an-insecure-level---powershell-6b22b572 2026-04-25T13:56:41.394Z monthly 0.6 https://detectionlint.org/library/sigma-access-to-windows-dpapi-master-keys-by-uncommon-applications-231e075f 2026-04-25T13:56:41.213Z monthly 0.6 https://detectionlint.org/library/sigma-azure-subscription-permission-elevation-via-activitylogs-030f2a3b 2026-04-25T13:56:41.120Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-powershell-in-registry-run-keys-9f29e040 2026-04-25T13:56:41.030Z monthly 0.6 https://detectionlint.org/library/sigma-antivirus-filter-driver-disallowed-on-dev-drive---registry-8be00fca 2026-04-25T13:56:40.939Z monthly 0.6 https://detectionlint.org/library/spl-windows-credentials-from-password-stores-chrome-extension-ac-62b5fe27 2026-04-25T13:56:40.847Z monthly 0.6 https://detectionlint.org/library/sigma-enable-local-manifest-installation-with-winget-7919bd2a 2026-04-25T13:56:40.756Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-file-created-by-arcsocexe-c28d3b0a 2026-04-25T13:56:40.665Z monthly 0.6 https://detectionlint.org/library/sigma-azure-device-or-configuration-modified-or-deleted-b7eba6d5 2026-04-25T13:56:40.577Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-via-mycomputer-registry-keys-8ed436ca 2026-04-25T13:56:40.483Z monthly 0.6 https://detectionlint.org/library/sigma-remove-account-from-domain-admin-group-039c163f 2026-04-25T13:56:40.391Z monthly 0.6 https://detectionlint.org/library/sigma-user-has-been-deleted-via-userdel-9e496bef 2026-04-25T13:56:40.308Z monthly 0.6 https://detectionlint.org/library/sigma-wow6432node-windows-nt-currentversion-autorun-keys-modificat-f5628a21 2026-04-25T13:56:40.211Z monthly 0.6 https://detectionlint.org/library/sigma-new-outlook-macro-created-5635721d 2026-04-25T13:56:40.120Z monthly 0.6 https://detectionlint.org/library/spl-detect-copy-of-shadowcopy-with-script-block-logging-28837336 2026-04-25T13:56:40.028Z monthly 0.6 https://detectionlint.org/library/spl-fodhelper-uac-bypass-885d123f 2026-04-25T13:56:39.936Z monthly 0.6 https://detectionlint.org/library/spl-windows-curl-upload-to-remote-destination-29c1d832 2026-04-25T13:56:39.846Z monthly 0.6 https://detectionlint.org/library/spl-macos-hidden-files-and-directories-0ce1059e 2026-04-25T13:56:39.755Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-non-browser-network-communication-with-telegram-a-47e200ea 2026-04-25T13:56:39.667Z monthly 0.6 https://detectionlint.org/library/kql-suspicious-usage-of-bpf_probe_write_user-helper-e5b34781 2026-04-25T13:56:39.482Z monthly 0.6 https://detectionlint.org/library/sigma-baaupdateexe-suspicious-dll-load-58bf3ae6 2026-04-25T13:56:39.391Z monthly 0.6 https://detectionlint.org/library/spl-suspicious-icedid-rundll32-cmdline-80b6e357 2026-04-25T13:56:39.301Z monthly 0.6 https://detectionlint.org/library/kql-potential-pass-the-hash-pth-attempt-93793faf 2026-04-25T13:56:39.209Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-via-globalflags-00acfa84 2026-04-25T13:56:39.121Z monthly 0.6 https://detectionlint.org/library/spl-reg-exe-manipulating-windows-services-registry-keys-d7f0520d 2026-04-25T13:56:39.029Z monthly 0.6 https://detectionlint.org/library/spl-elevated-group-discovery-with-powerview-a86dd2cf 2026-04-25T13:56:38.994Z monthly 0.6 https://detectionlint.org/library/kql-nrt-malicious-inbox-rule-b78187a0 2026-04-25T13:56:38.927Z monthly 0.6 https://detectionlint.org/library/sigma-time-machine-backup-deletion-attempt-via-tmutil---macos-25da3a8d 2026-04-25T13:56:38.849Z monthly 0.6 https://detectionlint.org/library/spl-windows-administrative-shares-accessed-on-multiple-hosts-a0bf6db3 2026-04-25T13:56:38.833Z monthly 0.6 https://detectionlint.org/library/spl-windows-advanced-installer-msix-with-ai_stubs-execution-ca7e3d5b 2026-04-25T13:56:38.810Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-execution-of-powershell-with-base64-321cd982 2026-04-25T13:55:49.574Z monthly 0.6 https://detectionlint.org/library/spl-windows-file-download-via-powershell-868a86e0 2026-04-25T13:55:49.486Z monthly 0.6 https://detectionlint.org/library/spl-windows-ad-gpo-deleted-c7a76b19 2026-04-25T13:55:49.392Z monthly 0.6 https://detectionlint.org/library/sigma-gzip-archive-decode-via-powershell-f4d17159 2026-04-25T13:55:49.301Z monthly 0.6 https://detectionlint.org/library/sigma-uefi-persistence-via-wpbbin---filecreation-86868907 2026-04-25T13:55:49.212Z monthly 0.6 https://detectionlint.org/library/spl-change-to-safe-mode-with-network-config-a72d2cb5 2026-04-25T13:55:49.119Z monthly 0.6 https://detectionlint.org/library/spl-windows-file-and-directory-permissions-remove-inheritance-6c993eb2 2026-04-25T13:55:48.939Z monthly 0.6 https://detectionlint.org/library/kql-potential-syn-based-port-scan-detected-dfc157aa 2026-04-25T13:55:48.848Z monthly 0.6 https://detectionlint.org/library/sigma-potential-smadhookdll-sideloading-824f4c36 2026-04-25T13:55:48.755Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_excessive_successful_discovery_events-e2ef6d1a 2026-04-25T13:55:48.666Z monthly 0.6 https://detectionlint.org/library/spl-windows-chromium-process-launched-with-logging-disabled-49688b07 2026-04-25T13:55:48.577Z monthly 0.6 https://detectionlint.org/library/sigma-windows-credential-guard-disabled---registry-13610bfb 2026-04-25T13:55:48.483Z monthly 0.6 https://detectionlint.org/library/sigma-use-get-nettcpconnection-5aaea336 2026-04-25T13:55:48.393Z monthly 0.6 https://detectionlint.org/library/sigma-download-from-suspicious-tld---whitelist-e2dec419 2026-04-25T13:55:48.307Z monthly 0.6 https://detectionlint.org/library/spl-windows-appx-deployment-package-installation-success-5f60dad8 2026-04-25T13:55:48.211Z monthly 0.6 https://detectionlint.org/library/sigma-opencanary---telnet-login-attempt-4adb13f3 2026-04-25T13:55:48.120Z monthly 0.6 https://detectionlint.org/library/spl-windows-defender-asr-audit-events-b0aff3bb 2026-04-25T13:55:48.031Z monthly 0.6 https://detectionlint.org/library/sigma-potential-vivaldi_elfdll-sideloading-f22e4ea1 2026-04-25T13:55:47.938Z monthly 0.6 https://detectionlint.org/library/spl-icedid-exfiltrated-archived-file-creation-84dfae6d 2026-04-25T13:55:47.847Z monthly 0.6 https://detectionlint.org/library/spl-enable-rdp-in-other-port-number-e68ea19e 2026-04-25T13:55:47.756Z monthly 0.6 https://detectionlint.org/library/sigma-potential-bucket-enumeration-on-aws-9aa68b0f 2026-04-25T13:55:47.390Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-file-access-to-browser-credential-storage-497cdabe 2026-04-25T13:55:47.298Z monthly 0.6 https://detectionlint.org/library/sigma-time-machine-backup-disabled-via-tmutil---macos-47aeb8c7 2026-04-25T13:55:47.208Z monthly 0.6 https://detectionlint.org/library/sigma-local-network-connection-initiated-by-script-interpreter-71d30e10 2026-04-25T13:55:47.118Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_config_service_modified-8f29a738 2026-04-25T13:55:47.028Z monthly 0.6 https://detectionlint.org/library/spl-registry-keys-used-for-persistence-9785445a 2026-04-25T13:55:46.936Z monthly 0.6 https://detectionlint.org/library/spl-linux-persistence-and-privilege-escalation-risk-behavior-f5743292 2026-04-25T13:55:46.843Z monthly 0.6 https://detectionlint.org/library/sigma-shell-execution-of-process-located-in-tmp-directory-295c097b 2026-04-25T13:55:46.753Z monthly 0.6 https://detectionlint.org/library/sigma-hide-schedule-task-via-index-value-tamper-ea7eb938 2026-04-25T13:55:46.665Z monthly 0.6 https://detectionlint.org/library/sigma-uac-bypass-using-ieinstal---file-772a6411 2026-04-25T13:55:46.571Z monthly 0.6 https://detectionlint.org/library/spl-windows-cisco-secure-endpoint-unblock-file-via-sfc-eef5f100 2026-04-25T13:55:46.493Z monthly 0.6 https://detectionlint.org/library/sigma-pst-export-alert-using-new-compliancesearchaction-bde39055 2026-04-25T13:55:46.474Z monthly 0.6 https://detectionlint.org/library/kql-systemd-service-started-by-unusual-parent-process-321c5f83 2026-04-25T13:55:46.434Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-file-creation-in-uncommon-appdata-folder-ba48d803 2026-04-25T13:55:46.315Z monthly 0.6 https://detectionlint.org/library/kql-potential-shadow-file-read-via-command-line-utilities-68f0ce93 2026-04-25T13:55:46.309Z monthly 0.6 https://detectionlint.org/library/sigma-disable-windows-security-center-notifications-770d542c 2026-04-25T13:55:46.026Z monthly 0.6 https://detectionlint.org/library/spl-modification-of-wallpaper-eb93825e 2026-04-25T13:55:45.935Z monthly 0.6 https://detectionlint.org/library/sigma-teamviewer-log-file-deleted-594877e0 2026-04-25T13:55:45.844Z monthly 0.6 https://detectionlint.org/library/sigma-potential-attachment-manager-settings-associations-tamper-33c021a6 2026-04-25T13:55:45.664Z monthly 0.6 https://detectionlint.org/library/sigma-cmstp-execution-registry-event-6766b418 2026-04-25T13:55:45.571Z monthly 0.6 https://detectionlint.org/library/sigma-user-access-blocked-by-azure-conditional-access-b0466860 2026-04-25T13:55:45.482Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_cloudtrail_logging_tampered-1966e041 2026-04-25T13:55:45.390Z monthly 0.6 https://detectionlint.org/library/sigma-windows-defender-exclusions-added---registry-777b79b2 2026-04-25T13:55:45.300Z monthly 0.6 https://detectionlint.org/library/spl-windows-defender-asr-registry-modification-c252ae0d 2026-04-25T13:55:45.026Z monthly 0.6 https://detectionlint.org/library/sigma-copy-passwd-or-shadow-from-tmp-path-fdf0a32b 2026-04-25T13:55:44.934Z monthly 0.6 https://detectionlint.org/library/sigma-google-cloud-vpn-tunnel-modified-or-deleted-7dbd2c99 2026-04-25T13:55:44.844Z monthly 0.6 https://detectionlint.org/library/spl-allow-inbound-traffic-in-firewall-rule-8fbac985 2026-04-25T13:55:44.755Z monthly 0.6 https://detectionlint.org/library/sigma-uac-bypass-using-windows-media-player---registry-47c73b73 2026-04-25T13:55:44.662Z monthly 0.6 https://detectionlint.org/library/spl-windows-gather-victim-host-information-camera-109e263b 2026-04-25T13:55:44.573Z monthly 0.6 https://detectionlint.org/library/kql-multiple-rdp-connections-from-single-system-5fb1cad0 2026-04-25T13:55:44.481Z monthly 0.6 https://detectionlint.org/library/spl-linux-file-creation-in-profile-directory-f4816ce8 2026-04-25T13:55:44.209Z monthly 0.6 https://detectionlint.org/library/sigma-uac-bypass-using-idiagnostic-profile---file-b8c3c9ea 2026-04-25T13:55:44.117Z monthly 0.6 https://detectionlint.org/library/sigma-potential-roboformdll-sideloading-12ed1921 2026-04-25T13:55:43.934Z monthly 0.6 https://detectionlint.org/library/kql-suspicious-named-pipe-creation-02ba5dd8 2026-04-25T13:55:43.844Z monthly 0.6 https://detectionlint.org/library/sigma-tomcat-webserver-logs-deleted-686de725 2026-04-25T13:55:43.751Z monthly 0.6 https://detectionlint.org/library/spl-macos-amos-stealer---virtual-machine-check-activity-2b7966cc 2026-04-25T13:55:43.660Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-appended-extension-d0661276 2026-04-25T13:55:43.570Z monthly 0.6 https://detectionlint.org/library/spl-windows-event-triggered-image-file-execution-options-injecti-204c419b 2026-04-25T13:55:43.480Z monthly 0.6 https://detectionlint.org/library/sigma-aws-efs-fileshare-mount-modified-or-deleted-ee799695 2026-04-25T13:55:43.388Z monthly 0.6 https://detectionlint.org/library/sigma-potential-7zadll-sideloading-175b2577 2026-04-25T13:55:43.299Z monthly 0.6 https://detectionlint.org/library/sigma-rbac-permission-enumeration-attempt-ae1b5e89 2026-04-25T13:55:43.208Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-history-file-operations---linux-6e1a3550 2026-04-25T13:55:43.117Z monthly 0.6 https://detectionlint.org/library/sigma-uncommon-file-creation-by-mysql-daemon-process-6d357abe 2026-04-25T13:55:43.024Z monthly 0.6 https://detectionlint.org/library/spl-domain-account-discovery-with-dsquery-36ced12d 2026-04-25T13:55:42.933Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-printer-driver-empty-manufacturer-ac06509a 2026-04-25T13:55:42.841Z monthly 0.6 https://detectionlint.org/library/spl-dump-lsass-via-comsvcs-dll-86d41183 2026-04-25T13:55:42.750Z monthly 0.6 https://detectionlint.org/library/sigma-data-exfiltration-to-unsanctioned-apps-2192f79a 2026-04-25T13:55:42.660Z monthly 0.6 https://detectionlint.org/library/spl-windows-archive-collected-data-via-rar-a07afc94 2026-04-25T13:55:42.476Z monthly 0.6 https://detectionlint.org/library/sigma-azure-kubernetes-admission-controller-7c6bad7c 2026-04-25T13:55:42.384Z monthly 0.6 https://detectionlint.org/library/spl-linux-nopasswd-entry-in-sudoers-file-baf42b72 2026-04-25T13:55:42.294Z monthly 0.6 https://detectionlint.org/library/sigma-enable-bpf-kprobes-tracing-417a5b50 2026-04-25T13:55:42.202Z monthly 0.6 https://detectionlint.org/library/sigma-potential-dll-sideloading-via-comctl32dll-ff079053 2026-04-25T13:55:42.111Z monthly 0.6 https://detectionlint.org/library/spl-windows-get-adcomputer-unconstrained-delegation-discovery-5105a3a3 2026-04-25T13:55:41.930Z monthly 0.6 https://detectionlint.org/library/sigma-aws-elasticache-security-group-modified-or-deleted-6a4cb1cd 2026-04-25T13:55:41.837Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-hidden-files-and-directories-creation-a8da5ba9 2026-04-25T13:55:41.749Z monthly 0.6 https://detectionlint.org/library/spl-shai-hulud-workflow-file-creation-or-modification-4272b7fa 2026-04-25T13:55:41.658Z monthly 0.6 https://detectionlint.org/library/sigma-scheduled-taskjob-at-07b42b8e 2026-04-25T13:55:41.565Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-powershell-download-f17ec405 2026-04-25T13:55:41.474Z monthly 0.6 https://detectionlint.org/library/spl-suspicious-scheduled-task-from-public-directory-dab6898d 2026-04-25T13:55:41.383Z monthly 0.6 https://detectionlint.org/library/sigma-triple-cross-ebpf-rootkit-execve-hijack-70cd33c6 2026-04-25T13:55:41.291Z monthly 0.6 https://detectionlint.org/library/kql-midnight-blizzard---script-payload-stored-in-registry-b8d06d50 2026-04-25T13:55:41.201Z monthly 0.6 https://detectionlint.org/library/sigma-azure-network-security-configuration-modified-or-deleted-bfe60782 2026-04-25T13:55:41.111Z monthly 0.6 https://detectionlint.org/library/sigma-dpapi-backup-keys-and-certificate-export-activity-ioc-bec6c923 2026-04-25T13:55:41.020Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-unblock-file-266582a9 2026-04-25T13:55:40.928Z monthly 0.6 https://detectionlint.org/library/spl-excessive-usage-of-nslookup-app-e348dac2 2026-04-25T13:55:40.748Z monthly 0.6 https://detectionlint.org/library/sigma-registry-disable-system-restore-72aac5a2 2026-04-25T13:55:40.655Z monthly 0.6 https://detectionlint.org/library/sigma-com-hijacking-via-treatas-3fe904bd 2026-04-25T13:55:40.564Z monthly 0.6 https://detectionlint.org/library/spl-regsvr32-silent-and-install-param-dll-loading-38e862ea 2026-04-25T13:55:40.474Z monthly 0.6 https://detectionlint.org/library/spl-curl-execution-with-percent-encoded-url-15afd394 2026-04-25T13:55:40.383Z monthly 0.6 https://detectionlint.org/library/sigma-linux-setuid-capability-set-on-a-binary-via-setcap-utility-f9aea03b 2026-04-25T13:55:40.291Z monthly 0.6 https://detectionlint.org/library/sigma-potential-data-exfiltration-via-audio-file-09165f3c 2026-04-25T13:55:40.200Z monthly 0.6 https://detectionlint.org/library/sigma-new-portproxy-registry-entry-added-dfe9c15d 2026-04-25T13:55:40.109Z monthly 0.6 https://detectionlint.org/library/sigma-microsoft-365---user-restricted-from-sending-email-8a8d6159 2026-04-25T13:55:40.018Z monthly 0.6 https://detectionlint.org/library/sigma-lsass-process-dump-artefact-in-crashdumps-folder-0f0c52cf 2026-04-25T13:55:39.927Z monthly 0.6 https://detectionlint.org/library/spl-windows-ad-hidden-ou-creation-f600e976 2026-04-25T13:55:39.866Z monthly 0.6 https://detectionlint.org/library/sigma-indicator-removal-on-host---clear-mac-system-logs-62d5b16a 2026-04-25T13:55:39.831Z monthly 0.6 https://detectionlint.org/library/sigma-first-time-seen-remote-named-pipe---zeek-1462ea44 2026-04-25T13:55:39.738Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-via-dllpathoverride-b6385d3c 2026-04-25T13:55:39.682Z monthly 0.6 https://detectionlint.org/library/sigma-wmiexec-default-output-file-ca93d942 2026-04-25T13:55:39.390Z monthly 0.6 https://detectionlint.org/library/sigma-azure-kubernetes-secret-or-config-object-access-e08d5d85 2026-04-25T13:55:39.292Z monthly 0.6 https://detectionlint.org/library/sigma-mask-system-power-settings-via-systemctl-aec63f66 2026-04-25T13:55:39.199Z monthly 0.6 https://detectionlint.org/library/sigma-bpfdoor-abnormal-process-id-or-lock-file-accessed-ec14ad2f 2026-04-25T13:55:39.017Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-self-extraction-directive-file-create-74a8ca46 2026-04-25T13:55:38.926Z monthly 0.6 https://detectionlint.org/library/spl-windows-file-and-directory-enable-readonly-permissions-d929ec84 2026-04-25T13:55:38.836Z monthly 0.6 https://detectionlint.org/library/sigma-zip-a-folder-with-powershell-for-staging-in-temp---powershel-912b9f1a 2026-04-25T13:55:38.743Z monthly 0.6 https://detectionlint.org/library/sigma-bitbucket-user-login-failure-via-ssh-3ba6488a 2026-04-25T13:55:38.653Z monthly 0.6 https://detectionlint.org/library/sigma-user-state-changed-from-guest-to-member-e4100085 2026-04-25T13:55:38.566Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-via-outlook-loadmacroprovideronboot-se-efa89b99 2026-04-25T13:55:38.473Z monthly 0.6 https://detectionlint.org/library/spl-windows-ad-domain-root-acl-deletion-4f7062cc 2026-04-25T13:55:38.463Z monthly 0.6 https://detectionlint.org/library/spl-get-aduserresultantpasswordpolicy-with-powershell-f0227722 2026-04-25T13:55:38.378Z monthly 0.6 https://detectionlint.org/library/kql-successful-ssh-authentication-from-unusual-ssh-public-key-ebc336f4 2026-04-25T13:55:38.297Z monthly 0.6 https://detectionlint.org/library/kql-suspicious-system-commands-executed-by-previously-unknown-ex-97a01a88 2026-04-25T13:55:38.293Z monthly 0.6 https://detectionlint.org/library/sigma-potential-credential-dumping-attempt-using-new-networkprovid-f55598b3 2026-04-25T13:55:38.279Z monthly 0.6 https://detectionlint.org/library/kql-modification-of-accessibility-features-0d111e22 2026-04-25T13:55:35.059Z monthly 0.6 https://detectionlint.org/library/sigma-potential-sidecar-injection-into-running-deployment-bfdf93c1 2026-04-25T13:55:34.876Z monthly 0.6 https://detectionlint.org/library/sigma-bitsadmin-to-uncommon-ip-server-address-83021c5b 2026-04-25T13:55:34.786Z monthly 0.6 https://detectionlint.org/library/sigma-potential-signing-bypass-via-windows-developer-features---re-8476cb28 2026-04-25T13:55:34.693Z monthly 0.6 https://detectionlint.org/library/sigma-potential-werfault-reflectdebugger-registry-value-abuse-fb79e1ac 2026-04-25T13:55:34.602Z monthly 0.6 https://detectionlint.org/library/sigma-uac-bypass-via-sdclt-ec97bf51 2026-04-25T13:55:34.511Z monthly 0.6 https://detectionlint.org/library/spl-system-info-gathering-using-dxdiag-application-6432ab33 2026-04-25T13:55:34.421Z monthly 0.6 https://detectionlint.org/library/sigma-uac-bypass-with-fake-dll-e43aba4f 2026-04-25T13:55:34.331Z monthly 0.6 https://detectionlint.org/library/kql-powershell-suspicious-script-with-clipboard-retrieval-capabi-ab62cd1e 2026-04-25T13:55:34.240Z monthly 0.6 https://detectionlint.org/library/spl-scheduled-task-deleted-or-created-via-cmd-16bb4d0a 2026-04-25T13:55:34.149Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-command-executed-via-run-dialog-box---85ca8a21 2026-04-25T13:55:34.061Z monthly 0.6 https://detectionlint.org/library/sigma-google-cloud-storage-buckets-modified-or-deleted-98b3ad9f 2026-04-25T13:55:33.967Z monthly 0.6 https://detectionlint.org/library/sigma-registry-modification-for-oci-dll-redirection-0df4c401 2026-04-25T13:55:33.876Z monthly 0.6 https://detectionlint.org/library/sigma-potential-winnti-dropper-activity-11ba7376 2026-04-25T13:55:33.784Z monthly 0.6 https://detectionlint.org/library/sigma-google-cloud-kubernetes-secrets-modified-or-deleted-c483836a 2026-04-25T13:55:33.694Z monthly 0.6 https://detectionlint.org/library/spl-detect-regsvcs-with-network-connection-6381dd62 2026-04-25T13:55:33.510Z monthly 0.6 https://detectionlint.org/library/spl-windows-domain-admin-impersonation-indicator-3aab88a7 2026-04-25T13:55:33.418Z monthly 0.6 https://detectionlint.org/library/kql-sensitive-privilege-seenabledelegationprivilege-assigned-to--bba04bb0 2026-04-25T13:55:33.328Z monthly 0.6 https://detectionlint.org/library/sigma-potential-rcdlldll-sideloading-6c5a7aef 2026-04-25T13:55:33.235Z monthly 0.6 https://detectionlint.org/library/spl-etw-registry-disabled-b6a7ac69 2026-04-25T13:55:33.148Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-binary-writes-via-anydesk-a34368f6 2026-04-25T13:55:33.053Z monthly 0.6 https://detectionlint.org/library/spl-cisco-isovalent---non-allowlisted-image-use-e6304295 2026-04-25T13:55:32.872Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-hardware-addition-swapoff-11a9a254 2026-04-25T13:55:32.781Z monthly 0.6 https://detectionlint.org/library/sigma-trust-access-disable-for-vbapplications-77d3737b 2026-04-25T13:55:32.691Z monthly 0.6 https://detectionlint.org/library/sigma-add-debugger-entry-to-hangs-key-for-persistence-c6448ae2 2026-04-25T13:55:32.598Z monthly 0.6 https://detectionlint.org/library/spl-exchange-powershell-abuse-via-ssrf-c5044c74 2026-04-25T13:55:32.417Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-camera-and-microphone-access-b979f0de 2026-04-25T13:55:32.324Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-suspicious-win32_pnpentity-d2574fc1 2026-04-25T13:55:32.233Z monthly 0.6 https://detectionlint.org/library/spl-windows-computer-account-requesting-kerberos-ticket-4a388356 2026-04-25T13:55:32.142Z monthly 0.6 https://detectionlint.org/library/sigma-dns-tor-proxies-c7337db6 2026-04-25T13:55:32.019Z monthly 0.6 https://detectionlint.org/library/sigma-certificate-exported-via-powershell-170bb757 2026-04-25T13:55:31.871Z monthly 0.6 https://detectionlint.org/library/sigma-outlook-security-settings-updated---registry-138a896e 2026-04-25T13:55:31.778Z monthly 0.6 https://detectionlint.org/library/sigma-computer-discovery-and-export-via-get-adcomputer-cmdlet---po-5f9592ee 2026-04-25T13:55:31.634Z monthly 0.6 https://detectionlint.org/library/sigma-bitbucket-user-permissions-export-attempt-a1076b64 2026-04-25T13:55:31.506Z monthly 0.6 https://detectionlint.org/library/kql-system-binary-symlink-to-suspicious-location-2ce8d796 2026-04-25T13:55:31.415Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-file-permission-modification-via-chmod-0eab6843 2026-04-25T13:55:31.331Z monthly 0.6 https://detectionlint.org/library/sigma-aws-eks-cluster-created-or-deleted-14feca5a 2026-04-25T13:55:31.234Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---inveigh-execution-artefacts-f8db50c4 2026-04-25T13:55:31.141Z monthly 0.6 https://detectionlint.org/library/sigma-macos-network-service-scanning-73b23229 2026-04-25T13:55:30.959Z monthly 0.6 https://detectionlint.org/library/spl-eventvwr-uac-bypass-8f530b6e 2026-04-25T13:55:30.873Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-non-browser-network-communication-with-google-api-492381df 2026-04-25T13:55:30.781Z monthly 0.6 https://detectionlint.org/library/spl-windows-event-for-service-disabled-350f41cd 2026-04-25T13:55:30.596Z monthly 0.6 https://detectionlint.org/library/spl-domain-controller-discovery-with-nltest-7415b29c 2026-04-25T13:55:30.508Z monthly 0.6 https://detectionlint.org/library/spl-schtasks-scheduling-job-on-remote-system-a42ff34c 2026-04-25T13:55:30.414Z monthly 0.6 https://detectionlint.org/library/spl-disable-etw-through-registry-dd6645ec 2026-04-25T13:55:30.324Z monthly 0.6 https://detectionlint.org/library/spl-windows-eventlog-cleared-via-wevtutil-b08a3c37 2026-04-25T13:55:30.231Z monthly 0.6 https://detectionlint.org/library/sigma-desktopini-created-by-uncommon-process-158e6e85 2026-04-25T13:55:30.140Z monthly 0.6 https://detectionlint.org/library/spl-windows-ad-dangerous-deny-acl-modification-7ef1ca36 2026-04-25T13:55:30.049Z monthly 0.6 https://detectionlint.org/library/sigma-uac-bypass-via-event-viewer-5b2ffcfb 2026-04-25T13:55:29.958Z monthly 0.6 https://detectionlint.org/library/sigma-wdigest-enable-uselogoncredential-7694b604 2026-04-25T13:55:29.867Z monthly 0.6 https://detectionlint.org/library/spl-windows-chromium-process-loaded-extension-via-command-line-5c2ce903 2026-04-25T13:55:29.777Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-c2-activities-f40b2f71 2026-04-25T13:55:29.684Z monthly 0.6 https://detectionlint.org/library/sigma-livekd-driver-creation-by-uncommon-process-930f6521 2026-04-25T13:55:29.594Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-iofilestream-01d7d599 2026-04-25T13:55:29.503Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-install-a-dll-in-system-directory-74f7a5a3 2026-04-25T13:55:29.413Z monthly 0.6 https://detectionlint.org/library/sigma-displaying-hidden-files-feature-disabled-5bf0ae10 2026-04-25T13:55:29.321Z monthly 0.6 https://detectionlint.org/library/sigma-azure-kubernetes-rolebindingclusterrolebinding-modified-and--31a9d404 2026-04-25T13:55:29.231Z monthly 0.6 https://detectionlint.org/library/sigma-file-or-folder-permissions-change-36b02ad1 2026-04-25T13:55:29.139Z monthly 0.6 https://detectionlint.org/library/sigma-kubernetes-events-deleted-33cf0ce9 2026-04-25T13:55:29.049Z monthly 0.6 https://detectionlint.org/library/sigma-internet-explorer-autorun-keys-modification-6db5d47c 2026-04-25T13:55:28.958Z monthly 0.6 https://detectionlint.org/library/sigma-multi-factor-authentication-disabled-for-user-account-5361e850 2026-04-25T13:55:28.867Z monthly 0.6 https://detectionlint.org/library/sigma-cisco-show-commands-input-9a620280 2026-04-25T13:55:28.775Z monthly 0.6 https://detectionlint.org/library/spl-kerberos-service-ticket-request-using-rc4-encryption-2442cd40 2026-04-25T13:55:28.684Z monthly 0.6 https://detectionlint.org/library/spl-windows-excessive-usage-of-net-app-e7e7e3b0 2026-04-25T13:55:28.596Z monthly 0.6 https://detectionlint.org/library/sigma-sharphound-recon-sessions-fa4d4df0 2026-04-25T13:55:28.503Z monthly 0.6 https://detectionlint.org/library/spl-ryuk-test-files-detected-c3b4b31e 2026-04-25T13:55:28.320Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-via-app-paths-default-property-91b4cac0 2026-04-25T13:55:28.230Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-frombase64string-usage-on-gzip-archive---ps-scrip-9f64b371 2026-04-25T13:55:28.137Z monthly 0.6 https://detectionlint.org/library/sigma-credential-manager-access-by-uncommon-applications-52ca57ff 2026-04-25T13:55:28.062Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-ai-cli-permission-override-activated-adcc6dd5 2026-04-25T13:55:28.039Z monthly 0.6 https://detectionlint.org/library/sigma-aws-successful-console-login-without-mfa-c3d85db9 2026-04-25T13:55:27.906Z monthly 0.6 https://detectionlint.org/library/sigma-overwriting-the-file-with-dev-zero-or-null-52b3ce61 2026-04-25T13:55:26.852Z monthly 0.6 https://detectionlint.org/library/sigma-aws-kms-imported-key-material-usage-1f189644 2026-04-25T13:55:26.759Z monthly 0.6 https://detectionlint.org/library/spl-linux-change-file-owner-to-root-18a48172 2026-04-25T13:55:26.670Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-msi-install-via-windowsinstaller-com-from-remote--0089f759 2026-04-25T13:55:26.578Z monthly 0.6 https://detectionlint.org/library/spl-spike-in-file-writes-07329be5 2026-04-25T13:55:26.485Z monthly 0.6 https://detectionlint.org/library/sigma-new-network-acl-entry-added-d22109af 2026-04-25T13:55:26.394Z monthly 0.6 https://detectionlint.org/library/sigma-creduidll-loaded-by-uncommon-process-703b6bbf 2026-04-25T13:55:26.304Z monthly 0.6 https://detectionlint.org/library/sigma-azure-ad-only-single-factor-authentication-required-7586ebfb 2026-04-25T13:55:26.212Z monthly 0.6 https://detectionlint.org/library/kql-deprecated---suspicious-printspooler-service-executable-file-b9ed1a9a 2026-04-25T13:55:26.123Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-double-extension-files-eb63abab 2026-04-25T13:55:25.940Z monthly 0.6 https://detectionlint.org/library/spl-revil-registry-entry-8948b742 2026-04-25T13:55:25.849Z monthly 0.6 https://detectionlint.org/library/sigma-potential-avkkiddll-sideloading-a56ec608 2026-04-25T13:55:25.758Z monthly 0.6 https://detectionlint.org/library/sigma-azure-unusual-authentication-interruption-d36c9080 2026-04-25T13:55:25.668Z monthly 0.6 https://detectionlint.org/library/sigma-data-exfiltration-with-wget-f0b69072 2026-04-25T13:55:25.575Z monthly 0.6 https://detectionlint.org/library/spl-uac-bypass-mmc-load-unsigned-dll-ac326573 2026-04-25T13:55:25.483Z monthly 0.6 https://detectionlint.org/library/spl-active-setup-registry-autostart-1a0cb535 2026-04-25T13:55:25.392Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-powershell-mailbox-export-to-share---ps-2c46108e 2026-04-25T13:55:25.303Z monthly 0.6 https://detectionlint.org/library/spl-windows-credentials-from-password-stores-deletion-528266dd 2026-04-25T13:55:25.210Z monthly 0.6 https://detectionlint.org/library/kql-unusual-pkexec-execution-37339fe2 2026-04-25T13:55:25.124Z monthly 0.6 https://detectionlint.org/library/kql-process-backgrounded-by-unusual-parent-916ba072 2026-04-25T13:55:24.938Z monthly 0.6 https://detectionlint.org/library/sigma-rundll32-internet-connection-1db875d3 2026-04-25T13:55:24.845Z monthly 0.6 https://detectionlint.org/library/spl-microsoft-defender-atp-alerts-2e05d228 2026-04-25T13:55:24.754Z monthly 0.6 https://detectionlint.org/library/sigma-new-network-route-added-537bd7b3 2026-04-25T13:55:24.574Z monthly 0.6 https://detectionlint.org/library/spl-windows-file-without-extension-in-critical-folder-c5f433df 2026-04-25T13:55:24.484Z monthly 0.6 https://detectionlint.org/library/sigma-email-exifiltration-via-powershell-d08c7826 2026-04-25T13:55:24.392Z monthly 0.6 https://detectionlint.org/library/sigma-zip-a-folder-with-powershell-for-staging-in-temp---powershel-009ea69d 2026-04-25T13:55:24.211Z monthly 0.6 https://detectionlint.org/library/spl-system-user-discovery-with-whoami-287d4831 2026-04-25T13:55:24.117Z monthly 0.6 https://detectionlint.org/library/sigma-scheduled-cron-taskjob---macos-c3d5daf4 2026-04-25T13:55:24.029Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-windows-strings-in-uri-3dbc7459 2026-04-25T13:55:23.941Z monthly 0.6 https://detectionlint.org/library/spl-remote-system-discovery-with-wmic-6a1548de 2026-04-25T13:55:23.843Z monthly 0.6 https://detectionlint.org/library/spl-remcos-client-registry-install-entry-4a91258e 2026-04-25T13:55:23.752Z monthly 0.6 https://detectionlint.org/library/spl-microsoft-defender-incident-alerts-24f650f2 2026-04-25T13:55:23.661Z monthly 0.6 https://detectionlint.org/library/spl-windows-default-rdp-file-unhidden-b426de62 2026-04-25T13:55:23.571Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-get-addbaccount-usage-5f44f97a 2026-04-25T13:55:23.388Z monthly 0.6 https://detectionlint.org/library/spl-schtasks-used-for-forcing-a-reboot-b46a0fdb 2026-04-25T13:55:23.297Z monthly 0.6 https://detectionlint.org/library/sigma-rclone-config-file-creation-0c4cc525 2026-04-25T13:55:23.208Z monthly 0.6 https://detectionlint.org/library/sigma-systemd-service-creation-f32bb99c 2026-04-25T13:55:23.157Z monthly 0.6 https://detectionlint.org/library/sigma-potential-sentinelone-shell-context-menu-scan-command-tamper-88edc539 2026-04-25T13:55:23.111Z monthly 0.6 https://detectionlint.org/library/spl-esentutl-sam-copy-5a326d42 2026-04-25T13:55:23.019Z monthly 0.6 https://detectionlint.org/library/spl-cisco-nvm---curl-execution-with-insecure-flags-b21ada75 2026-04-25T13:55:22.970Z monthly 0.6 https://detectionlint.org/library/sigma-clipboard-data-collection-via-osascript-285a7d0c 2026-04-25T13:55:22.752Z monthly 0.6 https://detectionlint.org/library/sigma-potential-appverifuidll-sideloading-51da26cc 2026-04-25T13:55:22.661Z monthly 0.6 https://detectionlint.org/library/sigma-flash-player-update-from-suspicious-location-705da3c2 2026-04-25T13:55:22.570Z monthly 0.6 https://detectionlint.org/library/sigma-new-custom-shim-database-created-edb704b6 2026-04-25T13:55:22.482Z monthly 0.6 https://detectionlint.org/library/sigma-windows-screen-capture-with-copyfromscreen-3d93ad51 2026-04-25T13:55:22.024Z monthly 0.6 https://detectionlint.org/library/spl-windows-credentials-from-password-stores-chrome-login-data-a-bc133607 2026-04-25T13:55:21.935Z monthly 0.6 https://detectionlint.org/library/spl-windows-adfind-exe-f0e75e23 2026-04-25T13:55:21.662Z monthly 0.6 https://detectionlint.org/library/sigma-user-discovery-and-export-via-get-aduser-cmdlet---powershell-1d902a45 2026-04-25T13:55:21.568Z monthly 0.6 https://detectionlint.org/library/spl-windows-ad-same-domain-sid-history-addition-3bd7e013 2026-04-25T13:55:21.479Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-installer-package-child-process-d47430a6 2026-04-25T13:55:21.387Z monthly 0.6 https://detectionlint.org/library/spl-short-lived-scheduled-task-13bf88e0 2026-04-25T13:55:21.204Z monthly 0.6 https://detectionlint.org/library/sigma-com-hijack-via-sdclt-4cf8d88a 2026-04-25T13:55:21.117Z monthly 0.6 https://detectionlint.org/library/sigma-changes-to-device-registration-policy-18a22d75 2026-04-25T13:55:21.024Z monthly 0.6 https://detectionlint.org/library/spl-windows-default-group-policy-object-modified-with-gpme-b5cf0300 2026-04-25T13:55:20.932Z monthly 0.6 https://detectionlint.org/library/sigma-screenconnect-temporary-installation-artefact-9a2aad91 2026-04-25T13:55:20.842Z monthly 0.6 https://detectionlint.org/library/spl-windows-hide-notification-features-through-registry-fcefe996 2026-04-25T13:55:20.749Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-virtual-disk-file-and-directory-discovery-81cf6644 2026-04-25T13:55:20.659Z monthly 0.6 https://detectionlint.org/library/sigma-activity-from-anonymous-ip-address-9fc809b8 2026-04-25T13:55:20.568Z monthly 0.6 https://detectionlint.org/library/sigma-remcom-service-file-creation-5fc05c04 2026-04-25T13:55:20.480Z monthly 0.6 https://detectionlint.org/library/sigma-added-owner-to-application-aa2734d5 2026-04-25T13:55:20.385Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_delete_vpc_flow_logs-0e0768c0 2026-04-25T13:55:20.294Z monthly 0.6 https://detectionlint.org/library/spl-windows-ad-domain-replication-acl-addition-94edd2a1 2026-04-25T13:55:20.202Z monthly 0.6 https://detectionlint.org/library/spl-registry-keys-for-creating-shim-databases-0e153b04 2026-04-25T13:55:20.111Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-add-name-resolution-policy-table-rule-45b49889 2026-04-25T13:55:20.020Z monthly 0.6 https://detectionlint.org/library/spl-windows-command-and-scripting-interpreter-hunting-path-trave-8532d7a0 2026-04-25T13:55:19.929Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-get-information-for-smb-share---powershell-module-6d40beb1 2026-04-25T13:55:19.747Z monthly 0.6 https://detectionlint.org/library/sigma-registry-free-process-scope-cor_profiler-6ed1ba44 2026-04-25T13:55:19.660Z monthly 0.6 https://detectionlint.org/library/spl-executable-file-written-in-administrative-smb-share-9b92e1e2 2026-04-25T13:55:19.567Z monthly 0.6 https://detectionlint.org/library/spl-elevated-group-discovery-with-wmic-f9bb161c 2026-04-25T13:55:19.475Z monthly 0.6 https://detectionlint.org/library/spl-samsam-test-file-write-f6c94cce 2026-04-25T13:55:19.292Z monthly 0.6 https://detectionlint.org/library/spl-windows-ad-short-lived-domain-controller-spn-attribute-d2e2e368 2026-04-25T13:55:19.112Z monthly 0.6 https://detectionlint.org/library/sigma-assembly-dll-creation-via-aspnetcompiler-edf0e91c 2026-04-25T13:55:19.020Z monthly 0.6 https://detectionlint.org/library/spl-windows-ad-adminsdholder-acl-modified-67594afc 2026-04-25T13:55:18.929Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---mimikatz-kirbi-file-creation-0f6eeec7 2026-04-25T13:55:18.839Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-file-and-directory-discovery-8b61842b 2026-04-25T13:55:18.748Z monthly 0.6 https://detectionlint.org/library/sigma-potential-qakbot-registry-activity-40fcb68a 2026-04-25T13:55:18.657Z monthly 0.6 https://detectionlint.org/library/sigma-microsoft-office-protected-view-disabled-524fb723 2026-04-25T13:55:18.566Z monthly 0.6 https://detectionlint.org/library/spl-cisco-nvm---suspicious-network-connection-from-process-with--f62a89b8 2026-04-25T13:55:18.476Z monthly 0.6 https://detectionlint.org/library/sigma-disk-image-mounting-via-hdiutil---macos-2a80735b 2026-04-25T13:55:18.384Z monthly 0.6 https://detectionlint.org/library/sigma-tamper-windows-defender---psclassic-9f696edf 2026-04-25T13:55:18.298Z monthly 0.6 https://detectionlint.org/library/sigma-system-network-connections-discovery---macos-d61dd9d9 2026-04-25T13:55:18.201Z monthly 0.6 https://detectionlint.org/library/kql-accepted-default-telnet-port-connection-d3e140d3 2026-04-25T13:55:18.109Z monthly 0.6 https://detectionlint.org/library/sigma-esxi-vm-kill-via-esxcli-9052329d 2026-04-25T13:55:18.019Z monthly 0.6 https://detectionlint.org/library/spl-windows-computer-account-created-by-computer-account-5ab19f03 2026-04-25T13:55:17.928Z monthly 0.6 https://detectionlint.org/library/sigma-potential-rce-exploitation-attempt-in-nodejs-09d125f6 2026-04-25T13:55:17.746Z monthly 0.6 https://detectionlint.org/library/spl-linux-deletion-of-services-a2c53ff3 2026-04-25T13:55:17.656Z monthly 0.6 https://detectionlint.org/library/sigma-remote-encrypting-file-system-abuse-73fe0254 2026-04-25T13:55:17.566Z monthly 0.6 https://detectionlint.org/library/sigma-disabled-windows-defender-eventlog-db53030f 2026-04-25T13:55:17.473Z monthly 0.6 https://detectionlint.org/library/sigma-potential-registry-persistence-attempt-via-dbgmanageddebugge-2ec11dc8 2026-04-25T13:55:17.381Z monthly 0.6 https://detectionlint.org/library/kql-potential-network-sweep-detected-1ca9a82d 2026-04-25T13:55:17.291Z monthly 0.6 https://detectionlint.org/library/sigma-default-cobalt-strike-certificate-91a1055c 2026-04-25T13:55:17.198Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-change-file-owner-to-root-64b409dc 2026-04-25T13:55:17.108Z monthly 0.6 https://detectionlint.org/library/sigma-anomalous-token-177c7609 2026-04-25T13:55:17.017Z monthly 0.6 https://detectionlint.org/library/sigma-opencanary---http-post-login-attempt-f0fd9330 2026-04-25T13:55:16.927Z monthly 0.6 https://detectionlint.org/library/sigma-remove-scheduled-cron-taskjob-048299ac 2026-04-25T13:55:16.835Z monthly 0.6 https://detectionlint.org/library/sigma-potential-dcom-internetexplorerapplication-dll-hijack---imag-fab10bac 2026-04-25T13:55:16.744Z monthly 0.6 https://detectionlint.org/library/spl-excessive-file-deletion-in-windefender-folder-374ad3da 2026-04-25T13:55:16.561Z monthly 0.6 https://detectionlint.org/library/spl-windows-disable-internet-explorer-addons-6c925860 2026-04-25T13:55:16.474Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-outlook-macro-created-665cf89b 2026-04-25T13:55:16.413Z monthly 0.6 https://detectionlint.org/library/spl-adsisearcher-account-discovery-564c185f 2026-04-25T13:55:16.377Z monthly 0.6 https://detectionlint.org/library/spl-windows-event-logging-service-has-shutdown-6fbd3d96 2026-04-25T13:55:16.280Z monthly 0.6 https://detectionlint.org/library/spl-disable-show-hidden-files-8d350998 2026-04-25T13:55:16.231Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-network-communication-with-ipfs-bcccd19e 2026-04-25T13:55:16.014Z monthly 0.6 https://detectionlint.org/library/sigma-loading-of-kernel-module-via-insmod-ffc1793c 2026-04-25T13:55:15.922Z monthly 0.6 https://detectionlint.org/library/sigma-uac-bypass-using-windows-media-player---file-9f5cf927 2026-04-25T13:55:15.834Z monthly 0.6 https://detectionlint.org/library/spl-windows-chrome-extension-allowed-registry-modification-240b065b 2026-04-25T13:55:15.742Z monthly 0.6 https://detectionlint.org/library/sigma-possible-coin-miner-cpu-priority-param-0b3493e3 2026-04-25T13:55:15.697Z monthly 0.6 https://detectionlint.org/library/kql-cobalt-strike-command-and-control-beacon-1fa2420c 2026-04-25T13:55:15.645Z monthly 0.6 https://detectionlint.org/library/sigma-azure-application-security-group-modified-or-deleted-39bc3d8f 2026-04-25T13:55:15.561Z monthly 0.6 https://detectionlint.org/library/sigma-cred-dump-tools-dropped-files-10b4b792 2026-04-25T13:55:15.518Z monthly 0.6 https://detectionlint.org/library/sigma-ntds-exfiltration-filename-patterns-bb32b9c7 2026-04-25T13:54:29.487Z monthly 0.6 https://detectionlint.org/library/spl-windows-disable-logoff-button-through-registry-d61fd507 2026-04-25T13:54:29.266Z monthly 0.6 https://detectionlint.org/library/sigma-potential-mfdetoursdll-sideloading-bb4dd3cb 2026-04-25T13:54:29.177Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-service-restarted-ff9f1a10 2026-04-25T13:54:29.085Z monthly 0.6 https://detectionlint.org/library/sigma-legitimate-application-dropped-archive-abcb9df3 2026-04-25T13:54:28.993Z monthly 0.6 https://detectionlint.org/library/sigma-opencanary---ssh-new-connection-attempt-80be93e8 2026-04-25T13:54:28.902Z monthly 0.6 https://detectionlint.org/library/spl-windows-compatibility-telemetry-suspicious-child-process-07d7f81b 2026-04-25T13:54:28.811Z monthly 0.6 https://detectionlint.org/library/spl-windows-findstr-gpp-discovery-9d3fe937 2026-04-25T13:54:28.727Z monthly 0.6 https://detectionlint.org/library/spl-windows-chromium-browser-with-custom-user-data-directory-1559dcd5 2026-04-25T13:54:28.631Z monthly 0.6 https://detectionlint.org/library/sigma-potential-mpclientdll-sideloading-7bc7774d 2026-04-25T13:54:28.539Z monthly 0.6 https://detectionlint.org/library/sigma-ufw-force-stop-using-ufw-init-67c288b8 2026-04-25T13:54:28.450Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-via-disk-cleanup-handler---registry-499eb5f6 2026-04-25T13:54:28.369Z monthly 0.6 https://detectionlint.org/library/kql-powershell-suspicious-payload-encoded-and-compressed-9d381ba4 2026-04-25T13:54:28.266Z monthly 0.6 https://detectionlint.org/library/spl-serviceprincipalnames-discovery-with-powershell-0b856dc2 2026-04-25T13:54:28.176Z monthly 0.6 https://detectionlint.org/library/spl-detect-rtlo-in-file-name-cbebea59 2026-04-25T13:54:27.901Z monthly 0.6 https://detectionlint.org/library/sigma-unsigned-appx-installation-attempt-using-add-appxpackage---p-c7fa3b9b 2026-04-25T13:54:27.811Z monthly 0.6 https://detectionlint.org/library/kql-execution-via-mssql-xp_cmdshell-stored-procedure-0791c9fe 2026-04-25T13:54:27.722Z monthly 0.6 https://detectionlint.org/library/spl-scheduled-task-creation-on-remote-endpoint-using-at-76db9cc0 2026-04-25T13:54:27.629Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-creation-with-colorcpl-e31b0fc0 2026-04-25T13:54:27.537Z monthly 0.6 https://detectionlint.org/library/kql-suspicious-rclocal-error-message-4588abf3 2026-04-25T13:54:27.446Z monthly 0.6 https://detectionlint.org/library/sigma-aws-sts-assumerole-misuse-7e34e55f 2026-04-25T13:54:27.355Z monthly 0.6 https://detectionlint.org/library/spl-linux-deletion-of-init-daemon-script-21989c37 2026-04-25T13:54:27.172Z monthly 0.6 https://detectionlint.org/library/sigma-opencanary---ftp-login-attempt-913ee2fd 2026-04-25T13:54:27.083Z monthly 0.6 https://detectionlint.org/library/sigma-sysmon-driver-altitude-change-a9b9232f 2026-04-25T13:54:26.990Z monthly 0.6 https://detectionlint.org/library/spl-print-processor-registry-autostart-25d76d58 2026-04-25T13:54:26.719Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-gettypefromclsid-shellexecute-3e601566 2026-04-25T13:54:26.626Z monthly 0.6 https://detectionlint.org/library/sigma-system-owner-or-user-discovery---linux-6a7f81c3 2026-04-25T13:54:26.536Z monthly 0.6 https://detectionlint.org/library/sigma-opencanary---vnc-connection-attempt-a942e43b 2026-04-25T13:54:26.445Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-file-permissions-modification-via-chattr-d4dab01e 2026-04-25T13:54:26.353Z monthly 0.6 https://detectionlint.org/library/sigma-remote-server-service-abuse-26fc9d2a 2026-04-25T13:54:26.266Z monthly 0.6 https://detectionlint.org/library/sigma-pua---aws-trufflehog-execution-a31d1b5e 2026-04-25T13:54:26.082Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_guardduty_disabled-e6fdf993 2026-04-25T13:54:25.988Z monthly 0.6 https://detectionlint.org/library/sigma-recon-information-for-export-with-powershell-22eb9521 2026-04-25T13:54:25.897Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-defender-disable-scan-feature-96183ad0 2026-04-25T13:54:25.806Z monthly 0.6 https://detectionlint.org/library/sigma-created-files-by-microsoft-sync-center-fe9f9ce2 2026-04-25T13:54:25.715Z monthly 0.6 https://detectionlint.org/library/sigma-cisco-clear-logs-15c83908 2026-04-25T13:54:25.623Z monthly 0.6 https://detectionlint.org/library/sigma-silenttrinity-stager-msbuild-activity-6cbdba2d 2026-04-25T13:54:25.532Z monthly 0.6 https://detectionlint.org/library/sigma-rdp-over-reverse-ssh-tunnel-ba1f6039 2026-04-25T13:54:25.442Z monthly 0.6 https://detectionlint.org/library/sigma-cisco-ldp-authentication-failures-87951fc7 2026-04-25T13:54:25.350Z monthly 0.6 https://detectionlint.org/library/spl-suspicious-rundll32-no-command-line-arguments-9c8b3aa8 2026-04-25T13:54:25.259Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-non-powershell-wsman-com-provider-7fd60d2d 2026-04-25T13:54:25.167Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_ec2_get_windows_admin_password-2c139be6 2026-04-25T13:54:25.079Z monthly 0.6 https://detectionlint.org/library/spl-windows-bypass-uac-via-pkgmgr-tool-d31cb6fd 2026-04-25T13:54:24.986Z monthly 0.6 https://detectionlint.org/library/sigma-vbscript-payload-stored-in-registry-2285a14b 2026-04-25T13:54:24.895Z monthly 0.6 https://detectionlint.org/library/sigma-add-debugger-entry-to-aedebug-for-persistence-ccf6680e 2026-04-25T13:54:24.805Z monthly 0.6 https://detectionlint.org/library/sigma-antivirus-exploitation-framework-detection-73764c75 2026-04-25T13:54:24.713Z monthly 0.6 https://detectionlint.org/library/spl-detect-excessive-user-account-lockouts-25b60440 2026-04-25T13:54:24.622Z monthly 0.6 https://detectionlint.org/library/sigma-azure-new-cloudshell-created-f16f35a6 2026-04-25T13:54:24.349Z monthly 0.6 https://detectionlint.org/library/sigma-potential-dcom-internetexplorerapplication-dll-hijack-5e8dbb71 2026-04-25T13:54:24.258Z monthly 0.6 https://detectionlint.org/library/spl-scheduled-task-initiation-on-remote-endpoint-980d0945 2026-04-25T13:54:24.166Z monthly 0.6 https://detectionlint.org/library/sigma-anonymous-ip-address-78d11161 2026-04-25T13:54:24.086Z monthly 0.6 https://detectionlint.org/library/spl-suspicious-wav-file-in-appdata-folder-bf1f0333 2026-04-25T13:54:23.985Z monthly 0.6 https://detectionlint.org/library/spl-hunting-3cxdesktopapp-software-badbfe57 2026-04-25T13:54:23.803Z monthly 0.6 https://detectionlint.org/library/spl-detect-html-help-using-infotech-storage-handlers-0f12163c 2026-04-25T13:54:23.712Z monthly 0.6 https://detectionlint.org/library/sigma-authentications-to-important-apps-using-single-factor-authen-46596798 2026-04-25T13:54:23.621Z monthly 0.6 https://detectionlint.org/library/sigma-pnscan-binary-data-transmission-activity-f7131fc2 2026-04-25T13:54:23.528Z monthly 0.6 https://detectionlint.org/library/spl-kerberos-pre-authentication-flag-disabled-with-powershell-77413d17 2026-04-25T13:54:23.438Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_api_gateway_get_keys-21d6076b 2026-04-25T13:54:23.347Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-get-local-groups-information-ccc02f66 2026-04-25T13:54:23.256Z monthly 0.6 https://detectionlint.org/library/sigma-office-macro-file-creation-from-suspicious-process-eaeb0dc4 2026-04-25T13:54:23.189Z monthly 0.6 https://detectionlint.org/library/spl-windows-eventlog-recon-activity-using-log-query-utilities-565d55c2 2026-04-25T13:54:23.168Z monthly 0.6 https://detectionlint.org/library/sigma-new-file-association-using-exefile-5cc3441f 2026-04-25T13:54:23.068Z monthly 0.6 https://detectionlint.org/library/spl-domain-group-discovery-with-dsquery-ee7ebe39 2026-04-25T13:54:23.002Z monthly 0.6 https://detectionlint.org/library/spl-powershell-windows-defender-exclusion-commands-0d6c3b0c 2026-04-25T13:54:22.801Z monthly 0.6 https://detectionlint.org/library/sigma-potential-wizardupdate-malware-infection-38f7f197 2026-04-25T13:54:22.712Z monthly 0.6 https://detectionlint.org/library/kql-possible-fin7-dga-command-and-control-behavior-df9677d4 2026-04-25T13:54:22.619Z monthly 0.6 https://detectionlint.org/library/sigma-session-manager-autorun-keys-modification-59b3f844 2026-04-25T13:54:22.528Z monthly 0.6 https://detectionlint.org/library/sigma-google-cloud-dns-zone-modified-or-deleted-8fb6d3a5 2026-04-25T13:54:22.345Z monthly 0.6 https://detectionlint.org/library/sigma-wannacry-killswitch-domain-ffe9f06f 2026-04-25T13:54:22.163Z monthly 0.6 https://detectionlint.org/library/spl-disable-registry-tool-1b2773b9 2026-04-25T13:54:22.072Z monthly 0.6 https://detectionlint.org/library/sigma-windows-recall-feature-enabled---registry-02482065 2026-04-25T13:54:21.981Z monthly 0.6 https://detectionlint.org/library/sigma-microsoft-365---potential-ransomware-activity-0f49f02a 2026-04-25T13:54:21.798Z monthly 0.6 https://detectionlint.org/library/sigma-fortigate---vpn-ssl-settings-modified-0c5df7b6 2026-04-25T13:54:21.709Z monthly 0.6 https://detectionlint.org/library/sigma-omigod-scx-runasprovider-executescript-1a561192 2026-04-25T13:54:21.617Z monthly 0.6 https://detectionlint.org/library/sigma-system-information-discovery-using-ioreg-a9736d6a 2026-04-25T13:54:21.528Z monthly 0.6 https://detectionlint.org/library/kql-remote-file-creation-in-world-writeable-directory-9faa174c 2026-04-25T13:54:21.434Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-dns-z-flag-bit-set-e7c8e24e 2026-04-25T13:54:21.344Z monthly 0.6 https://detectionlint.org/library/sigma-atypical-travel-e542df6c 2026-04-25T13:54:21.253Z monthly 0.6 https://detectionlint.org/library/spl-windows-computer-account-with-spn-fff05861 2026-04-25T13:54:21.161Z monthly 0.6 https://detectionlint.org/library/sigma-juniper-bgp-missing-md5-f8df3a51 2026-04-25T13:54:20.982Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-get-adreplaccount-644ee411 2026-04-25T13:54:20.909Z monthly 0.6 https://detectionlint.org/library/spl-remote-system-discovery-with-adsisearcher-ab57d523 2026-04-25T13:54:20.797Z monthly 0.6 https://detectionlint.org/library/spl-secretdumps-offline-ntds-dumping-tool-e98ed4f6 2026-04-25T13:54:20.706Z monthly 0.6 https://detectionlint.org/library/sigma-aws-bucket-deleted-0f9bf442 2026-04-25T13:54:20.525Z monthly 0.6 https://detectionlint.org/library/sigma-shell-open-registry-keys-manipulation-bc324004 2026-04-25T13:54:20.434Z monthly 0.6 https://detectionlint.org/library/spl-7zip-commandline-to-smb-share-path-16428275 2026-04-25T13:54:20.342Z monthly 0.6 https://detectionlint.org/library/kql-dsrm-account-abuse-d7ef6464 2026-04-25T13:54:20.251Z monthly 0.6 https://detectionlint.org/library/spl-remote-process-instantiation-via-wmi-and-powershell-script-b-4532e47c 2026-04-25T13:54:20.161Z monthly 0.6 https://detectionlint.org/library/sigma-aws-sts-getsessiontoken-misuse-f151a22f 2026-04-25T13:54:20.069Z monthly 0.6 https://detectionlint.org/library/spl-windows-ad-dangerous-group-acl-modification-b3ff6d5c 2026-04-25T13:54:19.979Z monthly 0.6 https://detectionlint.org/library/spl-silentcleanup-uac-bypass-b881e06e 2026-04-25T13:54:19.887Z monthly 0.6 https://detectionlint.org/library/kql-changes-to-application-ownership-51c7d88a 2026-04-25T13:54:19.796Z monthly 0.6 https://detectionlint.org/library/spl-detect-regsvcs-with-no-command-line-arguments-7536f6de 2026-04-25T13:54:19.705Z monthly 0.6 https://detectionlint.org/library/spl-moveit-empty-key-fingerprint-authentication-attempt-949e3e80 2026-04-25T13:54:19.614Z monthly 0.6 https://detectionlint.org/library/sigma-microsoft-365---impossible-travel-activity-3399ffbd 2026-04-25T13:54:19.433Z monthly 0.6 https://detectionlint.org/library/sigma-windows-firewall-profile-disabled-82a2c691 2026-04-25T13:54:19.341Z monthly 0.6 https://detectionlint.org/library/spl-windows-browser-process-launched-with-unusual-flags-12552bfc 2026-04-25T13:54:19.252Z monthly 0.6 https://detectionlint.org/library/kql-com-event-system-loading-new-dll-0e0ed242 2026-04-25T13:54:19.160Z monthly 0.6 https://detectionlint.org/library/sigma-potential-base64-decoded-from-images-dd1919f7 2026-04-25T13:54:19.069Z monthly 0.6 https://detectionlint.org/library/sigma-potential-provisioning-registry-key-abuse-for-binary-proxy-e-7b65919b 2026-04-25T13:54:18.979Z monthly 0.6 https://detectionlint.org/library/spl-windows-excessive-disabled-services-event-a3c6a788 2026-04-25T13:54:18.888Z monthly 0.6 https://detectionlint.org/library/sigma-computer-discovery-and-export-via-get-adcomputer-cmdlet-d2d1c6b5 2026-04-25T13:54:18.705Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-dns-query-with-b64-encoded-string-34bb92d5 2026-04-25T13:54:18.613Z monthly 0.6 https://detectionlint.org/library/sigma-new-application-in-appcompat-b1b40080 2026-04-25T13:54:18.522Z monthly 0.6 https://detectionlint.org/library/sigma-dump-credentials-from-windows-credential-manager-with-powers-1c0ca2b7 2026-04-25T13:54:18.432Z monthly 0.6 https://detectionlint.org/library/sigma-opencanary---nmap-xmas-scan-3eee6b66 2026-04-25T13:54:18.340Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-eventlog-clear-9a86da6d 2026-04-25T13:54:18.159Z monthly 0.6 https://detectionlint.org/library/spl-windows-credentials-from-web-browsers-saved-in-temp-folder-5f061d66 2026-04-25T13:54:18.070Z monthly 0.6 https://detectionlint.org/library/spl-detect-new-local-admin-account-6d899887 2026-04-25T13:54:17.995Z monthly 0.6 https://detectionlint.org/library/sigma-maxmpxct-registry-value-changed-9433747a 2026-04-25T13:54:17.886Z monthly 0.6 https://detectionlint.org/library/spl-windows-high-file-deletion-frequency-7ba665c4 2026-04-25T13:54:17.811Z monthly 0.6 https://detectionlint.org/library/sigma-uac-bypass-using-net-code-profiler-on-mmc-01c24f81 2026-04-25T13:54:17.299Z monthly 0.6 https://detectionlint.org/library/sigma-uac-bypass-using-eventvwr-a0818c4d 2026-04-25T13:54:17.210Z monthly 0.6 https://detectionlint.org/library/sigma-user-added-to-admin-group-via-sysadminctl-23b13982 2026-04-25T13:54:17.117Z monthly 0.6 https://detectionlint.org/library/kql-user-account-created-using-incorrect-naming-format-9cfa0d42 2026-04-25T13:54:17.050Z monthly 0.6 https://detectionlint.org/library/spl-windows-ad-domain-controller-promotion-c459f5e9 2026-04-25T13:54:16.751Z monthly 0.6 https://detectionlint.org/library/spl-moveit-certificate-store-access-failure-c7ec8934 2026-04-25T13:54:16.660Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-startup-folder-persistence-f9dae1cc 2026-04-25T13:54:16.567Z monthly 0.6 https://detectionlint.org/library/spl-network-connection-discovery-with-arp-4a5fec91 2026-04-25T13:54:16.476Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_console_login_without_mfa-56168da0 2026-04-25T13:54:16.386Z monthly 0.6 https://detectionlint.org/library/sigma-octopus-scanner-malware-f103ee38 2026-04-25T13:54:16.294Z monthly 0.6 https://detectionlint.org/library/sigma-kubernetes-secrets-enumeration-d17df1b9 2026-04-25T13:54:16.204Z monthly 0.6 https://detectionlint.org/library/spl-domain-controller-discovery-with-wmic-1835d533 2026-04-25T13:54:16.021Z monthly 0.6 https://detectionlint.org/library/spl-system-processes-run-from-unexpected-locations-bc601103 2026-04-25T13:54:15.931Z monthly 0.6 https://detectionlint.org/library/spl-windows-chromium-browser-no-security-sandbox-process-5f36ff99 2026-04-25T13:54:15.839Z monthly 0.6 https://detectionlint.org/library/sigma-potential-spel-injection-in-spring-framework-d668b3c8 2026-04-25T13:54:15.752Z monthly 0.6 https://detectionlint.org/library/spl-drop-icedid-license-dat-4fd1373e 2026-04-25T13:54:15.476Z monthly 0.6 https://detectionlint.org/library/spl-windows-admon-group-policy-object-created-536e2cea 2026-04-25T13:54:15.385Z monthly 0.6 https://detectionlint.org/library/sigma-screen-capture-with-import-tool-83f91d59 2026-04-25T13:54:15.295Z monthly 0.6 https://detectionlint.org/library/sigma-aws-cloudtrail-important-change-320e9b12 2026-04-25T13:54:15.207Z monthly 0.6 https://detectionlint.org/library/spl-crowdstrike-privilege-escalation-for-non-admin-user-4c52a93d 2026-04-25T13:54:15.112Z monthly 0.6 https://detectionlint.org/library/spl-windows-chrome-enable-extension-loading-via-command-line-0995c9c0 2026-04-25T13:54:15.022Z monthly 0.6 https://detectionlint.org/library/spl-windows-dns-gather-network-info-9299ffdc 2026-04-25T13:54:14.931Z monthly 0.6 https://detectionlint.org/library/sigma-smb-spoolss-name-piped-usage-2228d3e1 2026-04-25T13:54:14.838Z monthly 0.6 https://detectionlint.org/library/sigma-disabled-ie-security-features-98113c00 2026-04-25T13:54:14.747Z monthly 0.6 https://detectionlint.org/library/spl-detect-mshta-renamed-28650715 2026-04-25T13:54:14.657Z monthly 0.6 https://detectionlint.org/library/sigma-invoke-obfuscation-via-use-rundll32---powershell-05bce5d2 2026-04-25T13:54:14.564Z monthly 0.6 https://detectionlint.org/library/spl-suspicious-copy-on-system32-74945bb9 2026-04-25T13:54:14.474Z monthly 0.6 https://detectionlint.org/library/kql-vnc-virtual-network-computing-to-the-internet-0a940cbb 2026-04-25T13:54:14.383Z monthly 0.6 https://detectionlint.org/library/spl-get-addefaultdomainpasswordpolicy-with-powershell-91f730ab 2026-04-25T13:54:14.295Z monthly 0.6 https://detectionlint.org/library/sigma-common-autorun-keys-modification-94a56b60 2026-04-25T13:54:14.200Z monthly 0.6 https://detectionlint.org/library/spl-windows-disable-windows-event-logging-disable-http-logging-2a766300 2026-04-25T13:54:14.110Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-auditd-service-stop-07a25c62 2026-04-25T13:54:14.018Z monthly 0.6 https://detectionlint.org/library/spl-disable-defender-mpengine-registry-60d73ae3 2026-04-25T13:54:13.941Z monthly 0.6 https://detectionlint.org/library/sigma-enable-lm-hash-storage-18dad201 2026-04-25T13:54:13.837Z monthly 0.6 https://detectionlint.org/library/spl-allow-network-discovery-in-firewall-729577d7 2026-04-25T13:54:13.745Z monthly 0.6 https://detectionlint.org/library/kql-changes-to-pim-settings-d5b04c32 2026-04-25T13:54:13.655Z monthly 0.6 https://detectionlint.org/library/sigma-google-workspace-mfa-disabled-9cc97774 2026-04-25T13:54:13.563Z monthly 0.6 https://detectionlint.org/library/sigma-potential-powershell-execution-policy-tampering-73893664 2026-04-25T13:54:13.472Z monthly 0.6 https://detectionlint.org/library/sigma-uac-bypass-using-consent-and-comctl32---file-184c8d4f 2026-04-25T13:54:13.290Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-unix-shell-configuration-modification-f268176f 2026-04-25T13:54:13.199Z monthly 0.6 https://detectionlint.org/library/spl-active-directory-privilege-escalation-identified-8196f0c2 2026-04-25T13:54:13.109Z monthly 0.6 https://detectionlint.org/library/spl-windows-defender-asr-rules-stacking-88474298 2026-04-25T13:54:13.017Z monthly 0.6 https://detectionlint.org/library/spl-suspicious-microsoft-workflow-compiler-rename-66a56ded 2026-04-25T13:54:12.926Z monthly 0.6 https://detectionlint.org/library/sigma-credentials-in-files-fcf27ee3 2026-04-25T13:54:12.835Z monthly 0.6 https://detectionlint.org/library/sigma-bitbucket-user-login-failure-da97e9eb 2026-04-25T13:54:12.745Z monthly 0.6 https://detectionlint.org/library/sigma-omigod-scx-runasprovider-executeshellcommand-140dab57 2026-04-25T13:54:12.653Z monthly 0.6 https://detectionlint.org/library/spl-macos-account-created-f55bdd2e 2026-04-25T13:54:12.562Z monthly 0.6 https://detectionlint.org/library/sigma-applications-that-are-using-ropc-authentication-flow-9da07642 2026-04-25T13:54:12.471Z monthly 0.6 https://detectionlint.org/library/spl-windows-application-layer-protocol-rms-radmin-tool-namedpipe-487f97f3 2026-04-25T13:54:12.380Z monthly 0.6 https://detectionlint.org/library/sigma-potential-wwlibdll-sideloading-c1551400 2026-04-25T13:54:12.289Z monthly 0.6 https://detectionlint.org/library/spl-remote-process-instantiation-via-winrm-and-powershell-script-c24058e0 2026-04-25T13:54:12.197Z monthly 0.6 https://detectionlint.org/library/sigma-netntlm-downgrade-attack---registry-19d09eb7 2026-04-25T13:54:12.107Z monthly 0.6 https://detectionlint.org/library/sigma-persistence-via-hhctrlocx-d3129012 2026-04-25T13:54:12.016Z monthly 0.6 https://detectionlint.org/library/spl-detect-wmi-event-subscription-persistence-0363972b 2026-04-25T13:54:11.924Z monthly 0.6 https://detectionlint.org/library/sigma-anydesk-temporary-artefact-eab1f0ab 2026-04-25T13:54:11.834Z monthly 0.6 https://detectionlint.org/library/sigma-dns-txt-answer-with-possible-execution-strings-9a5e44aa 2026-04-25T13:54:11.742Z monthly 0.6 https://detectionlint.org/library/spl-cisco-nvm---susp-script-from-archive-triggering-network-acti-a5de7b70 2026-04-25T13:54:11.651Z monthly 0.6 https://detectionlint.org/library/sigma-f5-big-ip-icontrol-rest-api-command-execution---proxy-cee64740 2026-04-25T13:54:11.565Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-start-process-passthru-0f575af6 2026-04-25T13:54:11.472Z monthly 0.6 https://detectionlint.org/library/sigma-office-application-startup---office-test-683973be 2026-04-25T13:54:11.380Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-psexec-execution---zeek-77394605 2026-04-25T13:54:11.289Z monthly 0.6 https://detectionlint.org/library/sigma-opencanary---smb-file-open-request-12dcdf58 2026-04-25T13:54:11.198Z monthly 0.6 https://detectionlint.org/library/sigma-macos-remote-system-discovery-abf54436 2026-04-25T13:54:11.106Z monthly 0.6 https://detectionlint.org/library/sigma-space-after-filename---macos-a0cd7153 2026-04-25T13:54:11.016Z monthly 0.6 https://detectionlint.org/library/kql-fortinet---beacon-pattern-detected-55f983f1 2026-04-25T13:54:10.925Z monthly 0.6 https://detectionlint.org/library/sigma-added-credentials-to-existing-application-eeb9f4d1 2026-04-25T13:54:10.834Z monthly 0.6 https://detectionlint.org/library/sigma-jxa-in-memory-execution-via-osascript-0a44f3d2 2026-04-25T13:54:10.741Z monthly 0.6 https://detectionlint.org/library/spl-disabling-norun-windows-app-6c0a7d1b 2026-04-25T13:54:10.651Z monthly 0.6 https://detectionlint.org/library/spl-create-or-delete-windows-shares-using-net-exe-ff17ee60 2026-04-25T13:54:10.560Z monthly 0.6 https://detectionlint.org/library/sigma-malicious-base64-encoded-powershell-keywords-in-command-line-b4d024a5 2026-04-25T13:54:10.469Z monthly 0.6 https://detectionlint.org/library/spl-disable-defender-blockatfirstseen-feature-88c1a2c8 2026-04-25T13:54:10.378Z monthly 0.6 https://detectionlint.org/library/sigma-restore-public-aws-rds-instance-b15f0a86 2026-04-25T13:54:10.296Z monthly 0.6 https://detectionlint.org/library/spl-windows-file-transfer-protocol-in-non-common-process-path-db572141 2026-04-25T13:54:10.195Z monthly 0.6 https://detectionlint.org/library/spl-kerberoasting-spn-request-with-rc4-encryption-c2ddf3bb 2026-04-25T13:54:10.123Z monthly 0.6 https://detectionlint.org/library/sigma-remote-event-log-recon-8eef5cb1 2026-04-25T13:54:10.112Z monthly 0.6 https://detectionlint.org/library/spl-disable-windows-smartscreen-protection-17eca218 2026-04-25T13:54:09.921Z monthly 0.6 https://detectionlint.org/library/spl-single-letter-process-on-endpoint-a180f358 2026-04-25T13:54:09.831Z monthly 0.6 https://detectionlint.org/library/sigma-eventlog-evtx-file-deleted-9219da4a 2026-04-25T13:54:09.739Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-whoami-user-discovery-7c90779f 2026-04-25T13:54:09.648Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-possible-access-to-sudoers-file-363397e1 2026-04-25T13:54:09.466Z monthly 0.6 https://detectionlint.org/library/spl-loading-of-dynwrapx-module-9f590c15 2026-04-25T13:54:09.376Z monthly 0.6 https://detectionlint.org/library/sigma-azure-suppression-rule-created-4d4c8afa 2026-04-25T13:54:09.284Z monthly 0.6 https://detectionlint.org/library/sigma-google-cloud-service-account-modified-8dd623db 2026-04-25T13:54:09.185Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-screensaver-binary-file-creation-8903c7ca 2026-04-25T13:54:09.006Z monthly 0.6 https://detectionlint.org/library/spl-permission-modification-using-takeown-app-81564865 2026-04-25T13:54:08.828Z monthly 0.6 https://detectionlint.org/library/kql-microsoft-build-engine-started-an-unusual-process-9a7976a5 2026-04-25T13:54:08.737Z monthly 0.6 https://detectionlint.org/library/spl-windows-credential-access-from-browser-password-store-663448b1 2026-04-25T13:54:08.646Z monthly 0.6 https://detectionlint.org/library/sigma-pwndrp-access-ba3bd78a 2026-04-25T13:54:08.463Z monthly 0.6 https://detectionlint.org/library/sigma-device-registration-or-join-without-mfa-b9ead242 2026-04-25T13:54:08.374Z monthly 0.6 https://detectionlint.org/library/spl-dns-exfiltration-using-nslookup-app-79ec050b 2026-04-25T13:54:08.282Z monthly 0.6 https://detectionlint.org/library/sigma-kaspersky-endpoint-security-stopped-via-commandline---linux-6c49e173 2026-04-25T13:54:08.192Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-procexp152sys-file-created-in-tmp-5cdfe3dc 2026-04-25T13:54:08.010Z monthly 0.6 https://detectionlint.org/library/sigma-enable-remote-connection-between-anonymous-computer---allowa-7f9c4ed1 2026-04-25T13:54:07.829Z monthly 0.6 https://detectionlint.org/library/sigma-winekey-registry-modification-6858a0db 2026-04-25T13:54:07.738Z monthly 0.6 https://detectionlint.org/library/spl-usn-journal-deletion-60befa35 2026-04-25T13:54:07.646Z monthly 0.6 https://detectionlint.org/library/sigma-nohup-execution-f08acf39 2026-04-25T13:54:07.554Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-kerberos-ticket-request-via-powershell-script---s-bf1771f8 2026-04-25T13:54:07.372Z monthly 0.6 https://detectionlint.org/library/spl-suspicious-curl-network-connection-50782984 2026-04-25T13:54:07.281Z monthly 0.6 https://detectionlint.org/library/spl-windows-ad-gpo-disabled-286a2bfb 2026-04-25T13:54:07.189Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-store-file-in-alternate-data-stream-ac7e771b 2026-04-25T13:54:07.098Z monthly 0.6 https://detectionlint.org/library/sigma-aws-iam-backdoor-users-keys-3dd4fe36 2026-04-25T13:54:07.005Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_iam_activity_from_ec2_instance-561a2211 2026-04-25T13:54:06.917Z monthly 0.6 https://detectionlint.org/library/sigma-path-traversal-exploitation-attempts-ef44386f 2026-04-25T13:54:06.824Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-curl-change-user-agents---linux-fe850c31 2026-04-25T13:54:06.735Z monthly 0.6 https://detectionlint.org/library/sigma-osacompile-run-only-execution-3e26c1f8 2026-04-25T13:54:06.642Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-inbox-forwarding-896c0db2 2026-04-25T13:54:06.550Z monthly 0.6 https://detectionlint.org/library/sigma-disable-or-stop-services-b21aa1c2 2026-04-25T13:54:06.460Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-via-lsa-extensions-69a54f0e 2026-04-25T13:54:06.368Z monthly 0.6 https://detectionlint.org/library/sigma-folder-removed-from-exploit-guard-protectedfolders-list---re-8b137b16 2026-04-25T13:54:06.277Z monthly 0.6 https://detectionlint.org/library/sigma-opencanary---nmap-fin-scan-1e701468 2026-04-25T13:54:06.185Z monthly 0.6 https://detectionlint.org/library/spl-dllhost-with-no-command-line-arguments-with-network-d1bb3954 2026-04-25T13:54:05.995Z monthly 0.6 https://detectionlint.org/library/kql-fake-computer-account-created-33716bca 2026-04-25T13:54:05.912Z monthly 0.6 https://detectionlint.org/library/sigma-local-system-accounts-discovery---linux-2288be23 2026-04-25T13:54:05.859Z monthly 0.6 https://detectionlint.org/library/sigma-invoke-obfuscation-rundll-launcher---powershell-726eaa70 2026-04-25T13:54:05.470Z monthly 0.6 https://detectionlint.org/library/sigma-google-cloud-storage-buckets-enumeration-1d4ca628 2026-04-25T13:54:05.355Z monthly 0.6 https://detectionlint.org/library/sigma-potential-hello-world-scraper-botnet-activity-9fd2b9fb 2026-04-25T13:54:05.263Z monthly 0.6 https://detectionlint.org/library/spl-connectwise-screenconnect-path-traversal-6f29b429 2026-04-25T13:54:05.171Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-commands-linux-f46bcb8b 2026-04-25T13:54:05.080Z monthly 0.6 https://detectionlint.org/library/sigma-aws-key-pair-import-activity-3eb0be9d 2026-04-25T13:54:04.996Z monthly 0.6 https://detectionlint.org/library/spl-first-time-seen-running-windows-service-e9e99328 2026-04-25T13:54:04.898Z monthly 0.6 https://detectionlint.org/library/sigma-credentials-from-password-stores---keychain-adca6af8 2026-04-25T13:54:04.806Z monthly 0.6 https://detectionlint.org/library/sigma-filefix---command-evidence-in-typedpaths-65ee43c0 2026-04-25T13:54:04.715Z monthly 0.6 https://detectionlint.org/library/sigma-disable-system-firewall-51ce5736 2026-04-25T13:54:04.628Z monthly 0.6 https://detectionlint.org/library/sigma-service-reload-or-start---linux-5246ff79 2026-04-25T13:54:04.533Z monthly 0.6 https://detectionlint.org/library/sigma-system-information-discovery-using-sw_vers-efa00710 2026-04-25T13:54:04.443Z monthly 0.6 https://detectionlint.org/library/sigma-cisco-sniffing-abc17bce 2026-04-25T13:54:04.352Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-via-logon-scripts---registry-28c8b5e8 2026-04-25T13:54:04.263Z monthly 0.6 https://detectionlint.org/library/spl-remote-process-instantiation-via-dcom-and-powershell-1d97b5fa 2026-04-25T13:54:04.170Z monthly 0.6 https://detectionlint.org/library/sigma-opencanary---redis-action-command-attempt-1785801f 2026-04-25T13:54:03.981Z monthly 0.6 https://detectionlint.org/library/kql-potential-powershell-obfuscated-script-via-high-entropy-66d810f0 2026-04-25T13:54:03.795Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-ssl-connection-a5b7e19b 2026-04-25T13:54:03.704Z monthly 0.6 https://detectionlint.org/library/sigma-mitre-bzar-indicators-for-persistence-1f0f4f4e 2026-04-25T13:54:03.613Z monthly 0.6 https://detectionlint.org/library/spl-windows-appx-deployment-full-trust-package-installation-e23e4456 2026-04-25T13:54:03.524Z monthly 0.6 https://detectionlint.org/library/sigma-system-shutdownreboot---macos-aca52ed8 2026-04-25T13:54:03.431Z monthly 0.6 https://detectionlint.org/library/spl-suspicious-gpupdate-no-command-line-arguments-6c9a7cf6 2026-04-25T13:54:03.341Z monthly 0.6 https://detectionlint.org/library/kql-unusual-ld_preloadld_library_path-command-line-arguments-7d1dc7df 2026-04-25T13:54:03.252Z monthly 0.6 https://detectionlint.org/library/spl-detect-azurehound-file-modifications-de7c5585 2026-04-25T13:54:03.162Z monthly 0.6 https://detectionlint.org/library/spl-kerberos-tgt-request-using-rc4-encryption-4f444fbe 2026-04-25T13:54:03.068Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-keyboard-layout-load-a9d2a09a 2026-04-25T13:54:02.976Z monthly 0.6 https://detectionlint.org/library/spl-linux-gdb-privilege-escalation-f5325a6d 2026-04-25T13:54:02.885Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-unsigned-dbghelpdbgcore-dll-loaded-91c335e2 2026-04-25T13:54:02.796Z monthly 0.6 https://detectionlint.org/library/sigma-restrictedadminmode-registry-value-tampering-6afff433 2026-04-25T13:54:02.703Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-environment-variable-has-been-registered-1ddacd42 2026-04-25T13:54:02.612Z monthly 0.6 https://detectionlint.org/library/spl-nishang-powershelltcponeline-bba0fc9b 2026-04-25T13:54:02.520Z monthly 0.6 https://detectionlint.org/library/spl-windows-dll-module-loaded-in-temp-dir-dd658f43 2026-04-25T13:54:02.430Z monthly 0.6 https://detectionlint.org/library/sigma-ingressegress-security-group-modification-c23b903d 2026-04-25T13:54:02.389Z monthly 0.6 https://detectionlint.org/library/sigma-winlogon-allowmultipletssessions-enable-c6068d74 2026-04-25T13:54:02.344Z monthly 0.6 https://detectionlint.org/library/sigma-linux-setgid-capability-set-on-a-binary-via-setcap-utility-dbf7f735 2026-04-25T13:54:02.242Z monthly 0.6 https://detectionlint.org/library/spl-spoolsv-writing-a-dll---sysmon-32a30816 2026-04-25T13:54:02.204Z monthly 0.6 https://detectionlint.org/library/spl-credential-dumping-via-copy-command-from-shadow-copy-85a9fcf3 2026-04-25T13:54:01.886Z monthly 0.6 https://detectionlint.org/library/sigma-changes-to-pim-settings-cfc9c048 2026-04-25T13:54:01.794Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_enable_disable_region-2fda06ac 2026-04-25T13:54:01.704Z monthly 0.6 https://detectionlint.org/library/spl-suspicious-dllhost-no-command-line-arguments-3f165d3d 2026-04-25T13:54:01.611Z monthly 0.6 https://detectionlint.org/library/sigma-get-aduser-enumeration-using-useraccountcontrol-flags-637bec57 2026-04-25T13:54:01.520Z monthly 0.6 https://detectionlint.org/library/kql-potential-antimalware-scan-interface-bypass-via-powershell-6d45f124 2026-04-25T13:54:01.432Z monthly 0.6 https://detectionlint.org/library/sigma-uac-bypass-using-ntfs-reparse-point---file-65dee815 2026-04-25T13:54:01.158Z monthly 0.6 https://detectionlint.org/library/spl-powershell---connect-to-internet-with-hidden-window-9b35639b 2026-04-25T13:54:00.977Z monthly 0.6 https://detectionlint.org/library/spl-disable-defender-enhanced-notification-fb8db733 2026-04-25T13:54:00.884Z monthly 0.6 https://detectionlint.org/library/sigma-unsigned-image-loaded-into-lsass-process-42753796 2026-04-25T13:54:00.794Z monthly 0.6 https://detectionlint.org/library/spl-windows-admon-default-group-policy-object-modified-fb4f8dd9 2026-04-25T13:54:00.702Z monthly 0.6 https://detectionlint.org/library/spl-detect-html-help-url-in-command-line-f94892ff 2026-04-25T13:54:00.611Z monthly 0.6 https://detectionlint.org/library/kql-abnormal-process-id-or-lock-file-created-cd85670a 2026-04-25T13:54:00.520Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-powershell-download---poshmodule-5da5813a 2026-04-25T13:54:00.432Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-base64-encoded-user-agent-ced7c614 2026-04-25T13:54:00.340Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-inbox-manipulation-rules-a9bc1925 2026-04-25T13:54:00.247Z monthly 0.6 https://detectionlint.org/library/sigma-rdp-sensitive-settings-changed-to-zero-05d678ed 2026-04-25T13:54:00.160Z monthly 0.6 https://detectionlint.org/library/sigma-winsxs-executable-file-creation-by-non-system-process-aa87bdbe 2026-04-25T13:54:00.066Z monthly 0.6 https://detectionlint.org/library/sigma-outlook-enableunsafeclientmailrules-setting-enabled---regist-bce38e14 2026-04-25T13:53:59.978Z monthly 0.6 https://detectionlint.org/library/sigma-potential-dll-sideloading-using-coregenexe-fa8e4046 2026-04-25T13:53:59.882Z monthly 0.6 https://detectionlint.org/library/spl-disabling-systemrestore-in-registry-944ca91d 2026-04-25T13:53:59.792Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_delete_cloudwatch_log_group-2fc0dea0 2026-04-25T13:53:59.703Z monthly 0.6 https://detectionlint.org/library/sigma-cisco-crypto-commands-cda754ad 2026-04-25T13:53:59.610Z monthly 0.6 https://detectionlint.org/library/sigma-new-service-creation-using-powershell-3a5279c6 2026-04-25T13:53:59.516Z monthly 0.6 https://detectionlint.org/library/spl-time-provider-persistence-registry-4b5d1815 2026-04-25T13:53:59.425Z monthly 0.6 https://detectionlint.org/library/sigma-remote-dcomwmi-lateral-movement-166acc35 2026-04-25T13:53:59.334Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-base64-decode-files-fc8bcf0d 2026-04-25T13:53:59.242Z monthly 0.6 https://detectionlint.org/library/sigma-pst-export-alert-using-ediscovery-alert-cd3e91f5 2026-04-25T13:53:59.151Z monthly 0.6 https://detectionlint.org/library/spl-network-connection-discovery-with-netstat-1de27ba5 2026-04-25T13:53:59.060Z monthly 0.6 https://detectionlint.org/library/spl-windows-default-rdp-file-deletion-9656e104 2026-04-25T13:53:58.972Z monthly 0.6 https://detectionlint.org/library/kql-solorigate-named-pipe-5c0d6b73 2026-04-25T13:53:58.879Z monthly 0.6 https://detectionlint.org/library/spl-get-addefaultdomainpasswordpolicy-with-powershell-script-blo-d92ba7b2 2026-04-25T13:53:58.698Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-via-powershell-user-profile-using-add--d6834f8e 2026-04-25T13:53:58.604Z monthly 0.6 https://detectionlint.org/library/spl-rundll32-create-remote-thread-to-a-process-197a9f81 2026-04-25T13:53:58.514Z monthly 0.6 https://detectionlint.org/library/sigma-mitre-bzar-indicators-for-execution-646105fe 2026-04-25T13:53:58.333Z monthly 0.6 https://detectionlint.org/library/kql-adminsdholder-backdoor-99452c10 2026-04-25T13:53:58.241Z monthly 0.6 https://detectionlint.org/library/spl-detect-password-spray-attack-behavior-from-source-f77c9c3b 2026-04-25T13:53:58.151Z monthly 0.6 https://detectionlint.org/library/sigma-wmimplant-hack-tool-8a9a2854 2026-04-25T13:53:58.058Z monthly 0.6 https://detectionlint.org/library/sigma-potential-suspicious-windows-feature-enabled---proccreation-9abaee9f 2026-04-25T13:53:57.968Z monthly 0.6 https://detectionlint.org/library/spl-uac-bypass-with-colorui-com-object-3c2ecd8f 2026-04-25T13:53:57.877Z monthly 0.6 https://detectionlint.org/library/kql-firsttime-seen-account-performing-dcsync-524b496b 2026-04-25T13:53:57.783Z monthly 0.6 https://detectionlint.org/library/spl-windows-disable-shutdown-button-through-registry-75ac4dc7 2026-04-25T13:53:57.751Z monthly 0.6 https://detectionlint.org/library/sigma-roles-activation-doesnt-require-mfa-637ce8d6 2026-04-25T13:53:57.603Z monthly 0.6 https://detectionlint.org/library/sigma-invoke-obfuscation-via-use-clip---powershell-63fff7c0 2026-04-25T13:53:57.513Z monthly 0.6 https://detectionlint.org/library/spl-disable-defender-spynet-reporting-a0a64bee 2026-04-25T13:53:57.329Z monthly 0.6 https://detectionlint.org/library/spl-headless-browser-mockbin-or-mocky-request-df5cf651 2026-04-25T13:53:57.146Z monthly 0.6 https://detectionlint.org/library/sigma-google-workspace-role-privilege-deleted-d55fbc2e 2026-04-25T13:53:57.060Z monthly 0.6 https://detectionlint.org/library/sigma-persistence-via-disk-cleanup-handler---autorun-9f299dbc 2026-04-25T13:53:56.875Z monthly 0.6 https://detectionlint.org/library/spl-windows-dll-side-loading-in-calc-a13a74fb 2026-04-25T13:53:56.782Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-find-credentials-from-password-stores-29d57201 2026-04-25T13:53:56.691Z monthly 0.6 https://detectionlint.org/library/sigma-unix-shell-configuration-modification-42c68957 2026-04-25T13:53:56.602Z monthly 0.6 https://detectionlint.org/library/spl-windows-bitlockertogo-with-network-activity-972a80f7 2026-04-25T13:53:56.512Z monthly 0.6 https://detectionlint.org/library/sigma-google-full-network-traffic-packet-capture-bb72ea3c 2026-04-25T13:53:56.420Z monthly 0.6 https://detectionlint.org/library/spl-linux-possible-append-command-to-at-allow-config-file-5ac14d21 2026-04-25T13:53:56.151Z monthly 0.6 https://detectionlint.org/library/sigma-windows-vulnerable-driver-blocklist-disabled-3c8609df 2026-04-25T13:53:56.054Z monthly 0.6 https://detectionlint.org/library/sigma-setuid-and-setgid-d26d29c1 2026-04-25T13:53:55.965Z monthly 0.6 https://detectionlint.org/library/spl-bcdedit-failure-recovery-modification-6a7a8a69 2026-04-25T13:53:55.782Z monthly 0.6 https://detectionlint.org/library/spl-windows-ad-dangerous-user-acl-modification-db63c9f2 2026-04-25T13:53:55.725Z monthly 0.6 https://detectionlint.org/library/sigma-crypto-miner-user-agent-a219bed6 2026-04-25T13:53:55.595Z monthly 0.6 https://detectionlint.org/library/sigma-crashcontrol-crashdump-disabled-adaa37da 2026-04-25T13:53:55.384Z monthly 0.6 https://detectionlint.org/library/spl-cisco-isovalent---late-process-execution-f2bf648b 2026-04-25T13:53:55.289Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-via-shim-database-modification-3db0af1b 2026-04-25T13:53:55.200Z monthly 0.6 https://detectionlint.org/library/spl-get-aduserresultantpasswordpolicy-with-powershell-script-blo-da3f9827 2026-04-25T13:53:55.109Z monthly 0.6 https://detectionlint.org/library/spl-linux-possible-cronjob-modification-with-editor-6a6ec655 2026-04-25T13:53:55.020Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-nohup-execution-70d4b79d 2026-04-25T13:53:54.818Z monthly 0.6 https://detectionlint.org/library/spl-cmlua-or-cmstplua-uac-bypass-502ff5f3 2026-04-25T13:53:54.724Z monthly 0.6 https://detectionlint.org/library/sigma-opencanary---nmap-os-scan-748efb03 2026-04-25T13:53:54.634Z monthly 0.6 https://detectionlint.org/library/sigma-potential-ccleanerdudll-sideloading-28c68df9 2026-04-25T13:53:54.549Z monthly 0.6 https://detectionlint.org/library/sigma-windows-firewall-disabled-via-powershell-53c17ff1 2026-04-25T13:53:54.454Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-script-dropped-via-powershellexe-b8f55695 2026-04-25T13:53:54.362Z monthly 0.6 https://detectionlint.org/library/sigma-remote-access-tool---renamed-meshagent-execution---macos-98ac58af 2026-04-25T13:53:54.272Z monthly 0.6 https://detectionlint.org/library/sigma-assembly-loading-via-cl_loadassemblyps1-948bad91 2026-04-25T13:53:54.180Z monthly 0.6 https://detectionlint.org/library/sigma-ntfs-alternate-data-stream-a4010730 2026-04-25T13:53:54.155Z monthly 0.6 https://detectionlint.org/library/sigma-account-lockout-487d1f4a 2026-04-25T13:53:54.086Z monthly 0.6 https://detectionlint.org/library/sigma-syncappvpublishingserver-bypass-powershell-restriction---ps--508ec319 2026-04-25T13:53:53.964Z monthly 0.6 https://detectionlint.org/library/kql-powershell-kerberos-ticket-dump-29ef2347 2026-04-25T13:53:49.260Z monthly 0.6 https://detectionlint.org/library/sigma-usage-of-web-request-commands-and-cmdlets---scriptblock-5ee23f49 2026-04-25T13:53:49.172Z monthly 0.6 https://detectionlint.org/library/spl-potential-system-network-configuration-discovery-activity-cd32991b 2026-04-25T13:53:49.080Z monthly 0.6 https://detectionlint.org/library/spl-getnettcpconnection-with-powershell-27d929a2 2026-04-25T13:53:49.016Z monthly 0.6 https://detectionlint.org/library/sigma-google-workspace-application-removed-57c22e8b 2026-04-25T13:53:49.011Z monthly 0.6 https://detectionlint.org/library/spl-windows-credentials-from-password-stores-creation-8bd574bf 2026-04-25T13:53:48.834Z monthly 0.6 https://detectionlint.org/library/spl-uninstall-app-using-msiexec-cb56678a 2026-04-25T13:53:48.624Z monthly 0.6 https://detectionlint.org/library/spl-impacket-lateral-movement-commandline-parameters-a861d699 2026-04-25T13:53:48.533Z monthly 0.6 https://detectionlint.org/library/spl-detect-rundll32-inline-hta-execution-d49b5ce7 2026-04-25T13:53:48.441Z monthly 0.6 https://detectionlint.org/library/spl-windows-identify-protocol-handlers-66d28788 2026-04-25T13:53:48.350Z monthly 0.6 https://detectionlint.org/library/spl-shim-database-installation-with-suspicious-parameters-7f8331cd 2026-04-25T13:53:48.261Z monthly 0.6 https://detectionlint.org/library/spl-dump-lsass-via-procdump-fa4a874a 2026-04-25T13:53:48.203Z monthly 0.6 https://detectionlint.org/library/spl-randomly-generated-windows-service-name-079a3153 2026-04-25T13:53:48.079Z monthly 0.6 https://detectionlint.org/library/spl-detect-credential-dumping-through-lsass-access-6bf7ddc4 2026-04-25T13:53:48.037Z monthly 0.6 https://detectionlint.org/library/sigma-invoke-obfuscation-rundll-launcher---powershell-module-59c9280c 2026-04-25T13:53:48.009Z monthly 0.6 https://detectionlint.org/library/spl-windows-ad-short-lived-server-object-c99548fd 2026-04-25T13:53:47.888Z monthly 0.6 https://detectionlint.org/library/sigma-potential-suspicious-windows-feature-enabled-c25eb9e4 2026-04-25T13:53:47.853Z monthly 0.6 https://detectionlint.org/library/spl-disabling-remote-user-account-control-a9f8943a 2026-04-25T13:53:47.623Z monthly 0.6 https://detectionlint.org/library/spl-linux-rpm-privilege-escalation-d629f5ce 2026-04-25T13:53:47.531Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-malware-callback-communication-9ab8a3da 2026-04-25T13:53:47.444Z monthly 0.6 https://detectionlint.org/library/spl-linux-obfuscated-files-or-information-base64-decode-0b1fd3a0 2026-04-25T13:53:47.262Z monthly 0.6 https://detectionlint.org/library/spl-windows-disable-notification-center-934cb30e 2026-04-25T13:53:47.168Z monthly 0.6 https://detectionlint.org/library/spl-windows-execute-arbitrary-commands-with-msdt-461e2d1c 2026-04-25T13:53:47.080Z monthly 0.6 https://detectionlint.org/library/spl-suspicious-plistbuddy-usage-15bc3ab6 2026-04-25T13:53:46.987Z monthly 0.6 https://detectionlint.org/library/spl-impacket-lateral-movement-smbexec-commandline-parameters-679de9ae 2026-04-25T13:53:46.895Z monthly 0.6 https://detectionlint.org/library/sigma-huawei-bgp-authentication-failures-2eb3bcfa 2026-04-25T13:53:46.804Z monthly 0.6 https://detectionlint.org/library/spl-petitpotam-network-share-access-request-84e6ef87 2026-04-25T13:53:46.712Z monthly 0.6 https://detectionlint.org/library/spl-windows-chromium-process-with-disabled-extensions-2c2dc166 2026-04-25T13:53:46.622Z monthly 0.6 https://detectionlint.org/library/sigma-google-cloud-kubernetes-admission-controller-82e9fbeb 2026-04-25T13:53:46.535Z monthly 0.6 https://detectionlint.org/library/spl-certutil-exe-certificate-extraction-58827449 2026-04-25T13:53:46.349Z monthly 0.6 https://detectionlint.org/library/kql-ssh-authorized-keys-file-activity-9391e458 2026-04-25T13:53:46.166Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-via-microsoft-office-startup-folder-e1ed1306 2026-04-25T13:53:45.985Z monthly 0.6 https://detectionlint.org/library/sigma-cisco-stage-data-b649aafb 2026-04-25T13:53:45.893Z monthly 0.6 https://detectionlint.org/library/spl-detect-computer-changed-with-anonymous-account-d8b0ed64 2026-04-25T13:53:45.805Z monthly 0.6 https://detectionlint.org/library/spl-windows-ai-platform-dns-query-4269ec3d 2026-04-25T13:53:45.716Z monthly 0.6 https://detectionlint.org/library/spl-windows-http-network-communication-from-msiexec-d199b1be 2026-04-25T13:53:45.532Z monthly 0.6 https://detectionlint.org/library/spl-shim-database-file-creation-0969e864 2026-04-25T13:53:45.430Z monthly 0.6 https://detectionlint.org/library/spl-windows-alternate-datastream---base64-content-5f356833 2026-04-25T13:53:45.338Z monthly 0.6 https://detectionlint.org/library/sigma-potential-suspicious-powershell-module-file-created-4f33b518 2026-04-25T13:53:45.247Z monthly 0.6 https://detectionlint.org/library/sigma-enabling-cor-profiler-environment-variables-92f22ae1 2026-04-25T13:53:45.156Z monthly 0.6 https://detectionlint.org/library/spl-linux-possible-access-to-sudoers-file-55f24d39 2026-04-25T13:53:45.066Z monthly 0.6 https://detectionlint.org/library/sigma-amsi-bypass-pattern-assembly-gettype-50a83c2f 2026-04-25T13:53:44.974Z monthly 0.6 https://detectionlint.org/library/spl-windows-data-destruction-recursive-exec-files-deletion-8885b97f 2026-04-25T13:53:44.882Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-credential-prompt-19493adc 2026-04-25T13:53:44.792Z monthly 0.6 https://detectionlint.org/library/sigma-invoke-obfuscation-via-use-clip---powershell-module-7c10836e 2026-04-25T13:53:44.702Z monthly 0.6 https://detectionlint.org/library/sigma-hidden-user-creation-6c995857 2026-04-25T13:53:44.609Z monthly 0.6 https://detectionlint.org/library/sigma-chmod-suspicious-directory-2d14b134 2026-04-25T13:53:44.519Z monthly 0.6 https://detectionlint.org/library/sigma-windows-binaries-write-suspicious-extensions-fa895af4 2026-04-25T13:53:44.427Z monthly 0.6 https://detectionlint.org/library/sigma-system-information-discovery---auditd-cc31eeb6 2026-04-25T13:53:44.337Z monthly 0.6 https://detectionlint.org/library/sigma-potential-keylogger-activity-b98325e9 2026-04-25T13:53:44.152Z monthly 0.6 https://detectionlint.org/library/spl-linux-file-creation-in-init-boot-directory-d4195a51 2026-04-25T13:53:44.060Z monthly 0.6 https://detectionlint.org/library/sigma-scr-file-write-event-b07d9683 2026-04-25T13:53:43.971Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---sharpevtmute-dll-load-b136a10c 2026-04-25T13:53:43.879Z monthly 0.6 https://detectionlint.org/library/sigma-potential-webshell-creation-on-static-website-1ef5bd95 2026-04-25T13:53:43.789Z monthly 0.6 https://detectionlint.org/library/kql-exchange-mailbox-export-via-powershell-2df065b2 2026-04-25T13:53:43.707Z monthly 0.6 https://detectionlint.org/library/spl-windows-ad-object-owner-updated-607ec078 2026-04-25T13:53:43.605Z monthly 0.6 https://detectionlint.org/library/spl-windows-applocker-execution-from-uncommon-locations-e1b3d681 2026-04-25T13:53:43.515Z monthly 0.6 https://detectionlint.org/library/spl-gpupdate-with-no-command-line-arguments-with-network-977b38ae 2026-04-25T13:53:43.423Z monthly 0.6 https://detectionlint.org/library/spl-excessive-distinct-processes-from-windows-temp-92ed68f0 2026-04-25T13:53:43.332Z monthly 0.6 https://detectionlint.org/library/spl-powershell-get-localgroup-discovery-with-script-block-loggin-18a147f9 2026-04-25T13:53:43.241Z monthly 0.6 https://detectionlint.org/library/sigma-deployment-deleted-from-kubernetes-cluster-e558bd57 2026-04-25T13:53:43.151Z monthly 0.6 https://detectionlint.org/library/sigma-opencanary---snmp-oid-request-b75e199d 2026-04-25T13:53:43.060Z monthly 0.6 https://detectionlint.org/library/spl-windows-applocker-block-events-00de9cb7 2026-04-25T13:53:42.969Z monthly 0.6 https://detectionlint.org/library/kql-halfbaked-command-and-control-beacon-bc172121 2026-04-25T13:53:42.878Z monthly 0.6 https://detectionlint.org/library/spl-remote-desktop-process-running-on-system-67454703 2026-04-25T13:53:42.695Z monthly 0.6 https://detectionlint.org/library/spl-cisco-nvm---rclone-execution-with-network-activity-38e76c2b 2026-04-25T13:53:42.512Z monthly 0.6 https://detectionlint.org/library/sigma-renamed-powershell-under-powershell-channel-8543bbad 2026-04-25T13:53:42.423Z monthly 0.6 https://detectionlint.org/library/spl-deleting-shadow-copies-8dd55fcc 2026-04-25T13:53:42.330Z monthly 0.6 https://detectionlint.org/library/spl-mimikatz-passtheticket-commandline-parameters-a473daa6 2026-04-25T13:53:42.239Z monthly 0.6 https://detectionlint.org/library/kql-first-time-seen-newcredentials-logon-process-82fdae72 2026-04-25T13:53:42.148Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---quarkspwdump-dump-file-8a8c1180 2026-04-25T13:53:41.966Z monthly 0.6 https://detectionlint.org/library/sigma-guest-account-enabled-via-sysadminctl-86e29d15 2026-04-25T13:53:41.874Z monthly 0.6 https://detectionlint.org/library/sigma-new-github-organization-member-added-cc0f547c 2026-04-25T13:53:41.603Z monthly 0.6 https://detectionlint.org/library/spl-linux-telnet-authentication-bypass-f51819d5 2026-04-25T13:53:41.515Z monthly 0.6 https://detectionlint.org/library/spl-windows-credentials-from-password-stores-query-7c323658 2026-04-25T13:53:41.238Z monthly 0.6 https://detectionlint.org/library/spl-disable-windows-app-hotkeys-28d7bd65 2026-04-25T13:53:41.146Z monthly 0.6 https://detectionlint.org/library/spl-detect-regasm-with-no-command-line-arguments-478463e9 2026-04-25T13:53:41.056Z monthly 0.6 https://detectionlint.org/library/sigma-livekd-driver-creation-7c00b306 2026-04-25T13:53:40.783Z monthly 0.6 https://detectionlint.org/library/sigma-invoke-obfuscation-var-launcher-obfuscation---powershell-mod-86375d84 2026-04-25T13:53:40.701Z monthly 0.6 https://detectionlint.org/library/sigma-opencanary---ntp-monlist-request-a5fb4dc3 2026-04-25T13:53:40.604Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-dnsexfiltration-6512497a 2026-04-25T13:53:40.510Z monthly 0.6 https://detectionlint.org/library/spl-remote-process-instantiation-via-winrm-and-powershell-e1e4c880 2026-04-25T13:53:40.419Z monthly 0.6 https://detectionlint.org/library/sigma-potential-base64-encoded-user-agent-d909bdab 2026-04-25T13:53:40.328Z monthly 0.6 https://detectionlint.org/library/spl-macos-gatekeeper-bypass-1436b742 2026-04-25T13:53:40.237Z monthly 0.6 https://detectionlint.org/library/sigma-fortigate---firewall-address-object-added-73fe1bd0 2026-04-25T13:53:40.146Z monthly 0.6 https://detectionlint.org/library/spl-crowdstrike-user-weak-password-policy-1e6140fc 2026-04-25T13:53:40.093Z monthly 0.6 https://detectionlint.org/library/sigma-bitbucket-unauthorized-full-data-export-triggered-4bd01602 2026-04-25T13:53:40.050Z monthly 0.6 https://detectionlint.org/library/sigma-psscriptpolicytest-creation-by-uncommon-process-2459712b 2026-04-25T13:53:39.958Z monthly 0.6 https://detectionlint.org/library/spl-network-traffic-to-active-directory-web-services-protocol-eddbc0f4 2026-04-25T13:53:39.906Z monthly 0.6 https://detectionlint.org/library/sigma-classes-autorun-keys-modification-b125c7ed 2026-04-25T13:53:39.696Z monthly 0.6 https://detectionlint.org/library/spl-linux-preload-hijack-library-calls-8e55fb11 2026-04-25T13:53:39.600Z monthly 0.6 https://detectionlint.org/library/spl-detect-mshta-url-in-command-line-ba7102b2 2026-04-25T13:53:39.508Z monthly 0.6 https://detectionlint.org/library/sigma-discovery-using-azurehound-afaf7343 2026-04-25T13:53:39.327Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-database-file-and-directory-discovery-de62bd30 2026-04-25T13:53:39.236Z monthly 0.6 https://detectionlint.org/library/spl-windows-conhost-with-headless-argument-6984c270 2026-04-25T13:53:39.143Z monthly 0.6 https://detectionlint.org/library/sigma-unsigned-mfdetoursdll-sideloading-66eb8dfa 2026-04-25T13:53:39.054Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-via-mpnotify-2f9f22fe 2026-04-25T13:53:38.962Z monthly 0.6 https://detectionlint.org/library/sigma-active-directory-computers-enumeration-with-get-adcomputer-8abff1b3 2026-04-25T13:53:38.871Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---crackmapexec-file-indicators-541397b6 2026-04-25T13:53:38.781Z monthly 0.6 https://detectionlint.org/library/spl-windows-common-abused-cmd-shell-risk-behavior-a497b9f4 2026-04-25T13:53:38.690Z monthly 0.6 https://detectionlint.org/library/sigma-potential-suspicious-powershell-keywords-7c244db1 2026-04-25T13:53:38.600Z monthly 0.6 https://detectionlint.org/library/spl-detect-mshta-inline-hta-execution-4b9abadc 2026-04-25T13:53:38.326Z monthly 0.6 https://detectionlint.org/library/spl-disable-defender-submit-samples-consent-feature-43d3a02f 2026-04-25T13:53:38.233Z monthly 0.6 https://detectionlint.org/library/sigma-antivirus-web-shell-detection-19dd856e 2026-04-25T13:53:38.169Z monthly 0.6 https://detectionlint.org/library/kql-user-account-created-without-expected-attributes-defined-d53a94e2 2026-04-25T13:53:38.147Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-x509enrollment---ps-script-ff20050a 2026-04-25T13:53:38.046Z monthly 0.6 https://detectionlint.org/library/kql-first-time-seen-driver-loaded-a07167d9 2026-04-25T13:53:37.999Z monthly 0.6 https://detectionlint.org/library/sigma-bypass-uac-using-event-viewer-97a4cce4 2026-04-25T13:53:37.985Z monthly 0.6 https://detectionlint.org/library/sigma-access-to-browser-login-data-72034c79 2026-04-25T13:53:37.981Z monthly 0.6 https://detectionlint.org/library/spl-crowdstrike-falcon-stream-alerts-496a90cd 2026-04-25T13:53:03.096Z monthly 0.6 https://detectionlint.org/library/spl-linux-c89-privilege-escalation-c374d707 2026-04-25T13:53:02.824Z monthly 0.6 https://detectionlint.org/library/spl-detect-certipy-file-modifications-d278629d 2026-04-25T13:53:02.733Z monthly 0.6 https://detectionlint.org/library/kql-suspicious-net-reflection-via-powershell-4e715e81 2026-04-25T13:53:02.651Z monthly 0.6 https://detectionlint.org/library/sigma-potential-ripzip-attack-on-startup-folder-c4a6c889 2026-04-25T13:53:02.635Z monthly 0.6 https://detectionlint.org/library/sigma-currentcontrolset-autorun-keys-modification-d2222a5f 2026-04-25T13:53:02.547Z monthly 0.6 https://detectionlint.org/library/sigma-windows-defender-exclusions-added---powershell-33c7095a 2026-04-25T13:53:02.477Z monthly 0.6 https://detectionlint.org/library/sigma-program-executions-in-suspicious-folders-39e008ca 2026-04-25T13:53:02.463Z monthly 0.6 https://detectionlint.org/library/sigma-cisco-discovery-caaf3675 2026-04-25T13:53:02.183Z monthly 0.6 https://detectionlint.org/library/spl-linux-doas-conf-file-creation-d0567a42 2026-04-25T13:53:02.091Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-core-dll-loaded-by-non-powershell-process-414446e4 2026-04-25T13:53:02.001Z monthly 0.6 https://detectionlint.org/library/sigma-opencanary---sip-request-a7f17f17 2026-04-25T13:53:01.910Z monthly 0.6 https://detectionlint.org/library/spl-searchprotocolhost-with-no-command-line-with-network-b6ccf672 2026-04-25T13:53:01.820Z monthly 0.6 https://detectionlint.org/library/spl-excessive-usage-of-taskkill-708f5686 2026-04-25T13:53:01.642Z monthly 0.6 https://detectionlint.org/library/spl-linux-hardware-addition-swapoff-8973efc6 2026-04-25T13:53:01.458Z monthly 0.6 https://detectionlint.org/library/sigma-opencanary---tftp-request-4b66d3d9 2026-04-25T13:53:01.276Z monthly 0.6 https://detectionlint.org/library/spl-lolbas-with-network-traffic-993bba3f 2026-04-25T13:53:01.184Z monthly 0.6 https://detectionlint.org/library/kql-windows-event-logs-cleared-da2be6c5 2026-04-25T13:53:01.092Z monthly 0.6 https://detectionlint.org/library/spl-linux-emacs-privilege-escalation-10ec7842 2026-04-25T13:53:01.003Z monthly 0.6 https://detectionlint.org/library/spl-windows-get-local-admin-with-findlocaladminaccess-99d89d01 2026-04-25T13:53:00.820Z monthly 0.6 https://detectionlint.org/library/sigma-enable-windows-remote-management-5b196e01 2026-04-25T13:53:00.728Z monthly 0.6 https://detectionlint.org/library/kql-potential-powershell-pass-the-hashrelay-script-7e42c781 2026-04-25T13:53:00.638Z monthly 0.6 https://detectionlint.org/library/spl-linux-cpulimit-privilege-escalation-10d53218 2026-04-25T13:53:00.546Z monthly 0.6 https://detectionlint.org/library/sigma-aws-ec2-vm-export-failure-85fb35c3 2026-04-25T13:53:00.464Z monthly 0.6 https://detectionlint.org/library/spl-user-discovery-with-env-vars-powershell-316a40e4 2026-04-25T13:53:00.365Z monthly 0.6 https://detectionlint.org/library/spl-windows-ad-dsrm-account-changes-885d5b83 2026-04-25T13:53:00.273Z monthly 0.6 https://detectionlint.org/library/spl-windows-ad-sid-history-attribute-modified-3ba6ba20 2026-04-25T13:53:00.181Z monthly 0.6 https://detectionlint.org/library/spl-crowdstrike-high-identity-risk-severity-e9ee8e39 2026-04-25T13:53:00.090Z monthly 0.6 https://detectionlint.org/library/spl-download-files-using-telegram-08c80eb9 2026-04-25T13:52:59.999Z monthly 0.6 https://detectionlint.org/library/spl-get-wmiobject-group-discovery-with-script-block-logging-08b20afa 2026-04-25T13:52:59.909Z monthly 0.6 https://detectionlint.org/library/kql-nrt-multiple-users-email-forwarded-to-same-destination-e06e58ad 2026-04-25T13:52:59.818Z monthly 0.6 https://detectionlint.org/library/spl-powershell-4104-hunting-a9e39ecb 2026-04-25T13:52:59.727Z monthly 0.6 https://detectionlint.org/library/spl-wbadmin-delete-system-backups-9c185682 2026-04-25T13:52:59.544Z monthly 0.6 https://detectionlint.org/library/sigma-potential-remote-powershell-session-initiated-8d4e9927 2026-04-25T13:52:59.454Z monthly 0.6 https://detectionlint.org/library/kql-potential-credential-access-via-dcsync-adee4334 2026-04-25T13:52:59.364Z monthly 0.6 https://detectionlint.org/library/sigma-pcrenet-package-temp-files-dc5ea59d 2026-04-25T13:52:59.272Z monthly 0.6 https://detectionlint.org/library/spl-cisco-nvm---non-network-binary-making-network-connection-7ae00c21 2026-04-25T13:52:59.179Z monthly 0.6 https://detectionlint.org/library/spl-windows-delete-or-modify-system-firewall-685725a5 2026-04-25T13:52:59.097Z monthly 0.6 https://detectionlint.org/library/sigma-opencanary---httpproxy-login-attempt-2eb216b1 2026-04-25T13:52:59.001Z monthly 0.6 https://detectionlint.org/library/sigma-end-user-consent-c09f9225 2026-04-25T13:52:58.908Z monthly 0.6 https://detectionlint.org/library/sigma-psexec-remote-execution-file-artefact-b742e33e 2026-04-25T13:52:58.817Z monthly 0.6 https://detectionlint.org/library/sigma-linux-base64-encoded-shebang-in-cli-0b7d2776 2026-04-25T13:52:58.727Z monthly 0.6 https://detectionlint.org/library/spl-macos-network-share-discovery-4c854c53 2026-04-25T13:52:58.633Z monthly 0.6 https://detectionlint.org/library/sigma-potential-script-proxy-execution-via-cl_mutexverifiersps1-2558fc9c 2026-04-25T13:52:58.545Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-base64-encoded-reflective-assembly-load-3a04d6dd 2026-04-25T13:52:58.454Z monthly 0.6 https://detectionlint.org/library/spl-detect-path-interception-by-creation-of-program-exe-eb2b56ee 2026-04-25T13:52:58.362Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---powerup-write-hijack-dll-4892aaea 2026-04-25T13:52:58.272Z monthly 0.6 https://detectionlint.org/library/sigma-extracting-information-with-powershell-1cf114f5 2026-04-25T13:52:58.180Z monthly 0.6 https://detectionlint.org/library/sigma-impossible-travel-bec03255 2026-04-25T13:52:58.089Z monthly 0.6 https://detectionlint.org/library/sigma-fortigate---new-local-user-created-e4af3e66 2026-04-25T13:52:57.996Z monthly 0.6 https://detectionlint.org/library/sigma-directorysearcher-powershell-exploitation-a141d1f4 2026-04-25T13:52:57.912Z monthly 0.6 https://detectionlint.org/library/kql-creepydrive-urls-e47dd086 2026-04-25T13:52:57.817Z monthly 0.6 https://detectionlint.org/library/spl-windows-archived-collected-data-in-temp-folder-d0814f71 2026-04-25T13:52:57.725Z monthly 0.6 https://detectionlint.org/library/sigma-invoke-obfuscation-via-use-mshta---powershell-99e42124 2026-04-25T13:52:57.640Z monthly 0.6 https://detectionlint.org/library/sigma-invoke-obfuscation-var-launcher---powershell-3e96a272 2026-04-25T13:52:57.542Z monthly 0.6 https://detectionlint.org/library/sigma-scheduled-taskcache-change-by-uncommon-program-c71c0b04 2026-04-25T13:52:57.451Z monthly 0.6 https://detectionlint.org/library/spl-suspicious-searchprotocolhost-no-command-line-arguments-51dd8ff3 2026-04-25T13:52:57.361Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-get-local-groups-information---powershell-1cf1b2a0 2026-04-25T13:52:57.268Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-add-user-account-6f6abdbd 2026-04-25T13:52:57.177Z monthly 0.6 https://detectionlint.org/library/sigma-password-policy-discovery---linux-6946c579 2026-04-25T13:52:57.088Z monthly 0.6 https://detectionlint.org/library/spl-powershell-start-or-stop-service-66899f90 2026-04-25T13:52:56.995Z monthly 0.6 https://detectionlint.org/library/spl-windows-driver-load-non-standard-path-539be5ed 2026-04-25T13:52:56.905Z monthly 0.6 https://detectionlint.org/library/sigma-network-communication-with-crypto-mining-pool-6a2be3ca 2026-04-25T13:52:56.816Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-osquery-service-stop-292c7293 2026-04-25T13:52:56.539Z monthly 0.6 https://detectionlint.org/library/spl-windows-change-file-association-command-to-notepad-dc41f3fa 2026-04-25T13:52:56.450Z monthly 0.6 https://detectionlint.org/library/spl-linux-possible-access-to-credential-files-acea2041 2026-04-25T13:52:56.359Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-get-clipboard-88254f9c 2026-04-25T13:52:56.267Z monthly 0.6 https://detectionlint.org/library/sigma-windows-registry-trust-record-modification-e0254dae 2026-04-25T13:52:56.176Z monthly 0.6 https://detectionlint.org/library/spl-system-information-discovery-detection-b3157a5a 2026-04-25T13:52:56.087Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-deleted-mounted-share-8c2d02c6 2026-04-25T13:52:56.003Z monthly 0.6 https://detectionlint.org/library/spl-windows-dns-query-request-to-tinyurl-79749152 2026-04-25T13:52:55.902Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-unsigned-thor-scanner-execution-0dd9e216 2026-04-25T13:52:55.879Z monthly 0.6 https://detectionlint.org/library/sigma-potential-remote-command-execution-in-pod-container-a8c4d01b 2026-04-25T13:52:55.721Z monthly 0.6 https://detectionlint.org/library/sigma-linux-network-service-scanning---auditd-1cf8f8bd 2026-04-25T13:52:55.629Z monthly 0.6 https://detectionlint.org/library/sigma-cisco-bgp-authentication-failures-044da036 2026-04-25T13:52:55.537Z monthly 0.6 https://detectionlint.org/library/spl-detect-password-spray-attack-behavior-on-user-522d9014 2026-04-25T13:52:55.447Z monthly 0.6 https://detectionlint.org/library/kql-creepydrive-request-url-sequence-6539149c 2026-04-25T13:52:55.356Z monthly 0.6 https://detectionlint.org/library/spl-get-domaintrust-with-powershell-83563d39 2026-04-25T13:52:55.266Z monthly 0.6 https://detectionlint.org/library/sigma-unsigned-module-loaded-by-clickonce-application-20012203 2026-04-25T13:52:55.173Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-frombase64string-usage-on-gzip-archive---process--9a09d9e9 2026-04-25T13:52:54.997Z monthly 0.6 https://detectionlint.org/library/sigma-application-appid-uri-configuration-changes-929f0072 2026-04-25T13:52:54.902Z monthly 0.6 https://detectionlint.org/library/spl-prevent-automatic-repair-mode-using-bcdedit-b5303d17 2026-04-25T13:52:54.808Z monthly 0.6 https://detectionlint.org/library/yara-l-aws_ec2_user_data_modified-8b591481 2026-04-25T13:52:54.719Z monthly 0.6 https://detectionlint.org/library/spl-net-profiler-uac-bypass-c08144fd 2026-04-25T13:52:54.628Z monthly 0.6 https://detectionlint.org/library/spl-macos-log-removal-a8777c7e 2026-04-25T13:52:54.538Z monthly 0.6 https://detectionlint.org/library/sigma-raw-paste-service-access-78d218ef 2026-04-25T13:52:54.356Z monthly 0.6 https://detectionlint.org/library/spl-windows-firewall-rule-deletion-b8a187da 2026-04-25T13:52:54.271Z monthly 0.6 https://detectionlint.org/library/sigma-bitlocker-key-retrieval-3c1fe211 2026-04-25T13:52:54.174Z monthly 0.6 https://detectionlint.org/library/spl-windows-ad-domain-root-acl-modification-76ee9df0 2026-04-25T13:52:54.083Z monthly 0.6 https://detectionlint.org/library/sigma-azure-application-deleted-fe7de120 2026-04-25T13:52:53.809Z monthly 0.6 https://detectionlint.org/library/sigma-potential-solidpdfcreatordll-sideloading-0d9482fd 2026-04-25T13:52:53.719Z monthly 0.6 https://detectionlint.org/library/sigma-pua---sysinternal-tool-execution---registry-ad933a28 2026-04-25T13:52:53.631Z monthly 0.6 https://detectionlint.org/library/kql-powershell-suspicious-script-with-audio-capture-capabilities-57a0713d 2026-04-25T13:52:53.539Z monthly 0.6 https://detectionlint.org/library/spl-macos-list-firewall-rules-fcd30f98 2026-04-25T13:52:53.447Z monthly 0.6 https://detectionlint.org/library/sigma-potential-mfa-bypass-using-legacy-client-authentication-488fc09c 2026-04-25T13:52:53.356Z monthly 0.6 https://detectionlint.org/library/kql-powershell-script-with-veeam-credential-access-capabilities-7d74b1a0 2026-04-25T13:52:53.265Z monthly 0.6 https://detectionlint.org/library/spl-windows-ad-privileged-object-access-activity-c5f7936c 2026-04-25T13:52:53.048Z monthly 0.6 https://detectionlint.org/library/kql-lsass-memory-dump-handle-access-a1dd0bc6 2026-04-25T13:52:52.954Z monthly 0.6 https://detectionlint.org/library/spl-services-escalate-exe-238dd3b1 2026-04-25T13:52:52.774Z monthly 0.6 https://detectionlint.org/library/kql-vnc-virtual-network-computing-from-the-internet-308c6ccc 2026-04-25T13:52:52.683Z monthly 0.6 https://detectionlint.org/library/sigma-file-time-attribute-change-7f11664b 2026-04-25T13:52:52.571Z monthly 0.6 https://detectionlint.org/library/spl-linux-unix-shell-enable-all-sysrq-functions-4741f3ea 2026-04-25T13:52:52.480Z monthly 0.6 https://detectionlint.org/library/kql-new-usb-storage-device-mounted-e61929bd 2026-04-25T13:52:52.393Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-localaccount-manipulation-813cb90c 2026-04-25T13:52:52.299Z monthly 0.6 https://detectionlint.org/library/sigma-potential-discovery-activity-using-find---macos-c58efc57 2026-04-25T13:52:52.208Z monthly 0.6 https://detectionlint.org/library/sigma-kubernetes-admission-controller-modification-eb542973 2026-04-25T13:52:52.113Z monthly 0.6 https://detectionlint.org/library/sigma-potential-active-directory-enumeration-using-ad-module---pss-34df927f 2026-04-25T13:52:51.931Z monthly 0.6 https://detectionlint.org/library/spl-papercut-ng-suspicious-behavior-debug-log-96adbddd 2026-04-25T13:52:51.855Z monthly 0.6 https://detectionlint.org/library/spl-executables-or-script-creation-in-suspicious-path-207b9a15 2026-04-25T13:52:51.833Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-base64-encoded-iex-cmdlet-7d2d5e96 2026-04-25T13:52:51.745Z monthly 0.6 https://detectionlint.org/library/kql-powershell-suspicious-script-with-screenshot-capabilities-764ca6d1 2026-04-25T13:52:51.697Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-interactive-powershell-as-system-0536b147 2026-04-25T13:52:33.240Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-browser-child-process---macos-3aa8fef6 2026-04-25T13:52:33.149Z monthly 0.6 https://detectionlint.org/library/sigma-file-deletion-11fcd016 2026-04-25T13:52:33.056Z monthly 0.6 https://detectionlint.org/library/spl-detect-azurehound-command-line-arguments-af2a7090 2026-04-25T13:52:32.965Z monthly 0.6 https://detectionlint.org/library/sigma-decode-base64-encoded-text-603792a4 2026-04-25T13:52:32.877Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---silenttrinity-stager-dll-load-758b428e 2026-04-25T13:52:32.784Z monthly 0.6 https://detectionlint.org/library/spl-linux-at-allow-config-file-creation-c86c62da 2026-04-25T13:52:32.694Z monthly 0.6 https://detectionlint.org/library/spl-suspicious-mshta-child-process-3535fef8 2026-04-25T13:52:32.517Z monthly 0.6 https://detectionlint.org/library/sigma-lsass-process-memory-dump-creation-via-taskmgrexe-73247aaa 2026-04-25T13:52:32.426Z monthly 0.6 https://detectionlint.org/library/spl-potential-password-in-username-e94b042d 2026-04-25T13:52:32.335Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-powershell-windowstyle-option-13b69eae 2026-04-25T13:52:32.320Z monthly 0.6 https://detectionlint.org/library/sigma-uac-notification-disabled-20ed9be8 2026-04-25T13:52:32.157Z monthly 0.6 https://detectionlint.org/library/sigma-prefetch-file-deleted-4cec2685 2026-04-25T13:52:32.056Z monthly 0.6 https://detectionlint.org/library/sigma-aws-ec2-startup-shell-script-change-8b58ce74 2026-04-25T13:52:31.964Z monthly 0.6 https://detectionlint.org/library/spl-windows-group-policy-object-created-e05961ba 2026-04-25T13:52:31.874Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-possible-access-to-credential-files-e280be1a 2026-04-25T13:52:31.784Z monthly 0.6 https://detectionlint.org/library/spl-access-lsass-memory-for-dump-creation-0a9dfef9 2026-04-25T13:52:31.693Z monthly 0.6 https://detectionlint.org/library/sigma-modify-user-shell-folders-startup-value-adad4dbd 2026-04-25T13:52:31.601Z monthly 0.6 https://detectionlint.org/library/spl-spoolsv-spawning-rundll32-8e72c9f6 2026-04-25T13:52:31.509Z monthly 0.6 https://detectionlint.org/library/spl-windows-ad-dsrm-password-reset-1bb9fde2 2026-04-25T13:52:31.418Z monthly 0.6 https://detectionlint.org/library/sigma-github-high-risk-configuration-disabled-31425025 2026-04-25T13:52:31.327Z monthly 0.6 https://detectionlint.org/library/sigma-writing-local-admin-share-3c40cb4e 2026-04-25T13:52:31.235Z monthly 0.6 https://detectionlint.org/library/sigma-google-workspace-granted-domain-api-access-e5243c31 2026-04-25T13:52:31.144Z monthly 0.6 https://detectionlint.org/library/kql-first-time-seen-removable-device-ca4860ae 2026-04-25T13:52:31.053Z monthly 0.6 https://detectionlint.org/library/spl-rundll32-lockworkstation-1ffed13d 2026-04-25T13:52:30.963Z monthly 0.6 https://detectionlint.org/library/sigma-malicious-powershell-keywords-0154e848 2026-04-25T13:52:30.871Z monthly 0.6 https://detectionlint.org/library/sigma-linux-keylogging-with-pamd-6d8c2117 2026-04-25T13:52:30.781Z monthly 0.6 https://detectionlint.org/library/sigma-werfault-lsass-process-memory-dump-5d4c0289 2026-04-25T13:52:30.690Z monthly 0.6 https://detectionlint.org/library/kql-powershell-suspicious-discovery-related-windows-api-function-39c4ab95 2026-04-25T13:52:30.597Z monthly 0.6 https://detectionlint.org/library/sigma-invoke-obfuscation-clip-launcher---powershell-b69fe40d 2026-04-25T13:52:30.505Z monthly 0.6 https://detectionlint.org/library/spl-windows-disableantispyware-registry-d7c704fd 2026-04-25T13:52:30.414Z monthly 0.6 https://detectionlint.org/library/sigma-container-with-a-hostpath-mount-created-fac1fbdc 2026-04-25T13:52:30.232Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-clipboard-data-copy-3f99e9d1 2026-04-25T13:52:30.140Z monthly 0.6 https://detectionlint.org/library/sigma-masquerading-as-linux-crond-process-6092aba5 2026-04-25T13:52:30.064Z monthly 0.6 https://detectionlint.org/library/spl-cisco-nvm---installation-of-typosquatted-python-package-e4e8eb17 2026-04-25T13:52:29.961Z monthly 0.6 https://detectionlint.org/library/spl-crowdstrike-multiple-low-severity-alerts-97e6310f 2026-04-25T13:52:29.870Z monthly 0.6 https://detectionlint.org/library/sigma-cisco-collect-data-7ff98f80 2026-04-25T13:52:29.686Z monthly 0.6 https://detectionlint.org/library/sigma-invoke-obfuscation-via-use-rundll32---powershell-module-e92434a3 2026-04-25T13:52:29.594Z monthly 0.6 https://detectionlint.org/library/sigma-linux-base64-encoded-pipe-to-shell-3bca56b6 2026-04-25T13:52:29.509Z monthly 0.6 https://detectionlint.org/library/sigma-narrators-feedback-hub-persistence-e9bf918b 2026-04-25T13:52:29.413Z monthly 0.6 https://detectionlint.org/library/kql-application-redirect-url-update-ae16da78 2026-04-25T13:52:29.322Z monthly 0.6 https://detectionlint.org/library/sigma-currentversion-nt-autorun-keys-modification-b5dfe568 2026-04-25T13:52:29.231Z monthly 0.6 https://detectionlint.org/library/sigma-servicedll-hijack-bdfcdafb 2026-04-25T13:52:29.141Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-find-ssh-private-keys-2772ae3b 2026-04-25T13:52:29.049Z monthly 0.6 https://detectionlint.org/library/sigma-potential-active-directory-enumeration-using-ad-module---psm-dfdc9c6c 2026-04-25T13:52:28.958Z monthly 0.6 https://detectionlint.org/library/sigma-service-binary-in-suspicious-folder-0d96b044 2026-04-25T13:52:28.866Z monthly 0.6 https://detectionlint.org/library/spl-allow-operation-with-consent-admin-5d309214 2026-04-25T13:52:28.776Z monthly 0.6 https://detectionlint.org/library/spl-windows-appx-deployment-unsigned-package-installation-960905f3 2026-04-25T13:52:28.684Z monthly 0.6 https://detectionlint.org/library/spl-windows-create-local-account-5f0c36c8 2026-04-25T13:52:28.594Z monthly 0.6 https://detectionlint.org/library/sigma-cisco-disabling-logging-90091b0b 2026-04-25T13:52:28.503Z monthly 0.6 https://detectionlint.org/library/sigma-pua---sysinternals-tools-execution---registry-cd5badec 2026-04-25T13:52:28.412Z monthly 0.6 https://detectionlint.org/library/sigma-screen-capture---macos-f981cd89 2026-04-25T13:52:28.324Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-execution-via-macos-script-editor-8aadc238 2026-04-25T13:52:28.232Z monthly 0.6 https://detectionlint.org/library/sigma-opencanary---ssh-login-attempt-262e1e8d 2026-04-25T13:52:28.139Z monthly 0.6 https://detectionlint.org/library/sigma-potential-waveeditdll-sideloading-631b95e4 2026-04-25T13:52:28.048Z monthly 0.6 https://detectionlint.org/library/sigma-wmi-persistence---command-line-event-consumer-357b643e 2026-04-25T13:52:27.956Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-disable-or-modify-system-firewall-99e2f1f6 2026-04-25T13:52:27.866Z monthly 0.6 https://detectionlint.org/library/sigma-local-groups-discovery---macos-a9259a44 2026-04-25T13:52:27.775Z monthly 0.6 https://detectionlint.org/library/spl-sdclt-uac-bypass-5cf1657f 2026-04-25T13:52:27.693Z monthly 0.6 https://detectionlint.org/library/spl-windows-hijack-execution-flow-version-dll-side-load-82b71471 2026-04-25T13:52:27.593Z monthly 0.6 https://detectionlint.org/library/kql-privileged-docker-container-creation-839dc32c 2026-04-25T13:52:27.510Z monthly 0.6 https://detectionlint.org/library/sigma-clear-powershell-history---powershell-module-f1f0ed8b 2026-04-25T13:52:27.321Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-computer-machine-password-by-powershell-9f49d9ac 2026-04-25T13:52:27.229Z monthly 0.6 https://detectionlint.org/library/sigma-pcrenet-package-image-load-a8eb2014 2026-04-25T13:52:27.047Z monthly 0.6 https://detectionlint.org/library/sigma-renamed-vscode-code-tunnel-execution---file-indicator-35d70fec 2026-04-25T13:52:26.956Z monthly 0.6 https://detectionlint.org/library/spl-windows-credential-dumping-lsass-memory-createdump-0e2d29cb 2026-04-25T13:52:26.864Z monthly 0.6 https://detectionlint.org/library/sigma-mmc-loading-script-engines-dlls-fe8ee700 2026-04-25T13:52:26.773Z monthly 0.6 https://detectionlint.org/library/spl-linux-magic-sysrq-key-abuse-1f28a38e 2026-04-25T13:52:26.683Z monthly 0.6 https://detectionlint.org/library/sigma-bitsadmin-to-uncommon-tld-d455fdcd 2026-04-25T13:52:26.593Z monthly 0.6 https://detectionlint.org/library/spl-getwmiobject-user-account-with-powershell-10a8a887 2026-04-25T13:52:26.501Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-file-write-to-webapps-root-directory-e3836ebb 2026-04-25T13:52:26.410Z monthly 0.6 https://detectionlint.org/library/sigma-vmguestlib-dll-sideload-b2d66fa4 2026-04-25T13:52:26.320Z monthly 0.6 https://detectionlint.org/library/sigma-potential-jlidll-side-loading-47925463 2026-04-25T13:52:26.229Z monthly 0.6 https://detectionlint.org/library/spl-windows-app-layer-protocol-qakbot-namedpipe-7e9ee34b 2026-04-25T13:52:26.137Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-script-change-permission-via-set-acl---psscript-db4829d6 2026-04-25T13:52:26.048Z monthly 0.6 https://detectionlint.org/library/sigma-new-dns-serverlevelplugindll-installed-2aab675e 2026-04-25T13:52:25.955Z monthly 0.6 https://detectionlint.org/library/sigma-potential-com-objects-download-cradles-usage---process-creat-439846f8 2026-04-25T13:52:25.864Z monthly 0.6 https://detectionlint.org/library/spl-disable-logs-using-wevtutil-09f3234c 2026-04-25T13:52:25.774Z monthly 0.6 https://detectionlint.org/library/sigma-end-user-consent-blocked-e1c92ee4 2026-04-25T13:52:25.682Z monthly 0.6 https://detectionlint.org/library/spl-clear-unallocated-sector-using-cipher-app-97a64e9b 2026-04-25T13:52:25.593Z monthly 0.6 https://detectionlint.org/library/sigma-wow6432node-classes-autorun-keys-modification-2e5f7c1c 2026-04-25T13:52:25.502Z monthly 0.6 https://detectionlint.org/library/kql-adminsdholder-modifications-5eb1721a 2026-04-25T13:52:25.408Z monthly 0.6 https://detectionlint.org/library/sigma-google-cloud-re-identifies-sensitive-information-3c0883bc 2026-04-25T13:52:25.319Z monthly 0.6 https://detectionlint.org/library/spl-windows-ad-privileged-group-modification-b565d8f0 2026-04-25T13:52:25.228Z monthly 0.6 https://detectionlint.org/library/sigma-import-powershell-modules-from-suspicious-directories-2ea8a175 2026-04-25T13:52:25.137Z monthly 0.6 https://detectionlint.org/library/sigma-remote-access-tool---screenconnect-temporary-file-cfafb638 2026-04-25T13:52:25.046Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-add-user-account-type-b741fe4d 2026-04-25T13:52:24.956Z monthly 0.6 https://detectionlint.org/library/spl-getwmiobject-ds-group-with-powershell-0626d902 2026-04-25T13:52:24.590Z monthly 0.6 https://detectionlint.org/library/sigma-system-network-connections-discovery---linux-d7a66b5f 2026-04-25T13:52:24.407Z monthly 0.6 https://detectionlint.org/library/sigma-split-a-file-into-pieces-df5ed43f 2026-04-25T13:52:24.317Z monthly 0.6 https://detectionlint.org/library/spl-linux-busybox-privilege-escalation-71292404 2026-04-25T13:52:24.225Z monthly 0.6 https://detectionlint.org/library/spl-suspicious-linux-discovery-commands-8709593f 2026-04-25T13:52:24.138Z monthly 0.6 https://detectionlint.org/library/spl-detect-sharphound-command-line-arguments-85685344 2026-04-25T13:52:24.044Z monthly 0.6 https://detectionlint.org/library/sigma-bitbucket-global-ssh-settings-changed-3efc4725 2026-04-25T13:52:23.953Z monthly 0.6 https://detectionlint.org/library/spl-remote-system-discovery-with-dsquery-9c2af822 2026-04-25T13:52:23.860Z monthly 0.6 https://detectionlint.org/library/sigma-outlook-macro-execution-without-warning-setting-enabled-22e96ad5 2026-04-25T13:52:23.770Z monthly 0.6 https://detectionlint.org/library/sigma-old-tls10tls11-protocol-version-enabled-6db10c44 2026-04-25T13:52:23.682Z monthly 0.6 https://detectionlint.org/library/sigma-bypass-uac-using-silentcleanup-task-2a52b7f2 2026-04-25T13:52:23.590Z monthly 0.6 https://detectionlint.org/library/sigma-anomalous-user-activity-ca0da9f5 2026-04-25T13:52:23.502Z monthly 0.6 https://detectionlint.org/library/spl-malicious-powershell-executed-as-a-service-bbe90b2e 2026-04-25T13:52:23.407Z monthly 0.6 https://detectionlint.org/library/spl-detect-regasm-with-network-connection-d80f5dc1 2026-04-25T13:52:23.316Z monthly 0.6 https://detectionlint.org/library/sigma-invoke-obfuscation-var-launcher-obfuscation---powershell-cb2a44f3 2026-04-25T13:52:23.225Z monthly 0.6 https://detectionlint.org/library/spl-get-domainpolicy-with-powershell-script-block-66304862 2026-04-25T13:52:23.139Z monthly 0.6 https://detectionlint.org/library/sigma-linux-network-service-scanning-tools-execution-5fa056ac 2026-04-25T13:52:23.044Z monthly 0.6 https://detectionlint.org/library/spl-windows-exfiltration-over-c2-via-powershell-uploadstring-8ac2d6f6 2026-04-25T13:52:22.953Z monthly 0.6 https://detectionlint.org/library/sigma-windows-webdav-user-agent-88d4afc0 2026-04-25T13:52:22.860Z monthly 0.6 https://detectionlint.org/library/sigma-aws-efs-fileshare-modified-or-deleted-e699bbac 2026-04-25T13:52:22.770Z monthly 0.6 https://detectionlint.org/library/spl-windows-archive-collected-data-via-powershell-57f1808d 2026-04-25T13:52:22.679Z monthly 0.6 https://detectionlint.org/library/sigma-aws-securityhub-findings-evasion-bced615f 2026-04-25T13:52:22.496Z monthly 0.6 https://detectionlint.org/library/sigma-clear-or-disable-kernel-ring-buffer-logs-via-syslog-syscall-7c299efb 2026-04-25T13:52:22.403Z monthly 0.6 https://detectionlint.org/library/kql-unusual-exim4-child-process-e1e4cbfa 2026-04-25T13:52:22.313Z monthly 0.6 https://detectionlint.org/library/sigma-dynamic-csharp-compile-artefact-d7ce390b 2026-04-25T13:52:22.222Z monthly 0.6 https://detectionlint.org/library/sigma-use-get-nettcpconnection---powershell-module-cc16b386 2026-04-25T13:52:22.131Z monthly 0.6 https://detectionlint.org/library/sigma-gui-input-capture---macos-f88a09d3 2026-04-25T13:52:21.951Z monthly 0.6 https://detectionlint.org/library/spl-linux-possible-append-command-to-profile-config-file-8eab7dcb 2026-04-25T13:52:21.884Z monthly 0.6 https://detectionlint.org/library/spl-crowdstrike-user-with-duplicate-password-b0f9749a 2026-04-25T13:52:21.777Z monthly 0.6 https://detectionlint.org/library/sigma-uac-bypass-using-msconfig-token-modification---file-9f067bae 2026-04-25T13:52:21.775Z monthly 0.6 https://detectionlint.org/library/sigma-invoke-obfuscation-var-launcher---powershell-module-d5dc1c83 2026-04-25T13:52:21.524Z monthly 0.6 https://detectionlint.org/library/spl-linux-system-reboot-via-system-request-key-925a50fc 2026-04-25T13:52:21.430Z monthly 0.6 https://detectionlint.org/library/spl-windows-hidden-schedule-task-settings-4c821a09 2026-04-25T13:52:21.340Z monthly 0.6 https://detectionlint.org/library/sigma-auditing-configuration-changes-on-linux-host-bf5b786c 2026-04-25T13:52:21.249Z monthly 0.6 https://detectionlint.org/library/spl-csc-net-on-the-fly-compilation-e2afbdf2 2026-04-25T13:52:21.068Z monthly 0.6 https://detectionlint.org/library/sigma-rclone-activity-via-proxy-3eadd02b 2026-04-25T13:52:20.974Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-preload-hijack-library-calls-e7aa3ffe 2026-04-25T13:52:20.883Z monthly 0.6 https://detectionlint.org/library/spl-cisco-isovalent---shell-execution-052022e9 2026-04-25T13:52:20.791Z monthly 0.6 https://detectionlint.org/library/sigma-launch-agentdaemon-execution-via-launchctl-335a4a0f 2026-04-25T13:52:20.701Z monthly 0.6 https://detectionlint.org/library/sigma-invoke-obfuscation-via-use-mshta---powershell-module-92b808ef 2026-04-25T13:52:20.610Z monthly 0.6 https://detectionlint.org/library/spl-windows-anonymous-pipe-activity-46056d7b 2026-04-25T13:52:20.518Z monthly 0.6 https://detectionlint.org/library/spl-disabling-firewall-with-netsh-a0835f7d 2026-04-25T13:52:20.246Z monthly 0.6 https://detectionlint.org/library/spl-detect-renamed-rclone-4c43d91c 2026-04-25T13:52:20.064Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-application-allowed-through-exploit-guard-10f524ca 2026-04-25T13:52:19.973Z monthly 0.6 https://detectionlint.org/library/spl-suspicious-rundll32-plugininit-3f3868f4 2026-04-25T13:52:19.881Z monthly 0.6 https://detectionlint.org/library/sigma-change-to-authentication-method-8858d8fd 2026-04-25T13:52:19.703Z monthly 0.6 https://detectionlint.org/library/spl-kerberos-user-enumeration-230bdca2 2026-04-25T13:52:19.610Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-local-email-collection-3f2eacce 2026-04-25T13:52:19.517Z monthly 0.6 https://detectionlint.org/library/spl-interactive-session-on-remote-endpoint-with-powershell-ae3803b0 2026-04-25T13:52:19.425Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-decompress-commands-484afad7 2026-04-25T13:52:19.337Z monthly 0.6 https://detectionlint.org/library/sigma-disabling-security-tools-f129b384 2026-04-25T13:52:19.244Z monthly 0.6 https://detectionlint.org/library/spl-getdomaingroup-with-powershell-script-block-2444a277 2026-04-25T13:52:19.152Z monthly 0.6 https://detectionlint.org/library/sigma-system-information-discovery-b9ab4e09 2026-04-25T13:52:19.062Z monthly 0.6 https://detectionlint.org/library/sigma-potential-linux-amazon-ssm-agent-hijacking-a9dbff5d 2026-04-25T13:52:18.971Z monthly 0.6 https://detectionlint.org/library/sigma-backup-files-deleted-db1ccbca 2026-04-25T13:52:18.879Z monthly 0.6 https://detectionlint.org/library/sigma-rdp-sensitive-settings-changed-8fc929a3 2026-04-25T13:52:18.789Z monthly 0.6 https://detectionlint.org/library/sigma-visual-studio-code-tunnel-remote-file-creation-c083c36b 2026-04-25T13:52:18.698Z monthly 0.6 https://detectionlint.org/library/sigma-aws-consolelogin-failed-authentication-ca814c8c 2026-04-25T13:52:18.607Z monthly 0.6 https://detectionlint.org/library/sigma-audio-capture-37d202d9 2026-04-25T13:52:18.515Z monthly 0.6 https://detectionlint.org/library/sigma-bitbucket-full-data-export-triggered-cb8d39b6 2026-04-25T13:52:18.333Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-mount-diskimage-ae427ae9 2026-04-25T13:52:18.259Z monthly 0.6 https://detectionlint.org/library/spl-linux-pkexec-privilege-escalation-cddcdd10 2026-04-25T13:52:18.151Z monthly 0.6 https://detectionlint.org/library/sigma-loadbalancer-security-group-modification-5e263454 2026-04-25T13:52:18.144Z monthly 0.6 https://detectionlint.org/library/kql-aws-ssm-sendcommand-with-run-shell-command-parameters-6b8c2e0d 2026-04-25T13:52:18.024Z monthly 0.6 https://detectionlint.org/library/sigma-google-cloud-firewall-modified-or-deleted-2ececaac 2026-04-25T13:52:17.878Z monthly 0.6 https://detectionlint.org/library/spl-getwmiobject-user-account-with-powershell-script-block-00954d5d 2026-04-25T13:52:17.789Z monthly 0.6 https://detectionlint.org/library/spl-windows-certutil-root-certificate-addition-ec02444a 2026-04-25T13:52:17.695Z monthly 0.6 https://detectionlint.org/library/sigma-detected-windows-software-discovery---powershell-959354ea 2026-04-25T13:52:17.606Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-unload-module-via-modprobe-d475afe9 2026-04-25T13:52:17.515Z monthly 0.6 https://detectionlint.org/library/sigma-create-volume-shadow-copy-with-powershell-dc853cce 2026-04-25T13:52:17.424Z monthly 0.6 https://detectionlint.org/library/kql-powershell-script-with-webcam-video-capture-capabilities-078cd3eb 2026-04-25T13:52:17.334Z monthly 0.6 https://detectionlint.org/library/spl-suspicious-process-executed-from-container-file-210c5a0b 2026-04-25T13:52:17.241Z monthly 0.6 https://detectionlint.org/library/kql-unusual-execution-from-kernel-thread-kthreadd-parent-ce15794d 2026-04-25T13:52:17.149Z monthly 0.6 https://detectionlint.org/library/sigma-aws-ec2-disable-ebs-encryption-32d77e9f 2026-04-25T13:52:17.059Z monthly 0.6 https://detectionlint.org/library/spl-unusually-long-command-line-50ed4dc8 2026-04-25T13:52:16.876Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-service-installed-e670fc87 2026-04-25T13:52:16.785Z monthly 0.6 https://detectionlint.org/library/sigma-github-secret-scanning-feature-disabled-895ff7c4 2026-04-25T13:52:16.603Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---empire-useragent-uri-combo-1eff9067 2026-04-25T13:52:16.512Z monthly 0.6 https://detectionlint.org/library/spl-crowdstrike-medium-identity-risk-severity-e5285a00 2026-04-25T13:52:16.420Z monthly 0.6 https://detectionlint.org/library/spl-non-chrome-process-accessing-chrome-default-dir-73e8f65d 2026-04-25T13:52:16.337Z monthly 0.6 https://detectionlint.org/library/kql-aws-cli-command-with-custom-endpoint-url-6db81752 2026-04-25T13:52:16.240Z monthly 0.6 https://detectionlint.org/library/spl-get-domainpolicy-with-powershell-0fce2bce 2026-04-25T13:52:16.151Z monthly 0.6 https://detectionlint.org/library/sigma-uac-bypass-using-iscsicpl---imageload-dbdae13b 2026-04-25T13:52:16.057Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-base64-encoded-wmi-classes-af696439 2026-04-25T13:52:15.966Z monthly 0.6 https://detectionlint.org/library/sigma-interactive-bash-suspicious-children-22b76a74 2026-04-25T13:52:15.785Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-shim-database-patching-activity-919c5cce 2026-04-25T13:52:15.694Z monthly 0.6 https://detectionlint.org/library/spl-powershell-fileless-process-injection-via-getprocaddress-66bba337 2026-04-25T13:52:15.605Z monthly 0.6 https://detectionlint.org/library/spl-windows-disable-memory-crash-dump-8a0b515e 2026-04-25T13:52:15.512Z monthly 0.6 https://detectionlint.org/library/sigma-decode-base64-encoded-text--macos-d8d6fa25 2026-04-25T13:52:15.419Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-defender-exclusion-cdf576a0 2026-04-25T13:52:15.330Z monthly 0.6 https://detectionlint.org/library/spl-linux-gem-privilege-escalation-f03565e7 2026-04-25T13:52:15.237Z monthly 0.6 https://detectionlint.org/library/spl-disable-uac-remote-restriction-7a421ebb 2026-04-25T13:52:15.056Z monthly 0.6 https://detectionlint.org/library/spl-getdomaingroup-with-powershell-cf1bf00b 2026-04-25T13:52:14.965Z monthly 0.6 https://detectionlint.org/library/spl-suspicious-image-creation-in-appdata-folder-dd0ae55e 2026-04-25T13:52:14.783Z monthly 0.6 https://detectionlint.org/library/spl-remote-process-instantiation-via-dcom-and-powershell-script--1d1abede 2026-04-25T13:52:14.691Z monthly 0.6 https://detectionlint.org/library/sigma-potential-libvlcdll-sideloading-9f22dce2 2026-04-25T13:52:14.600Z monthly 0.6 https://detectionlint.org/library/spl-windows-ad-self-dacl-assignment-025d8353 2026-04-25T13:52:14.511Z monthly 0.6 https://detectionlint.org/library/sigma-potentially-suspicious-execution-from-tmp-folder-04e044d4 2026-04-25T13:52:14.421Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-invocation-of-shell-via-awk---linux-e79ec9f1 2026-04-25T13:52:14.327Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-via-notepad-plugins-c1f41c62 2026-04-25T13:52:14.237Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---potential-remote-credential-dumping-activity-via--f04dd54e 2026-04-25T13:52:14.146Z monthly 0.6 https://detectionlint.org/library/sigma-invoke-obfuscation-compress-obfuscation---powershell-6648e411 2026-04-25T13:52:14.053Z monthly 0.6 https://detectionlint.org/library/spl-detect-remote-access-software-usage-registry-00327b5a 2026-04-25T13:52:13.964Z monthly 0.6 https://detectionlint.org/library/sigma-file-and-directory-discovery---linux-1cdabc93 2026-04-25T13:52:13.873Z monthly 0.6 https://detectionlint.org/library/spl-windows-firewall-rule-added-c508ed91 2026-04-25T13:52:13.781Z monthly 0.6 https://detectionlint.org/library/spl-ryuk-wake-on-lan-command-682ef936 2026-04-25T13:52:13.689Z monthly 0.6 https://detectionlint.org/library/sigma-path-to-screensaver-binary-modified-85feac35 2026-04-25T13:52:13.599Z monthly 0.6 https://detectionlint.org/library/spl-auto-admin-logon-registry-entry-cfd3cea7 2026-04-25T13:52:13.509Z monthly 0.6 https://detectionlint.org/library/sigma-outdated-dependency-or-vulnerability-alert-disabled-da09ffd8 2026-04-25T13:52:13.417Z monthly 0.6 https://detectionlint.org/library/spl-windows-exfiltration-over-c2-via-invoke-restmethod-ea324e8a 2026-04-25T13:52:13.326Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-sysmon-service-stop-b1b8cb49 2026-04-25T13:52:13.235Z monthly 0.6 https://detectionlint.org/library/sigma-network-sniffing---macos-09b3eb3f 2026-04-25T13:52:13.145Z monthly 0.6 https://detectionlint.org/library/spl-linux-find-privilege-escalation-c1f53910 2026-04-25T13:52:13.054Z monthly 0.6 https://detectionlint.org/library/spl-detect-psexec-with-accepteula-flag-54e5d0ae 2026-04-25T13:52:12.961Z monthly 0.6 https://detectionlint.org/library/sigma-scripted-diagnostics-turn-off-check-enabled---registry-d8a29bbb 2026-04-25T13:52:12.869Z monthly 0.6 https://detectionlint.org/library/spl-trickbot-named-pipe-d6f45c75 2026-04-25T13:52:12.689Z monthly 0.6 https://detectionlint.org/library/kql-potential-network-scan-executed-from-host-c90f528c 2026-04-25T13:52:12.245Z monthly 0.6 https://detectionlint.org/library/spl-linux-service-restarted-969923bf 2026-04-25T13:52:12.143Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-browser-activity-c1830edf 2026-04-25T13:52:12.053Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-system-network-configuration-discovery-15e71b68 2026-04-25T13:52:11.959Z monthly 0.6 https://detectionlint.org/library/spl-crowdstrike-admin-weak-password-policy-0026bace 2026-04-25T13:52:11.888Z monthly 0.6 https://detectionlint.org/library/spl-non-firefox-process-access-firefox-profile-dir-7828c5ef 2026-04-25T13:52:11.768Z monthly 0.6 https://detectionlint.org/library/sigma-veeam-backup-servers-credential-dumping-script-execution-cbff2f92 2026-04-25T13:52:11.713Z monthly 0.6 https://detectionlint.org/library/spl-llm-model-file-creation-a8bd7205 2026-04-25T13:52:11.609Z monthly 0.6 https://detectionlint.org/library/spl-windows-applocker-rare-application-launch-detection-697bf5d7 2026-04-25T13:52:11.488Z monthly 0.6 https://detectionlint.org/library/sigma-third-party-software-dll-sideloading-8bc8cdee 2026-04-25T13:52:11.395Z monthly 0.6 https://detectionlint.org/library/sigma-logging-configuration-changes-on-linux-host-14a553ba 2026-04-25T13:52:11.308Z monthly 0.6 https://detectionlint.org/library/sigma-invoke-obfuscation-obfuscated-iex-invocation---powershell-mo-141b3330 2026-04-25T13:52:11.214Z monthly 0.6 https://detectionlint.org/library/sigma-wmi-persistence---script-event-consumer-file-write-1f31f134 2026-04-25T13:52:11.122Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---typical-hivenightmare-sam-file-export-b538dbf6 2026-04-25T13:52:10.939Z monthly 0.6 https://detectionlint.org/library/sigma-registry-explorer-policy-modification-e5928e41 2026-04-25T13:52:10.849Z monthly 0.6 https://detectionlint.org/library/spl-windows-admin-permission-discovery-7bb9be1b 2026-04-25T13:52:10.758Z monthly 0.6 https://detectionlint.org/library/kql-potential-kerberoasting-52eb07fa 2026-04-25T13:52:10.659Z monthly 0.6 https://detectionlint.org/library/sigma-potential-edputildll-sideloading-35cf8dce 2026-04-25T13:52:10.560Z monthly 0.6 https://detectionlint.org/library/spl-windows-disable-or-modify-tools-via-taskkill-25ef0237 2026-04-25T13:52:10.378Z monthly 0.6 https://detectionlint.org/library/spl-windows-default-group-policy-object-modified-b8e79253 2026-04-25T13:52:10.254Z monthly 0.6 https://detectionlint.org/library/sigma-invoke-obfuscation-clip-launcher---powershell-module-ed47b829 2026-04-25T13:52:10.163Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---impacket-file-indicators-f2fd3128 2026-04-25T13:52:10.141Z monthly 0.6 https://detectionlint.org/library/sigma-google-cloud-kubernetes-rolebinding-274c8512 2026-04-25T13:52:10.132Z monthly 0.6 https://detectionlint.org/library/kql-sensitive-files-compression-8c36c9aa 2026-04-25T13:51:22.982Z monthly 0.6 https://detectionlint.org/library/spl-slui-runas-elevated-52f8a6b3 2026-04-25T13:51:22.890Z monthly 0.6 https://detectionlint.org/library/spl-windows-event-log-cleared-9a6fc36e 2026-04-25T13:51:22.801Z monthly 0.6 https://detectionlint.org/library/spl-windows-access-token-manipulation-sedebugprivilege-e2a23ace 2026-04-25T13:51:22.709Z monthly 0.6 https://detectionlint.org/library/spl-bits-job-persistence-6c0a2ef6 2026-04-25T13:51:22.617Z monthly 0.6 https://detectionlint.org/library/spl-linux-proxy-socks-curl-f0815c07 2026-04-25T13:51:22.531Z monthly 0.6 https://detectionlint.org/library/spl-linux-openvpn-privilege-escalation-43c2be2c 2026-04-25T13:51:22.441Z monthly 0.6 https://detectionlint.org/library/spl-powershell-get-localgroup-discovery-8e1c6a67 2026-04-25T13:51:22.251Z monthly 0.6 https://detectionlint.org/library/spl-batch-file-write-to-system32-a0f253a6 2026-04-25T13:51:22.162Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-script-with-file-hostname-resolving-capabilities-d404b803 2026-04-25T13:51:22.082Z monthly 0.6 https://detectionlint.org/library/sigma-system-shutdownreboot---linux-b18af783 2026-04-25T13:51:21.887Z monthly 0.6 https://detectionlint.org/library/spl-suspicious-microsoft-workflow-compiler-usage-3e0b9aa3 2026-04-25T13:51:21.798Z monthly 0.6 https://detectionlint.org/library/spl-suspicious-wevtutil-usage-07905e1b 2026-04-25T13:51:21.707Z monthly 0.6 https://detectionlint.org/library/spl-windows-dism-remove-defender-e3a8f056 2026-04-25T13:51:21.615Z monthly 0.6 https://detectionlint.org/library/sigma-time-travel-debugging-utility-usage---image-229cee59 2026-04-25T13:51:21.525Z monthly 0.6 https://detectionlint.org/library/spl-resize-shadowstorage-volume-b7de4d0f 2026-04-25T13:51:21.434Z monthly 0.6 https://detectionlint.org/library/kql-runningrat-request-parameters-a5db4795 2026-04-25T13:51:21.342Z monthly 0.6 https://detectionlint.org/library/spl-detect-sharphound-usage-3af795d0 2026-04-25T13:51:21.251Z monthly 0.6 https://detectionlint.org/library/sigma-disabling-multi-factor-authentication-f98986df 2026-04-25T13:51:21.163Z monthly 0.6 https://detectionlint.org/library/kql-unusual-web-server-command-execution-143d9437 2026-04-25T13:51:21.069Z monthly 0.6 https://detectionlint.org/library/sigma-uac-disabled-401c2e23 2026-04-25T13:51:20.980Z monthly 0.6 https://detectionlint.org/library/spl-linux-mysql-privilege-escalation-5916fb5d 2026-04-25T13:51:20.889Z monthly 0.6 https://detectionlint.org/library/sigma-potential-amsi-bypass-script-using-null-bits-b501bd8c 2026-04-25T13:51:20.795Z monthly 0.6 https://detectionlint.org/library/spl-crowdstrike-medium-severity-alert-4ca7d7d2 2026-04-25T13:51:20.706Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-external-webdav-execution-eddecfb0 2026-04-25T13:51:20.613Z monthly 0.6 https://detectionlint.org/library/spl-windows-dism-install-powershell-web-access-78a4451c 2026-04-25T13:51:20.525Z monthly 0.6 https://detectionlint.org/library/sigma-invoke-obfuscation-stdin-launcher---powershell-module-4a967e38 2026-04-25T13:51:20.431Z monthly 0.6 https://detectionlint.org/library/sigma-potential-invoke-mimikatz-powershell-script-69247510 2026-04-25T13:51:20.340Z monthly 0.6 https://detectionlint.org/library/spl-detect-regsvcs-spawning-a-process-6c324e91 2026-04-25T13:51:20.158Z monthly 0.6 https://detectionlint.org/library/sigma-github-repositoryorganization-transferred-23ee97b6 2026-04-25T13:51:20.073Z monthly 0.6 https://detectionlint.org/library/spl-process-deleting-its-process-file-path-a2f1b73f 2026-04-25T13:51:19.974Z monthly 0.6 https://detectionlint.org/library/kql-unusual-kernel-module-enumeration-687f0cb2 2026-04-25T13:51:19.894Z monthly 0.6 https://detectionlint.org/library/spl-windows-credentials-access-via-vaultcli-module-50608b96 2026-04-25T13:51:19.794Z monthly 0.6 https://detectionlint.org/library/spl-remote-wmi-command-attempt-14a3b9f0 2026-04-25T13:51:19.731Z monthly 0.6 https://detectionlint.org/library/sigma-application-uri-configuration-changes-cf786816 2026-04-25T13:51:19.603Z monthly 0.6 https://detectionlint.org/library/sigma-livekd-kernel-memory-dump-file-created-8c2bb714 2026-04-25T13:51:19.560Z monthly 0.6 https://detectionlint.org/library/spl-windows-credential-target-information-structure-in-commandli-e808164d 2026-04-25T13:51:19.547Z monthly 0.6 https://detectionlint.org/library/sigma-rds-database-security-group-modification-7d556a29 2026-04-25T13:51:19.205Z monthly 0.6 https://detectionlint.org/library/spl-linux-add-user-account-8d198ec5 2026-04-25T13:51:19.138Z monthly 0.6 https://detectionlint.org/library/spl-crowdstrike-admin-with-duplicate-password-816f56ff 2026-04-25T13:51:19.044Z monthly 0.6 https://detectionlint.org/library/spl-get-domaintrust-with-powershell-script-block-61025f2e 2026-04-25T13:51:18.990Z monthly 0.6 https://detectionlint.org/library/spl-getwmiobject-ds-group-with-powershell-script-block-0e9505f9 2026-04-25T13:51:18.778Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-via-custom-protocol-handler-55c18bbe 2026-04-25T13:51:18.688Z monthly 0.6 https://detectionlint.org/library/spl-linux-suspicious-react-or-nextjs-child-process-6d9c04ac 2026-04-25T13:51:18.597Z monthly 0.6 https://detectionlint.org/library/spl-svchost-lolbas-execution-process-spawn-43fd827c 2026-04-25T13:51:18.506Z monthly 0.6 https://detectionlint.org/library/sigma-github-new-secret-created-131f4a20 2026-04-25T13:51:18.414Z monthly 0.6 https://detectionlint.org/library/spl-suspicious-sqlite3-lsquarantine-behavior-2f068d4d 2026-04-25T13:51:18.324Z monthly 0.6 https://detectionlint.org/library/spl-randomly-generated-scheduled-task-name-b4b463cc 2026-04-25T13:51:18.238Z monthly 0.6 https://detectionlint.org/library/sigma-disable-powershell-command-history-1a38bd2b 2026-04-25T13:51:18.144Z monthly 0.6 https://detectionlint.org/library/spl-attacker-tools-on-endpoint-448bdb82 2026-04-25T13:51:18.051Z monthly 0.6 https://detectionlint.org/library/spl-overwriting-accessibility-binaries-bd7bb441 2026-04-25T13:51:17.971Z monthly 0.6 https://detectionlint.org/library/spl-windows-ad-suspicious-attribute-modification-c1243665 2026-04-25T13:51:17.870Z monthly 0.6 https://detectionlint.org/library/sigma-apache-segmentation-fault-89978017 2026-04-25T13:51:17.779Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-find-credentials-from-password-managers-e14bc61e 2026-04-25T13:51:17.686Z monthly 0.6 https://detectionlint.org/library/sigma-nginx-core-dump-b3a03dbe 2026-04-25T13:51:17.595Z monthly 0.6 https://detectionlint.org/library/spl-linux-make-privilege-escalation-909c6b84 2026-04-25T13:51:17.504Z monthly 0.6 https://detectionlint.org/library/spl-get-wmiobject-group-discovery-e66a6706 2026-04-25T13:51:17.413Z monthly 0.6 https://detectionlint.org/library/sigma-replace-desktop-wallpaper-by-powershell-66ead16a 2026-04-25T13:51:17.322Z monthly 0.6 https://detectionlint.org/library/kql-potential-build-process-compromise-6010643a 2026-04-25T13:51:17.234Z monthly 0.6 https://detectionlint.org/library/spl-getnettcpconnection-with-powershell-script-block-af8ddb4a 2026-04-25T13:51:16.959Z monthly 0.6 https://detectionlint.org/library/spl-detect-exchange-web-shell-0388871b 2026-04-25T13:51:16.868Z monthly 0.6 https://detectionlint.org/library/spl-powershell-remote-services-add-trustedhost-38c5255a 2026-04-25T13:51:16.775Z monthly 0.6 https://detectionlint.org/library/spl-detect-renamed-psexec-3a45bf75 2026-04-25T13:51:16.685Z monthly 0.6 https://detectionlint.org/library/sigma-vim-gtfobin-abuse---linux-4455a563 2026-04-25T13:51:16.597Z monthly 0.6 https://detectionlint.org/library/spl-windows-cached-domain-credentials-reg-query-e2304eb3 2026-04-25T13:51:16.505Z monthly 0.6 https://detectionlint.org/library/sigma-convertto-securestring-cmdlet-usage-via-commandline-b6c6a71a 2026-04-25T13:51:16.417Z monthly 0.6 https://detectionlint.org/library/spl-control-loading-from-world-writable-directory-b489c5e3 2026-04-25T13:51:16.333Z monthly 0.6 https://detectionlint.org/library/kql-shared-object-created-by-previously-unknown-process-b347280c 2026-04-25T13:51:16.231Z monthly 0.6 https://detectionlint.org/library/spl-screensaver-event-trigger-execution-9a176f02 2026-04-25T13:51:16.139Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-powershell-get-current-user-1b7cf01d 2026-04-25T13:51:16.048Z monthly 0.6 https://detectionlint.org/library/spl-dsquery-domain-discovery-af2bf3d3 2026-04-25T13:51:15.957Z monthly 0.6 https://detectionlint.org/library/spl-create-remote-thread-into-lsass-041f921b 2026-04-25T13:51:15.865Z monthly 0.6 https://detectionlint.org/library/sigma-windows-credential-editor-registry-e347a3dc 2026-04-25T13:51:15.596Z monthly 0.6 https://detectionlint.org/library/sigma-currentversion-autorun-keys-modification-78684f00 2026-04-25T13:51:15.512Z monthly 0.6 https://detectionlint.org/library/sigma-windows-recall-feature-enabled---disableaidataanalysis-value-2b9500eb 2026-04-25T13:51:15.411Z monthly 0.6 https://detectionlint.org/library/kql-deprecated---sudo-heap-based-buffer-overflow-attempt-43ee065c 2026-04-25T13:51:15.320Z monthly 0.6 https://detectionlint.org/library/sigma-github-repository-archive-status-changed-6ba77cec 2026-04-25T13:51:15.229Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-via-security-descriptors---scriptblock-a44aa654 2026-04-25T13:51:15.138Z monthly 0.6 https://detectionlint.org/library/sigma-ntdsdit-created-d264d04f 2026-04-25T13:51:15.046Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-curl-file-upload---linux-d4e05d83 2026-04-25T13:51:14.864Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---safetykatz-dump-indicator-25bef85f 2026-04-25T13:51:14.774Z monthly 0.6 https://detectionlint.org/library/sigma-google-workspace-application-access-level-modified-5ca3a8bd 2026-04-25T13:51:14.684Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-auditd-daemon-abort-abdf2452 2026-04-25T13:51:14.593Z monthly 0.6 https://detectionlint.org/library/sigma-system-information-discovery-using-system_profiler-2ac592ff 2026-04-25T13:51:14.501Z monthly 0.6 https://detectionlint.org/library/spl-common-ransomware-extensions-1c10fa37 2026-04-25T13:51:14.474Z monthly 0.6 https://detectionlint.org/library/spl-local-llm-framework-dns-query-3075b7ea 2026-04-25T13:51:14.403Z monthly 0.6 https://detectionlint.org/library/spl-suspicious-reg-exe-process-c5cb071e 2026-04-25T13:51:14.377Z monthly 0.6 https://detectionlint.org/library/spl-ransomware-notes-bulk-creation-c709d5e6 2026-04-25T13:51:14.287Z monthly 0.6 https://detectionlint.org/library/spl-windows-defacement-modify-transcodedwallpaper-file-88e06456 2026-04-25T13:51:14.047Z monthly 0.6 https://detectionlint.org/library/spl-network-discovery-using-route-windows-app-dbdc2127 2026-04-25T13:51:13.959Z monthly 0.6 https://detectionlint.org/library/sigma-aws-glue-development-endpoint-activity-e1cf2282 2026-04-25T13:51:13.863Z monthly 0.6 https://detectionlint.org/library/sigma-base64-encoded-powershell-command-detected-0aab47c3 2026-04-25T13:51:13.773Z monthly 0.6 https://detectionlint.org/library/spl-executables-or-script-creation-in-temp-path-6c706b8b 2026-04-25T13:51:13.681Z monthly 0.6 https://detectionlint.org/library/kql-potential-process-injection-via-powershell-3a7ec581 2026-04-25T13:51:13.589Z monthly 0.6 https://detectionlint.org/library/spl-detect-rtlo-in-process-689838f8 2026-04-25T13:51:13.499Z monthly 0.6 https://detectionlint.org/library/sigma-potential-com-objects-download-cradles-usage---ps-script-3733cb69 2026-04-25T13:51:13.411Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---dumpert-process-dumper-default-file-b41a801c 2026-04-25T13:51:13.318Z monthly 0.6 https://detectionlint.org/library/sigma-troubleshooting-pack-cmdlet-execution-707b2f86 2026-04-25T13:51:13.226Z monthly 0.6 https://detectionlint.org/library/spl-linux-octave-privilege-escalation-664d5d1e 2026-04-25T13:51:13.135Z monthly 0.6 https://detectionlint.org/library/spl-potential-telegram-api-request-via-commandline-f2da9139 2026-04-25T13:51:13.044Z monthly 0.6 https://detectionlint.org/library/sigma-jamf-mdm-execution-ac638efb 2026-04-25T13:51:12.952Z monthly 0.6 https://detectionlint.org/library/kql-powershell-kerberos-ticket-request-335ea92a 2026-04-25T13:51:12.863Z monthly 0.6 https://detectionlint.org/library/sigma-system-network-discovery---macos-dc1b4572 2026-04-25T13:51:12.772Z monthly 0.6 https://detectionlint.org/library/sigma-dd-file-overwrite-864cc354 2026-04-25T13:51:12.685Z monthly 0.6 https://detectionlint.org/library/sigma-invoke-obfuscation-obfuscated-iex-invocation---powershell-9c509ec1 2026-04-25T13:51:12.498Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-shell-open-command-registry-modification-4a5148fa 2026-04-25T13:51:12.427Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-icmp-exfiltration-53d84dc0 2026-04-25T13:51:12.361Z monthly 0.6 https://detectionlint.org/library/spl-windows-hosts-file-access-3e2858e2 2026-04-25T13:51:12.272Z monthly 0.6 https://detectionlint.org/library/sigma-aws-suspicious-saml-activity-327a7c19 2026-04-25T13:51:12.252Z monthly 0.6 https://detectionlint.org/library/spl-windows-dotnet-binary-in-non-standard-path-76e6d3ff 2026-04-25T13:51:12.248Z monthly 0.6 https://detectionlint.org/library/spl-linux-impair-defenses-process-kill-8d5af809 2026-04-25T13:51:12.237Z monthly 0.6 https://detectionlint.org/library/sigma-remote-access-tool---team-viewer-session-started-on-linux-ho-e635367d 2026-04-25T13:51:12.224Z monthly 0.6 https://detectionlint.org/library/spl-get-foresttrust-with-powershell-d5c3e88c 2026-04-25T13:51:12.218Z monthly 0.6 https://detectionlint.org/library/spl-macos-lolbin-c0b58c7b 2026-04-25T13:51:12.197Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-hotfix-enumeration-66d34c25 2026-04-25T13:51:12.188Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-base64-encoded-invoke-keyword-4cc2c33f 2026-04-25T13:51:12.187Z monthly 0.6 https://detectionlint.org/library/sigma-potential-in-memory-execution-using-reflectionassembly-7a9fb8ed 2026-04-25T13:51:10.024Z monthly 0.6 https://detectionlint.org/library/sigma-privileged-container-deployed-e9b5c224 2026-04-25T13:51:09.933Z monthly 0.6 https://detectionlint.org/library/kql-powershell-mailbox-collection-script-13e8f5a3 2026-04-25T13:51:09.841Z monthly 0.6 https://detectionlint.org/library/kql-suspicious-path-invocation-from-command-line-375aa50e 2026-04-25T13:51:09.659Z monthly 0.6 https://detectionlint.org/library/sigma-potential-discovery-activity-using-find---linux-507cdcdb 2026-04-25T13:51:09.574Z monthly 0.6 https://detectionlint.org/library/sigma-github-self-hosted-runner-changes-detected-55a3346d 2026-04-25T13:51:09.479Z monthly 0.6 https://detectionlint.org/library/sigma-http-request-with-empty-user-agent-19226c65 2026-04-25T13:51:09.297Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-get-process-lsass-in-scriptblock-abb5e825 2026-04-25T13:51:09.203Z monthly 0.6 https://detectionlint.org/library/sigma-potential-encoded-powershell-patterns-in-commandline-b9ae8a50 2026-04-25T13:51:09.111Z monthly 0.6 https://detectionlint.org/library/sigma-split-a-file-into-pieces---linux-34ee1fbf 2026-04-25T13:51:09.024Z monthly 0.6 https://detectionlint.org/library/spl-windows-executable-masquerading-as-benign-file-types-ffbda2e4 2026-04-25T13:51:08.929Z monthly 0.6 https://detectionlint.org/library/sigma-potential-powershell-downgrade-attack-21780b70 2026-04-25T13:51:08.839Z monthly 0.6 https://detectionlint.org/library/spl-msbuild-suspicious-spawned-by-script-process-f2eccfc3 2026-04-25T13:51:08.747Z monthly 0.6 https://detectionlint.org/library/sigma-shell-execution-via-find---linux-c4cfb631 2026-04-25T13:51:08.656Z monthly 0.6 https://detectionlint.org/library/sigma-potential-process-execution-proxy-via-cl_invocationps1-eb5ec2ee 2026-04-25T13:51:08.474Z monthly 0.6 https://detectionlint.org/library/sigma-shell-execution-via-flock---linux-30eab4b6 2026-04-25T13:51:08.293Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-inline-execution-from-a-file-8103d09f 2026-04-25T13:51:08.201Z monthly 0.6 https://detectionlint.org/library/spl-windows-alternate-datastream---process-execution-aa3d66f6 2026-04-25T13:51:08.109Z monthly 0.6 https://detectionlint.org/library/spl-windows-bitlocker-suspicious-command-usage-769e6226 2026-04-25T13:51:08.020Z monthly 0.6 https://detectionlint.org/library/sigma-apt-user-agent-41f2d322 2026-04-25T13:51:07.838Z monthly 0.6 https://detectionlint.org/library/spl-getwmiobject-ds-user-with-powershell-script-block-ec616f0e 2026-04-25T13:51:07.747Z monthly 0.6 https://detectionlint.org/library/spl-macos-loginhook-persistence-fb5e701a 2026-04-25T13:51:07.563Z monthly 0.6 https://detectionlint.org/library/sigma-cleartext-protocol-usage-d7034639 2026-04-25T13:51:07.382Z monthly 0.6 https://detectionlint.org/library/spl-powershell-remote-thread-to-known-windows-process-33d87f8f 2026-04-25T13:51:07.289Z monthly 0.6 https://detectionlint.org/library/sigma-aws-root-credentials-a4a22f4d 2026-04-25T13:51:07.201Z monthly 0.6 https://detectionlint.org/library/sigma-potential-binary-or-script-dropper-via-powershell-280d8212 2026-04-25T13:51:07.108Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-wmi-persistence-c26e86fc 2026-04-25T13:51:07.017Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-stop-services-71c1bd9c 2026-04-25T13:51:06.965Z monthly 0.6 https://detectionlint.org/library/sigma-internet-explorer-disablefirstruncustomize-enabled-16fc3945 2026-04-25T13:51:06.834Z monthly 0.6 https://detectionlint.org/library/spl-windows-identify-powershell-web-access-iis-pool-e432cedf 2026-04-25T13:51:06.745Z monthly 0.6 https://detectionlint.org/library/sigma-linux-webshell-indicators-f06ebe51 2026-04-25T13:51:06.653Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-dropbox-api-usage-8cd27f9c 2026-04-25T13:51:06.560Z monthly 0.6 https://detectionlint.org/library/spl-icacls-grant-command-242ebf66 2026-04-25T13:51:06.377Z monthly 0.6 https://detectionlint.org/library/sigma-bypass-uac-using-delegateexecute-1b35c9d0 2026-04-25T13:51:06.288Z monthly 0.6 https://detectionlint.org/library/sigma-pua---trufflehog-execution---linux-39a4e3fe 2026-04-25T13:51:06.198Z monthly 0.6 https://detectionlint.org/library/sigma-tamper-windows-defender---scriptblocklogging-ade7b67a 2026-04-25T13:51:06.013Z monthly 0.6 https://detectionlint.org/library/spl-script-execution-via-wmi-301f9d85 2026-04-25T13:51:05.920Z monthly 0.6 https://detectionlint.org/library/spl-schedule-task-with-rundll32-command-trigger-064d030f 2026-04-25T13:51:05.830Z monthly 0.6 https://detectionlint.org/library/sigma-potential-shelldispatchdll-sideloading-49c310f1 2026-04-25T13:51:05.739Z monthly 0.6 https://detectionlint.org/library/sigma-vscode-powershell-profile-modification-76c2a443 2026-04-25T13:51:05.375Z monthly 0.6 https://detectionlint.org/library/sigma-potential-perl-reverse-shell-execution-1f7e2b2f 2026-04-25T13:51:05.284Z monthly 0.6 https://detectionlint.org/library/sigma-invoke-obfuscation-via-stdin---powershell-module-cc20c83a 2026-04-25T13:51:05.193Z monthly 0.6 https://detectionlint.org/library/spl-getwmiobject-ds-computer-with-powershell-699ff1b7 2026-04-25T13:51:05.102Z monthly 0.6 https://detectionlint.org/library/sigma-file-time-attribute-change---linux-46f8f46c 2026-04-25T13:51:05.024Z monthly 0.6 https://detectionlint.org/library/spl-windows-export-certificate-9ab37a35 2026-04-25T13:51:05.004Z monthly 0.6 https://detectionlint.org/library/spl-possible-browser-pass-view-parameter-48887ea1 2026-04-25T13:51:04.912Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-powershell-invocations---specific-b951802e 2026-04-25T13:51:04.827Z monthly 0.6 https://detectionlint.org/library/spl-print-spooler-adding-a-printer-driver-c4a41399 2026-04-25T13:51:04.648Z monthly 0.6 https://detectionlint.org/library/spl-powershell-script-block-with-url-chain-02523474 2026-04-25T13:51:04.555Z monthly 0.6 https://detectionlint.org/library/sigma-winget-admin-settings-modification-1308c7df 2026-04-25T13:51:04.467Z monthly 0.6 https://detectionlint.org/library/sigma-crontab-enumeration-26afa648 2026-04-25T13:51:04.373Z monthly 0.6 https://detectionlint.org/library/kql-unusual-preload-environment-variable-process-execution-3fa51235 2026-04-25T13:51:04.283Z monthly 0.6 https://detectionlint.org/library/sigma-potential-clickfix-execution-pattern---registry-59bef708 2026-04-25T13:51:04.194Z monthly 0.6 https://detectionlint.org/library/spl-detect-sharphound-file-modifications-e5fc72bd 2026-04-25T13:51:04.102Z monthly 0.6 https://detectionlint.org/library/sigma-modify-system-firewall-35b0529d 2026-04-25T13:51:04.010Z monthly 0.6 https://detectionlint.org/library/spl-powershell-invoke-wmiexec-usage-3eee2693 2026-04-25T13:51:03.918Z monthly 0.6 https://detectionlint.org/library/sigma-linux-package-uninstall-0f6f84bb 2026-04-25T13:51:03.828Z monthly 0.6 https://detectionlint.org/library/spl-linux-ssh-authorized-keys-modification-fae94411 2026-04-25T13:51:03.646Z monthly 0.6 https://detectionlint.org/library/spl-linux-doas-tool-execution-20e51951 2026-04-25T13:51:03.554Z monthly 0.6 https://detectionlint.org/library/spl-windows-binary-proxy-execution-mavinject-dll-injection-7d410ce7 2026-04-25T13:51:03.480Z monthly 0.6 https://detectionlint.org/library/spl-linux-medusa-rootkit-690d6a3f 2026-04-25T13:51:03.373Z monthly 0.6 https://detectionlint.org/library/spl-macos-data-chunking-a2c37a18 2026-04-25T13:51:03.281Z monthly 0.6 https://detectionlint.org/library/spl-windows-cmdline-tool-execution-from-non-shell-process-2de85aea 2026-04-25T13:51:03.190Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-edit-cron-table-parameter-7e3006a6 2026-04-25T13:51:03.100Z monthly 0.6 https://detectionlint.org/library/kql-rdp-nesting-ea5ed316 2026-04-25T13:51:03.011Z monthly 0.6 https://detectionlint.org/library/spl-linux-indicator-removal-clear-cache-ab6920f5 2026-04-25T13:51:02.921Z monthly 0.6 https://detectionlint.org/library/sigma-linux-recon-indicators-dfe97623 2026-04-25T13:51:02.826Z monthly 0.6 https://detectionlint.org/library/spl-sdelete-application-execution-f4b4026f 2026-04-25T13:51:02.735Z monthly 0.6 https://detectionlint.org/library/sigma-linux-crypto-mining-indicators-5e6041f1 2026-04-25T13:51:02.643Z monthly 0.6 https://detectionlint.org/library/spl-macos-plutil-52f3505b 2026-04-25T13:51:02.462Z monthly 0.6 https://detectionlint.org/library/spl-suspicious-msbuild-spawn-7c3ee560 2026-04-25T13:51:02.370Z monthly 0.6 https://detectionlint.org/library/spl-getadgroup-with-powershell-a0f6ceb3 2026-04-25T13:51:02.281Z monthly 0.6 https://detectionlint.org/library/spl-ntdsutil-export-ntds-fac7e514 2026-04-25T13:51:02.187Z monthly 0.6 https://detectionlint.org/library/sigma-legitimate-application-dropped-executable-8433d914 2026-04-25T13:51:02.018Z monthly 0.6 https://detectionlint.org/library/spl-spoolsv-suspicious-process-access-54368bc3 2026-04-25T13:51:01.916Z monthly 0.6 https://detectionlint.org/library/sigma-potential-winapi-calls-via-powershell-scripts-c0081bb2 2026-04-25T13:51:01.827Z monthly 0.6 https://detectionlint.org/library/spl-web-servers-executing-suspicious-processes-2407aefa 2026-04-25T13:51:01.733Z monthly 0.6 https://detectionlint.org/library/sigma-netcat-the-powershell-version-5a5bb4a9 2026-04-25T13:51:01.643Z monthly 0.6 https://detectionlint.org/library/spl-windows-esx-admins-group-creation-via-powershell-e00a33eb 2026-04-25T13:51:01.553Z monthly 0.6 https://detectionlint.org/library/spl-linux-composer-privilege-escalation-416266ea 2026-04-25T13:51:01.460Z monthly 0.6 https://detectionlint.org/library/sigma-certificate-exported-via-powershell---scriptblock-cf02a05b 2026-04-25T13:51:01.370Z monthly 0.6 https://detectionlint.org/library/spl-linux-apt-privilege-escalation-8549c088 2026-04-25T13:51:01.276Z monthly 0.6 https://detectionlint.org/library/sigma-custom-file-open-handler-executes-powershell-9f396f16 2026-04-25T13:51:01.187Z monthly 0.6 https://detectionlint.org/library/sigma-modify-group-policy-settings---scriptblocklogging-f42d366f 2026-04-25T13:51:01.096Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-base64-encoded-frombase64string-cmdlet-1d8e2315 2026-04-25T13:51:01.004Z monthly 0.6 https://detectionlint.org/library/sigma-registry-modification-attempt-via-vbscript---powershell-cf69bd42 2026-04-25T13:51:00.825Z monthly 0.6 https://detectionlint.org/library/sigma-primary-refresh-token-access-attempt-e58f7475 2026-04-25T13:51:00.732Z monthly 0.6 https://detectionlint.org/library/spl-powershell-load-module-in-meterpreter-be716124 2026-04-25T13:51:00.644Z monthly 0.6 https://detectionlint.org/library/spl-windows-explorer-lnk-exploit-process-launch-with-padding-a57168f4 2026-04-25T13:51:00.552Z monthly 0.6 https://detectionlint.org/library/spl-powershell-domain-enumeration-48a2e354 2026-04-25T13:51:00.459Z monthly 0.6 https://detectionlint.org/library/kql-potential-invoke-mimikatz-powershell-script-bea9e34f 2026-04-25T13:51:00.368Z monthly 0.6 https://detectionlint.org/library/spl-windows-bitlockertogo-process-execution-757ae517 2026-04-25T13:51:00.100Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-sensitive-file-discovery-beabde6d 2026-04-25T13:51:00.006Z monthly 0.6 https://detectionlint.org/library/sigma-fortigate---user-group-modified-e634e828 2026-04-25T13:50:59.917Z monthly 0.6 https://detectionlint.org/library/kql-microsoft-build-engine-started-by-a-script-process-ae68a8c3 2026-04-25T13:50:59.822Z monthly 0.6 https://detectionlint.org/library/sigma-certificate-based-authentication-enabled-6bc85713 2026-04-25T13:50:59.737Z monthly 0.6 https://detectionlint.org/library/sigma-tamper-windows-defender-remove-mppreference---scriptblocklog-558223e0 2026-04-25T13:50:59.641Z monthly 0.6 https://detectionlint.org/library/spl-detect-remote-access-software-usage-file-2e0a1285 2026-04-25T13:50:59.550Z monthly 0.6 https://detectionlint.org/library/sigma-alternate-powershell-hosts---powershell-module-8896c908 2026-04-25T13:50:59.462Z monthly 0.6 https://detectionlint.org/library/spl-fsutil-zeroing-file-2a55953d 2026-04-25T13:50:59.367Z monthly 0.6 https://detectionlint.org/library/sigma-windows-shellscripting-application-file-write-to-suspicious--fbaac75b 2026-04-25T13:50:59.184Z monthly 0.6 https://detectionlint.org/library/spl-detect-html-help-renamed-cbfae4f5 2026-04-25T13:50:59.095Z monthly 0.6 https://detectionlint.org/library/spl-unload-sysmon-filter-driver-d4ea1361 2026-04-25T13:50:59.003Z monthly 0.6 https://detectionlint.org/library/spl-detect-remote-access-software-usage-fileinfo-55a0dcdc 2026-04-25T13:50:58.913Z monthly 0.6 https://detectionlint.org/library/spl-disabling-folderoptions-windows-feature-47596a8c 2026-04-25T13:50:58.866Z monthly 0.6 https://detectionlint.org/library/sigma-disable-macro-runtime-scan-scope-1bd2ab7c 2026-04-25T13:50:58.814Z monthly 0.6 https://detectionlint.org/library/spl-macos---re-opened-applications-90ec8b9b 2026-04-25T13:50:58.722Z monthly 0.6 https://detectionlint.org/library/spl-processes-tapping-keyboard-events-e6cdd7b6 2026-04-25T13:50:58.679Z monthly 0.6 https://detectionlint.org/library/sigma-registry-hide-function-from-user-1b5ecefe 2026-04-25T13:50:58.607Z monthly 0.6 https://detectionlint.org/library/spl-get-foresttrust-with-powershell-script-block-88e3ceb5 2026-04-25T13:50:58.412Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-executable-file-creation-44d7ae9a 2026-04-25T13:50:58.231Z monthly 0.6 https://detectionlint.org/library/sigma-remote-powershell-session-ps-classic-bfa7734f 2026-04-25T13:50:58.140Z monthly 0.6 https://detectionlint.org/library/sigma-wow6432node-currentversion-autorun-keys-modification-5f82dff7 2026-04-25T13:50:58.050Z monthly 0.6 https://detectionlint.org/library/sigma-multifactor-authentication-denied-e6756049 2026-04-25T13:50:57.870Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-package-installed---linux-b7538f9b 2026-04-25T13:50:57.691Z monthly 0.6 https://detectionlint.org/library/sigma-rdp-to-http-or-https-target-ports-ba82d2a5 2026-04-25T13:50:57.594Z monthly 0.6 https://detectionlint.org/library/spl-windows-ad-abnormal-object-access-activity-6a135802 2026-04-25T13:50:57.503Z monthly 0.6 https://detectionlint.org/library/sigma-github-delete-action-invoked-0ed01a1c 2026-04-25T13:50:57.424Z monthly 0.6 https://detectionlint.org/library/spl-linux-service-started-or-enabled-7dd81133 2026-04-25T13:50:57.321Z monthly 0.6 https://detectionlint.org/library/sigma-invoke-obfuscation-compress-obfuscation---powershell-module-9389964f 2026-04-25T13:50:57.228Z monthly 0.6 https://detectionlint.org/library/spl-detect-prohibited-applications-spawning-cmd-exe-be6fa005 2026-04-25T13:50:57.136Z monthly 0.6 https://detectionlint.org/library/spl-get-domainuser-with-powershell-5827ea7e 2026-04-25T13:50:57.048Z monthly 0.6 https://detectionlint.org/library/spl-getcurrent-user-with-powershell-f238795a 2026-04-25T13:50:56.956Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-auditd-daemon-start-cdf527ca 2026-04-25T13:50:56.863Z monthly 0.6 https://detectionlint.org/library/sigma-telegram-api-access-42b1b6f5 2026-04-25T13:50:56.773Z monthly 0.6 https://detectionlint.org/library/sigma-potential-eacoredll-sideloading-e9a77584 2026-04-25T13:50:56.682Z monthly 0.6 https://detectionlint.org/library/spl-msmpeng-application-dll-side-loading-31d253bd 2026-04-25T13:50:56.590Z monthly 0.6 https://detectionlint.org/library/spl-check-elevated-cmd-using-whoami-7f461c3b 2026-04-25T13:50:56.499Z monthly 0.6 https://detectionlint.org/library/kql-potential-buffer-overflow-attack-detected-ee183ff1 2026-04-25T13:50:56.408Z monthly 0.6 https://detectionlint.org/library/sigma-obfuscated-powershell-oneliner-execution-65ae591e 2026-04-25T13:50:56.317Z monthly 0.6 https://detectionlint.org/library/sigma-linux-remote-system-discovery-8b48e90f 2026-04-25T13:50:55.954Z monthly 0.6 https://detectionlint.org/library/sigma-potential-goopdatedll-sideloading-b7c3bcdd 2026-04-25T13:50:55.863Z monthly 0.6 https://detectionlint.org/library/sigma-clear-linux-logs-72303baf 2026-04-25T13:50:55.769Z monthly 0.6 https://detectionlint.org/library/sigma-github-fork-private-repositories-setting-enabledcleared-94dca97f 2026-04-25T13:50:55.681Z monthly 0.6 https://detectionlint.org/library/spl-linux-curl-upload-file-2b073825 2026-04-25T13:50:55.589Z monthly 0.6 https://detectionlint.org/library/sigma-lsass-process-memory-dump-files-d93454fa 2026-04-25T13:50:55.499Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-directory-enumeration-4cbe5af4 2026-04-25T13:50:55.407Z monthly 0.6 https://detectionlint.org/library/spl-enumerate-users-local-group-using-telegram-d8ff76da 2026-04-25T13:50:55.323Z monthly 0.6 https://detectionlint.org/library/sigma-sql-injection-strings-in-uri-47fb81be 2026-04-25T13:50:55.225Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-script-with-file-upload-capabilities-227a8809 2026-04-25T13:50:55.134Z monthly 0.6 https://detectionlint.org/library/sigma-potential-xterm-reverse-shell-55ba5926 2026-04-25T13:50:54.854Z monthly 0.6 https://detectionlint.org/library/spl-windows-cab-file-on-disk-e263c416 2026-04-25T13:50:54.779Z monthly 0.6 https://detectionlint.org/library/kql-changes-to-application-logout-url-e2a060cf 2026-04-25T13:50:54.671Z monthly 0.6 https://detectionlint.org/library/sigma-security-software-discovery---macos-394714d2 2026-04-25T13:50:54.492Z monthly 0.6 https://detectionlint.org/library/sigma-system-scripts-autorun-keys-modification-2e45bbc3 2026-04-25T13:50:54.400Z monthly 0.6 https://detectionlint.org/library/spl-windows-driver-inventory-7f248529 2026-04-25T13:50:54.308Z monthly 0.6 https://detectionlint.org/library/kql-powershell-script-with-token-impersonation-capabilities-e4f21150 2026-04-25T13:50:54.220Z monthly 0.6 https://detectionlint.org/library/sigma-potential-netcat-reverse-shell-execution-b3d8c9ea 2026-04-25T13:50:54.126Z monthly 0.6 https://detectionlint.org/library/spl-powershell-remove-windows-defender-directory-1bd2d8e0 2026-04-25T13:50:54.036Z monthly 0.6 https://detectionlint.org/library/sigma-dsinternals-suspicious-powershell-cmdlets-ac67710f 2026-04-25T13:50:53.954Z monthly 0.6 https://detectionlint.org/library/spl-certutil-with-decode-argument-4f6d1ddf 2026-04-25T13:50:53.854Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-module-file-created-fbb27a66 2026-04-25T13:50:53.672Z monthly 0.6 https://detectionlint.org/library/spl-windows-command-and-scripting-interpreter-path-traversal-exe-940cbb4e 2026-04-25T13:50:53.580Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-auditd-daemon-shutdown-5ffa7ff9 2026-04-25T13:50:53.496Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-hyper-v-cmdlets-20e12138 2026-04-25T13:50:53.401Z monthly 0.6 https://detectionlint.org/library/sigma-source-code-enumeration-detection-by-keyword-800ce8ce 2026-04-25T13:50:53.308Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-powershell-invocations---generic-54a102fa 2026-04-25T13:50:53.216Z monthly 0.6 https://detectionlint.org/library/spl-detect-empire-with-powershell-script-block-logging-45f31777 2026-04-25T13:50:53.178Z monthly 0.6 https://detectionlint.org/library/spl-malicious-powershell-process-with-obfuscation-techniques-b53c74e3 2026-04-25T13:50:52.853Z monthly 0.6 https://detectionlint.org/library/sigma-potential-linux-process-code-injection-via-dd-utility-1380fcc3 2026-04-25T13:50:52.761Z monthly 0.6 https://detectionlint.org/library/spl-icacls-deny-command-3cfe29b0 2026-04-25T13:50:52.672Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-data-transfer-size-limits-via-split-syscall-3ca60e25 2026-04-25T13:50:52.579Z monthly 0.6 https://detectionlint.org/library/spl-getwmiobject-ds-user-with-powershell-dfa9df6b 2026-04-25T13:50:52.487Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-get-variableexe-creation-75a5e02e 2026-04-25T13:50:52.402Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-module-file-created-by-non-powershell-process-b0d01e59 2026-04-25T13:50:52.306Z monthly 0.6 https://detectionlint.org/library/sigma-ad-groups-or-users-enumeration-using-powershell---poshmodule-429d6f73 2026-04-25T13:50:52.215Z monthly 0.6 https://detectionlint.org/library/sigma-add-windows-capability-via-powershell-script-7d54af0f 2026-04-25T13:50:52.122Z monthly 0.6 https://detectionlint.org/library/sigma-invoke-obfuscation-stdin-launcher---powershell-a69eb3b2 2026-04-25T13:50:52.033Z monthly 0.6 https://detectionlint.org/library/spl-windows-developer-signed-msix-package-installation-c72cc933 2026-04-25T13:50:51.940Z monthly 0.6 https://detectionlint.org/library/sigma-malicious-nishang-powershell-commandlets-9b745ee7 2026-04-25T13:50:51.851Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---babyshark-agent-default-url-pattern-50ee6f6c 2026-04-25T13:50:51.759Z monthly 0.6 https://detectionlint.org/library/spl-runas-execution-in-commandline-8098f869 2026-04-25T13:50:51.667Z monthly 0.6 https://detectionlint.org/library/spl-linux-possible-ssh-key-file-creation-9f1abaf0 2026-04-25T13:50:51.578Z monthly 0.6 https://detectionlint.org/library/spl-windows-disable-or-stop-browser-process-93ec3ef3 2026-04-25T13:50:51.489Z monthly 0.6 https://detectionlint.org/library/spl-sam-database-file-access-attempt-def5f3b2 2026-04-25T13:50:51.396Z monthly 0.6 https://detectionlint.org/library/spl-notepad-with-no-command-line-arguments-4f7fb52a 2026-04-25T13:50:51.126Z monthly 0.6 https://detectionlint.org/library/sigma-antivirus-hacktool-detection-b8bb4e6b 2026-04-25T13:50:51.030Z monthly 0.6 https://detectionlint.org/library/sigma-process-explorer-driver-creation-by-non-sysinternals-binary-a22fd85e 2026-04-25T13:50:50.953Z monthly 0.6 https://detectionlint.org/library/sigma-automated-collection-command-powershell-b843c0fc 2026-04-25T13:50:50.850Z monthly 0.6 https://detectionlint.org/library/sigma-remote-access-tool---potential-meshagent-execution---macos-b4e0fc89 2026-04-25T13:50:50.759Z monthly 0.6 https://detectionlint.org/library/spl-revil-common-exec-parameter-8c452a58 2026-04-25T13:50:50.575Z monthly 0.6 https://detectionlint.org/library/sigma-opencanary---nmap-null-scan-66eb6ffb 2026-04-25T13:50:50.486Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---cobaltstrike-malleable-profile-patterns---proxy-0ac04410 2026-04-25T13:50:50.395Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-user-agent-ff7d97cf 2026-04-25T13:50:50.305Z monthly 0.6 https://detectionlint.org/library/sigma-teamviewer-remote-session-cb8f647b 2026-04-25T13:50:50.213Z monthly 0.6 https://detectionlint.org/library/sigma-windows-hypervisor-enforced-code-integrity-disabled-a4dea078 2026-04-25T13:50:50.122Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-adrecon-execution-7632545c 2026-04-25T13:50:50.029Z monthly 0.6 https://detectionlint.org/library/sigma-kubernetes-rolebinding-modification-cb79221c 2026-04-25T13:50:49.939Z monthly 0.6 https://detectionlint.org/library/kql-tainted-kernel-module-load-f8dde20a 2026-04-25T13:50:49.848Z monthly 0.6 https://detectionlint.org/library/spl-detect-rare-executables-d48b292e 2026-04-25T13:50:49.758Z monthly 0.6 https://detectionlint.org/library/spl-detect-mimikatz-with-powershell-script-block-logging-ac8d705e 2026-04-25T13:50:49.667Z monthly 0.6 https://detectionlint.org/library/sigma-server-side-template-injection-strings-92e47314 2026-04-25T13:50:49.576Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-data-transfer-size-limits-via-split-a6fd9218 2026-04-25T13:50:49.486Z monthly 0.6 https://detectionlint.org/library/sigma-potential-powershell-obfuscation-using-character-join-0e0ef5c8 2026-04-25T13:50:49.395Z monthly 0.6 https://detectionlint.org/library/sigma-process-execution-error-in-jvm-based-application-922b1ed4 2026-04-25T13:50:49.303Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-doas-tool-execution-09ebba27 2026-04-25T13:50:49.212Z monthly 0.6 https://detectionlint.org/library/sigma-potential-powershell-command-line-obfuscation-8c3563e1 2026-04-25T13:50:49.122Z monthly 0.6 https://detectionlint.org/library/spl-disabling-defender-services-d5ace51a 2026-04-25T13:50:49.028Z monthly 0.6 https://detectionlint.org/library/sigma-github-outside-collaborator-detected-84feb937 2026-04-25T13:50:48.844Z monthly 0.6 https://detectionlint.org/library/sigma-disable-security-tools-d22d0356 2026-04-25T13:50:48.602Z monthly 0.6 https://detectionlint.org/library/spl-user-discovery-with-env-vars-powershell-script-block-dc150e55 2026-04-25T13:50:48.418Z monthly 0.6 https://detectionlint.org/library/spl-system-user-discovery-with-query-9c8ea66c 2026-04-25T13:50:48.294Z monthly 0.6 https://detectionlint.org/library/spl-rubeus-command-line-parameters-10dd4145 2026-04-25T13:50:48.201Z monthly 0.6 https://detectionlint.org/library/sigma-credentials-in-files---linux-fcdff3b0 2026-04-25T13:50:48.111Z monthly 0.6 https://detectionlint.org/library/kql-suspicious-powershell-engine-imageload-273f8897 2026-04-25T13:50:48.021Z monthly 0.6 https://detectionlint.org/library/spl-linux-file-created-in-kernel-driver-directory-2905f2b4 2026-04-25T13:50:47.932Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-network-connection-binary-no-commandline-46c0682f 2026-04-25T13:50:47.839Z monthly 0.6 https://detectionlint.org/library/spl-recon-using-wmi-class-b84ec90b 2026-04-25T13:50:47.770Z monthly 0.6 https://detectionlint.org/library/sigma-dmsa-link-attributes-modified-2ee89019 2026-04-25T13:50:47.658Z monthly 0.6 https://detectionlint.org/library/spl-bcdedit-command-back-to-normal-mode-boot-da5a7b43 2026-04-25T13:50:47.566Z monthly 0.6 https://detectionlint.org/library/spl-suspicious-msbuild-path-b29708ae 2026-04-25T13:50:47.476Z monthly 0.6 https://detectionlint.org/library/spl-malicious-powershell-process---execution-policy-bypass-44b72126 2026-04-25T13:50:47.384Z monthly 0.6 https://detectionlint.org/library/spl-powershell-fileless-script-contains-base64-encoded-content-2d308eb8 2026-04-25T13:50:47.293Z monthly 0.6 https://detectionlint.org/library/sigma-silenceeda-detection-73a67d10 2026-04-25T13:50:47.203Z monthly 0.6 https://detectionlint.org/library/spl-msi-module-loaded-by-non-system-binary-97f1e024 2026-04-25T13:50:47.194Z monthly 0.6 https://detectionlint.org/library/sigma-malware-user-agent-532035a4 2026-04-25T13:50:47.115Z monthly 0.6 https://detectionlint.org/library/spl-spoolsv-suspicious-loaded-modules-dbe69384 2026-04-25T13:50:47.004Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-service-started-52d1215a 2026-04-25T13:50:46.999Z monthly 0.6 https://detectionlint.org/library/spl-powershell-loading-dotnet-into-memory-via-reflection-4a1deebf 2026-04-25T13:50:23.620Z monthly 0.6 https://detectionlint.org/library/kql-potential-powershell-hacktool-script-by-author-a7d756b3 2026-04-25T13:50:23.433Z monthly 0.6 https://detectionlint.org/library/spl-windows-excel-spawning-microsoft-project-application-15f8aef4 2026-04-25T13:50:23.341Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-detect-virtualization-environment-d43b6636 2026-04-25T13:50:23.248Z monthly 0.6 https://detectionlint.org/library/sigma-opencanary---http-get-request-d30ef540 2026-04-25T13:50:23.157Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-create-scheduled-task-ecb1db69 2026-04-25T13:50:22.971Z monthly 0.6 https://detectionlint.org/library/spl-common-ransomware-notes-103bc2f6 2026-04-25T13:50:22.883Z monthly 0.6 https://detectionlint.org/library/sigma-potential-psfactorybuffer-com-hijacking-04430e88 2026-04-25T13:50:22.702Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-java-children-processes-0c4b2328 2026-04-25T13:50:22.612Z monthly 0.6 https://detectionlint.org/library/sigma-install-root-certificate-bb032f83 2026-04-25T13:50:22.519Z monthly 0.6 https://detectionlint.org/library/spl-get-aduser-with-powershell-script-block-c0d4db63 2026-04-25T13:50:22.429Z monthly 0.6 https://detectionlint.org/library/spl-web-or-application-server-spawning-a-shell-2f3bd9c7 2026-04-25T13:50:22.328Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---netexec-file-indicators-654816e0 2026-04-25T13:50:22.240Z monthly 0.6 https://detectionlint.org/library/spl-unknown-process-using-the-kerberos-protocol-dfe400ba 2026-04-25T13:50:22.147Z monthly 0.6 https://detectionlint.org/library/spl-powershell-enable-smb1protocol-feature-8ca2e52c 2026-04-25T13:50:21.874Z monthly 0.6 https://detectionlint.org/library/spl-linux-decode-base64-to-shell-db788683 2026-04-25T13:50:21.779Z monthly 0.6 https://detectionlint.org/library/sigma-linux-capabilities-discovery-71fcd48b 2026-04-25T13:50:21.688Z monthly 0.6 https://detectionlint.org/library/sigma-network-sniffing---linux-2d5c98de 2026-04-25T13:50:21.506Z monthly 0.6 https://detectionlint.org/library/sigma-github-push-protection-disabled-547fe93c 2026-04-25T13:50:21.415Z monthly 0.6 https://detectionlint.org/library/sigma-password-spray-activity-e89f71ea 2026-04-25T13:50:21.325Z monthly 0.6 https://detectionlint.org/library/spl-macos-kextload-usage-9efb273c 2026-04-25T13:50:21.233Z monthly 0.6 https://detectionlint.org/library/sigma-cisco-modify-configuration-e94d0366 2026-04-25T13:50:21.143Z monthly 0.6 https://detectionlint.org/library/sigma-webdav-put-request-ca22bd7c 2026-04-25T13:50:21.053Z monthly 0.6 https://detectionlint.org/library/spl-powershell-processing-stream-of-data-b74ec4d8 2026-04-25T13:50:20.961Z monthly 0.6 https://detectionlint.org/library/sigma-shell-execution-gcc---linux-f9ecc685 2026-04-25T13:50:20.870Z monthly 0.6 https://detectionlint.org/library/sigma-connection-proxy-4452c56f 2026-04-25T13:50:20.687Z monthly 0.6 https://detectionlint.org/library/spl-linux-common-process-for-elevation-control-f586b3aa 2026-04-25T13:50:20.596Z monthly 0.6 https://detectionlint.org/library/spl-detect-certify-with-powershell-script-block-logging-6ca12405 2026-04-25T13:50:20.506Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-sql-query-00c30842 2026-04-25T13:50:20.414Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-shred-overwrite-command-5a576c43 2026-04-25T13:50:20.322Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-remote-session-creation-0452efd9 2026-04-25T13:50:20.231Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-powershell-invocations---specific---powershell-mo-76d15abc 2026-04-25T13:50:20.142Z monthly 0.6 https://detectionlint.org/library/spl-windows-firewall-rule-modification-ef5dfdfa 2026-04-25T13:50:20.051Z monthly 0.6 https://detectionlint.org/library/spl-windows-explorerexe-spawning-powershell-or-cmd-73e02d49 2026-04-25T13:50:19.682Z monthly 0.6 https://detectionlint.org/library/sigma-startup-folder-file-write-651a2ccd 2026-04-25T13:50:19.410Z monthly 0.6 https://detectionlint.org/library/sigma-ruby-on-rails-framework-exceptions-180fab7c 2026-04-25T13:50:19.319Z monthly 0.6 https://detectionlint.org/library/spl-getcurrent-user-with-powershell-script-block-f2f3f374 2026-04-25T13:50:19.228Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-set-acl-on-windows-folder---psscript-bed67c02 2026-04-25T13:50:19.045Z monthly 0.6 https://detectionlint.org/library/spl-windows-diskshadow-proxy-execution-86e897d9 2026-04-25T13:50:18.955Z monthly 0.6 https://detectionlint.org/library/sigma-linux-doas-tool-execution-9acd64f9 2026-04-25T13:50:18.910Z monthly 0.6 https://detectionlint.org/library/spl-high-process-termination-frequency-04d93bd0 2026-04-25T13:50:18.772Z monthly 0.6 https://detectionlint.org/library/spl-windows-command-shell-dcrat-forkbomb-payload-e231da90 2026-04-25T13:50:18.680Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-attempt-via-errorhandlercmd-bc459a99 2026-04-25T13:50:18.597Z monthly 0.6 https://detectionlint.org/library/sigma-linux-shell-pipe-to-shell-6313cb57 2026-04-25T13:50:18.408Z monthly 0.6 https://detectionlint.org/library/kql-powershell-share-enumeration-script-a98a9247 2026-04-25T13:50:18.360Z monthly 0.6 https://detectionlint.org/library/spl-bitsadmin-download-file-616dab8a 2026-04-25T13:50:18.222Z monthly 0.6 https://detectionlint.org/library/spl-slui-spawning-a-process-d6ddcab7 2026-04-25T13:50:18.189Z monthly 0.6 https://detectionlint.org/library/spl-process-execution-via-wmi-5b02ef4e 2026-04-25T13:50:18.093Z monthly 0.6 https://detectionlint.org/library/spl-windows-com-hijacking-inprocserver32-modification-3fa2bd54 2026-04-25T13:50:18.024Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-setuid-using-chmod-utility-41a2da81 2026-04-25T13:50:17.849Z monthly 0.6 https://detectionlint.org/library/spl-delete-shadowcopy-with-powershell-3e82086d 2026-04-25T13:50:17.754Z monthly 0.6 https://detectionlint.org/library/spl-get-domainuser-with-powershell-script-block-cc2fd7f4 2026-04-25T13:50:17.662Z monthly 0.6 https://detectionlint.org/library/spl-linux-awk-privilege-escalation-a208260c 2026-04-25T13:50:17.480Z monthly 0.6 https://detectionlint.org/library/spl-linux-puppet-privilege-escalation-2a36a47e 2026-04-25T13:50:17.391Z monthly 0.6 https://detectionlint.org/library/kql-uid-elevation-from-previously-unknown-executable-9e850b25 2026-04-25T13:50:17.291Z monthly 0.6 https://detectionlint.org/library/spl-rundll32-shimcache-flush-e72df91d 2026-04-25T13:50:17.201Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-sql-error-messages-7da50bed 2026-04-25T13:50:17.108Z monthly 0.6 https://detectionlint.org/library/spl-windows-gdrive-binary-activity-77fbe729 2026-04-25T13:50:17.019Z monthly 0.6 https://detectionlint.org/library/spl-windows-enable-powershell-web-access-064d834b 2026-04-25T13:50:16.932Z monthly 0.6 https://detectionlint.org/library/kql-first-time-python-spawned-a-shell-on-host-f6078a5b 2026-04-25T13:50:16.838Z monthly 0.6 https://detectionlint.org/library/sigma-windows-powershell-user-agent-41ad5eb4 2026-04-25T13:50:16.746Z monthly 0.6 https://detectionlint.org/library/sigma-jndiexploit-pattern-5dc8a77f 2026-04-25T13:50:16.649Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-sudo-or-su-execution-fac9d33d 2026-04-25T13:50:16.555Z monthly 0.6 https://detectionlint.org/library/sigma-execute-invoke-command-on-remote-host-aaad15c6 2026-04-25T13:50:16.467Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-execution-with-potential-decryption-capabilities-c30abd5e 2026-04-25T13:50:16.376Z monthly 0.6 https://detectionlint.org/library/sigma-aws-new-lambda-layer-attached-47301c0a 2026-04-25T13:50:16.283Z monthly 0.6 https://detectionlint.org/library/sigma-security-software-discovery-via-powershell-script-2bd6e3fc 2026-04-25T13:50:16.102Z monthly 0.6 https://detectionlint.org/library/kql-deprecated---eggshell-backdoor-execution-9ea56c6f 2026-04-25T13:50:15.830Z monthly 0.6 https://detectionlint.org/library/sigma-legitimate-application-dropped-script-fa659bb5 2026-04-25T13:50:15.736Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-at-application-execution-5629d63f 2026-04-25T13:50:15.644Z monthly 0.6 https://detectionlint.org/library/sigma-clear-powershell-history---powershell-e0585c6b 2026-04-25T13:50:15.553Z monthly 0.6 https://detectionlint.org/library/sigma-windows-webshell-strings-8d919a9c 2026-04-25T13:50:15.463Z monthly 0.6 https://detectionlint.org/library/spl-powershell-com-hijacking-inprocserver32-modification-ba0596a8 2026-04-25T13:50:15.192Z monthly 0.6 https://detectionlint.org/library/spl-detect-regasm-spawning-a-process-ab221597 2026-04-25T13:50:15.098Z monthly 0.6 https://detectionlint.org/library/spl-linux-visudo-utility-execution-71a2ff31 2026-04-25T13:50:15.009Z monthly 0.6 https://detectionlint.org/library/spl-wbemprox-com-object-execution-a51e094e 2026-04-25T13:50:14.918Z monthly 0.6 https://detectionlint.org/library/sigma-cross-site-scripting-strings-aecf13df 2026-04-25T13:50:14.825Z monthly 0.6 https://detectionlint.org/library/spl-mmc-lolbas-execution-process-spawn-259c345d 2026-04-25T13:50:14.734Z monthly 0.6 https://detectionlint.org/library/kql-suspicious-portable-executable-encoded-in-powershell-script-7fa31cda 2026-04-25T13:50:14.645Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-base64-encoded-mppreference-cmdlet-1cc47c63 2026-04-25T13:50:14.463Z monthly 0.6 https://detectionlint.org/library/sigma-mount-execution-with-hidepid-parameter-bf48b91e 2026-04-25T13:50:14.370Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-powershell-download---powershell-script-3f76608f 2026-04-25T13:50:14.279Z monthly 0.6 https://detectionlint.org/library/spl-process-kill-base-on-file-path-64ee07c3 2026-04-25T13:50:14.189Z monthly 0.6 https://detectionlint.org/library/sigma-hack-tool-user-agent-a6426507 2026-04-25T13:50:13.995Z monthly 0.6 https://detectionlint.org/library/sigma-new-aws-lambda-function-url-configuration-created-0650f816 2026-04-25T13:50:13.903Z monthly 0.6 https://detectionlint.org/library/sigma-python-spawning-pretty-tty-via-pty-module-f8ca2969 2026-04-25T13:50:13.811Z monthly 0.6 https://detectionlint.org/library/spl-linux-clipboard-data-copy-1909beae 2026-04-25T13:50:13.718Z monthly 0.6 https://detectionlint.org/library/spl-linux-sudo-or-su-execution-4311c547 2026-04-25T13:50:13.628Z monthly 0.6 https://detectionlint.org/library/sigma-multifactor-authentication-interrupted-3cde61fa 2026-04-25T13:50:13.540Z monthly 0.6 https://detectionlint.org/library/spl-mailsniper-invoke-functions-2b354f24 2026-04-25T13:50:13.456Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-called-from-an-executable-version-mismatch-68dd66f1 2026-04-25T13:50:13.355Z monthly 0.6 https://detectionlint.org/library/sigma-ad-groups-or-users-enumeration-using-powershell---scriptbloc-695b84b0 2026-04-25T13:50:13.265Z monthly 0.6 https://detectionlint.org/library/spl-windows-detect-network-scanner-behavior-bc729bf8 2026-04-25T13:50:13.173Z monthly 0.6 https://detectionlint.org/library/spl-windows-autoit3-execution-4980487c 2026-04-25T13:50:13.082Z monthly 0.6 https://detectionlint.org/library/sigma-enable-microsoft-dynamic-data-exchange-cedea112 2026-04-25T13:50:12.991Z monthly 0.6 https://detectionlint.org/library/spl-disable-schedule-task-3c33f34c 2026-04-25T13:50:12.901Z monthly 0.6 https://detectionlint.org/library/sigma-invoke-obfuscation-via-stdin---powershell-143fefaa 2026-04-25T13:50:12.810Z monthly 0.6 https://detectionlint.org/library/spl-malicious-inprocserver32-modification-b33edc01 2026-04-25T13:50:12.720Z monthly 0.6 https://detectionlint.org/library/spl-schtasks-run-task-on-demand-e8b95fb8 2026-04-25T13:50:12.629Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-powershell-invocations---generic---powershell-mod-07fa9c04 2026-04-25T13:50:12.536Z monthly 0.6 https://detectionlint.org/library/sigma-wscript-or-cscript-dropper---file-56888a03 2026-04-25T13:50:12.491Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-kernel-module-using-rmmod-utility-6498d9fc 2026-04-25T13:50:12.462Z monthly 0.6 https://detectionlint.org/library/spl-linux-deleting-critical-directory-using-rm-command-031ff486 2026-04-25T13:50:12.347Z monthly 0.6 https://detectionlint.org/library/kql-kernel-object-file-creation-3e479270 2026-04-25T13:50:12.224Z monthly 0.6 https://detectionlint.org/library/spl-exchange-powershell-module-usage-2f7f2900 2026-04-25T13:49:37.152Z monthly 0.6 https://detectionlint.org/library/sigma-curl-usage-on-linux-e12fced7 2026-04-25T13:49:37.059Z monthly 0.6 https://detectionlint.org/library/sigma-wmic-loading-scripting-libraries-70c482ca 2026-04-25T13:49:36.969Z monthly 0.6 https://detectionlint.org/library/spl-linux-sudoers-tmp-file-creation-e3166694 2026-04-25T13:49:36.877Z monthly 0.6 https://detectionlint.org/library/spl-get-aduser-with-powershell-e508ae0b 2026-04-25T13:49:36.695Z monthly 0.6 https://detectionlint.org/library/spl-ping-sleep-batch-command-37a3b35b 2026-04-25T13:49:36.423Z monthly 0.6 https://detectionlint.org/library/sigma-dsinternals-suspicious-powershell-cmdlets---scriptblock-b29d67eb 2026-04-25T13:49:36.334Z monthly 0.6 https://detectionlint.org/library/spl-schedule-task-with-http-command-arguments-55ab101b 2026-04-25T13:49:36.242Z monthly 0.6 https://detectionlint.org/library/sigma-shell-invocation-via-apt---linux-5e753ae1 2026-04-25T13:49:35.967Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-timestomp-bdc10cee 2026-04-25T13:49:35.876Z monthly 0.6 https://detectionlint.org/library/spl-linux-iptables-firewall-modification-b14538fa 2026-04-25T13:49:35.784Z monthly 0.6 https://detectionlint.org/library/sigma-telegram-bot-api-request-eb0887d2 2026-04-25T13:49:35.605Z monthly 0.6 https://detectionlint.org/library/spl-cmd-carry-out-string-command-parameter-364a026b 2026-04-25T13:49:35.510Z monthly 0.6 https://detectionlint.org/library/spl-windows-debugger-tool-execution-2a03b254 2026-04-25T13:49:35.424Z monthly 0.6 https://detectionlint.org/library/spl-linux-sqlite3-privilege-escalation-4f6435d3 2026-04-25T13:49:34.963Z monthly 0.6 https://detectionlint.org/library/spl-linux-gnu-awk-privilege-escalation-63bfa521 2026-04-25T13:49:34.874Z monthly 0.6 https://detectionlint.org/library/sigma-spring-framework-exceptions-4d7c9c97 2026-04-25T13:49:34.782Z monthly 0.6 https://detectionlint.org/library/spl-disabling-controlpanel-22ab547a 2026-04-25T13:49:34.695Z monthly 0.6 https://detectionlint.org/library/spl-headless-browser-usage-a06704d9 2026-04-25T13:49:34.599Z monthly 0.6 https://detectionlint.org/library/spl-getdomaincontroller-with-powershell-485b8ed4 2026-04-25T13:49:34.510Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-keylogging-dd24faf4 2026-04-25T13:49:34.417Z monthly 0.6 https://detectionlint.org/library/spl-wermgr-process-spawned-cmd-or-powershell-process-7c873181 2026-04-25T13:49:34.326Z monthly 0.6 https://detectionlint.org/library/spl-linux-c99-privilege-escalation-e469734e 2026-04-25T13:49:34.236Z monthly 0.6 https://detectionlint.org/library/spl-getwmiobject-ds-computer-with-powershell-script-block-e4ad0ed1 2026-04-25T13:49:34.146Z monthly 0.6 https://detectionlint.org/library/kql-bash-shell-profile-modification-bf7ccaf9 2026-04-25T13:49:34.055Z monthly 0.6 https://detectionlint.org/library/sigma-bad-opsec-powershell-code-artifacts-2395f144 2026-04-25T13:49:33.964Z monthly 0.6 https://detectionlint.org/library/spl-getadcomputer-with-powershell-6dc9f79b 2026-04-25T13:49:33.886Z monthly 0.6 https://detectionlint.org/library/sigma-malicious-powershell-scripts---poshmodule-0805f4f0 2026-04-25T13:49:33.782Z monthly 0.6 https://detectionlint.org/library/sigma-malicious-powershell-scripts---filecreation-1e7bdc7d 2026-04-25T13:49:33.691Z monthly 0.6 https://detectionlint.org/library/spl-java-writing-jsp-file-5fd7f84c 2026-04-25T13:49:33.418Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-dd-file-overwrite-ee006a67 2026-04-25T13:49:33.331Z monthly 0.6 https://detectionlint.org/library/spl-linux-php-privilege-escalation-82b86832 2026-04-25T13:49:33.236Z monthly 0.6 https://detectionlint.org/library/spl-create-remote-thread-in-shell-application-460c774e 2026-04-25T13:49:33.148Z monthly 0.6 https://detectionlint.org/library/sigma-security-software-discovery---linux-10acbe8b 2026-04-25T13:49:33.053Z monthly 0.6 https://detectionlint.org/library/sigma-local-groups-discovery---linux-82ebbe2e 2026-04-25T13:49:32.962Z monthly 0.6 https://detectionlint.org/library/sigma-executable-from-webdav-7267af9e 2026-04-25T13:49:32.871Z monthly 0.6 https://detectionlint.org/library/kql-powershell-minidump-script-2ec9767e 2026-04-25T13:49:32.779Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-download-pattern-58cdce2b 2026-04-25T13:49:32.689Z monthly 0.6 https://detectionlint.org/library/kql-deprecated---potential-powershell-obfuscated-script-bef43124 2026-04-25T13:49:32.596Z monthly 0.6 https://detectionlint.org/library/sigma-python-initiated-connection-ceababc0 2026-04-25T13:49:32.509Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-profile-modification-eb79c243 2026-04-25T13:49:32.418Z monthly 0.6 https://detectionlint.org/library/spl-detect-remote-access-software-usage-process-4ac2a742 2026-04-25T13:49:32.052Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-insert-kernel-module-using-insmod-utility-1616d675 2026-04-25T13:49:31.868Z monthly 0.6 https://detectionlint.org/library/sigma-macos-scripting-interpreter-applescript-994588ec 2026-04-25T13:49:31.800Z monthly 0.6 https://detectionlint.org/library/spl-getlocaluser-with-powershell-c99ba045 2026-04-25T13:49:31.687Z monthly 0.6 https://detectionlint.org/library/sigma-data-compressed-128191e5 2026-04-25T13:49:31.508Z monthly 0.6 https://detectionlint.org/library/sigma-system-network-discovery---linux-a7b4fa79 2026-04-25T13:49:31.416Z monthly 0.6 https://detectionlint.org/library/spl-linux-ngrok-reverse-proxy-usage-02867056 2026-04-25T13:49:31.335Z monthly 0.6 https://detectionlint.org/library/sigma-potential-powershell-obfuscation-using-alias-cmdlets-00b68147 2026-04-25T13:49:31.236Z monthly 0.6 https://detectionlint.org/library/spl-powershell-start-bitstransfer-dd64db54 2026-04-25T13:49:31.143Z monthly 0.6 https://detectionlint.org/library/sigma-google-cloud-sql-database-modified-or-deleted-a0fdca29 2026-04-25T13:49:30.870Z monthly 0.6 https://detectionlint.org/library/spl-getadgroup-with-powershell-script-block-ce3fea45 2026-04-25T13:49:30.778Z monthly 0.6 https://detectionlint.org/library/spl-macos-keychains-dumped-e1788c97 2026-04-25T13:49:30.596Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---nppspy-hacktool-usage-b006a826 2026-04-25T13:49:30.505Z monthly 0.6 https://detectionlint.org/library/spl-linux-disable-services-c0d0bf9b 2026-04-25T13:49:30.439Z monthly 0.6 https://detectionlint.org/library/spl-detect-rclone-command-line-usage-ed49fb3d 2026-04-25T13:49:30.321Z monthly 0.6 https://detectionlint.org/library/spl-windows-bootloader-inventory-5f4d4571 2026-04-25T13:49:30.233Z monthly 0.6 https://detectionlint.org/library/sigma-script-interpreter-spawning-credential-scanner---linux-298071e0 2026-04-25T13:49:30.140Z monthly 0.6 https://detectionlint.org/library/sigma-opencanary---git-clone-request-57740eb1 2026-04-25T13:49:30.050Z monthly 0.6 https://detectionlint.org/library/spl-outbound-network-connection-from-java-using-default-ports-8071cc86 2026-04-25T13:49:29.958Z monthly 0.6 https://detectionlint.org/library/sigma-github-ssh-certificate-configuration-changed-1a393d7e 2026-04-25T13:49:29.777Z monthly 0.6 https://detectionlint.org/library/sigma-shell-execution-via-nice---linux-6beba1bc 2026-04-25T13:49:29.692Z monthly 0.6 https://detectionlint.org/library/spl-linux-kworker-process-in-writable-process-path-cc7b9d11 2026-04-25T13:49:29.590Z monthly 0.6 https://detectionlint.org/library/spl-process-writing-dynamicwrapperx-513419b2 2026-04-25T13:49:29.503Z monthly 0.6 https://detectionlint.org/library/spl-possible-lateral-movement-powershell-spawn-e1cb4ac6 2026-04-25T13:49:29.322Z monthly 0.6 https://detectionlint.org/library/spl-detect-certify-command-line-arguments-a07cf9bc 2026-04-25T13:49:29.228Z monthly 0.6 https://detectionlint.org/library/spl-windows-alternate-datastream---executable-content-f5dfd020 2026-04-25T13:49:29.136Z monthly 0.6 https://detectionlint.org/library/kql-first-time-python-created-a-launchagent-or-launchdaemon-d7a9ccc7 2026-04-25T13:49:29.048Z monthly 0.6 https://detectionlint.org/library/kql-powershell-invoke-ninjacopy-script-7d0180b7 2026-04-25T13:49:28.953Z monthly 0.6 https://detectionlint.org/library/sigma-capabilities-discovery---linux-cc46db8b 2026-04-25T13:49:28.865Z monthly 0.6 https://detectionlint.org/library/sigma-possible-dcsync-attack-3a428d55 2026-04-25T13:49:28.775Z monthly 0.6 https://detectionlint.org/library/spl-services-lolbas-execution-process-spawn-c55e9658 2026-04-25T13:49:28.682Z monthly 0.6 https://detectionlint.org/library/spl-linux-docker-root-directory-mount-b3c3b702 2026-04-25T13:49:28.409Z monthly 0.6 https://detectionlint.org/library/spl-getlocaluser-with-powershell-script-block-b42bb4c9 2026-04-25T13:49:28.318Z monthly 0.6 https://detectionlint.org/library/sigma-remove-immutable-file-attribute---auditd-b5d26da2 2026-04-25T13:49:28.227Z monthly 0.6 https://detectionlint.org/library/spl-cmd-echo-pipe---escalation-2aa0d988 2026-04-25T13:49:28.134Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-create-local-user-fd7dd1cb 2026-04-25T13:49:28.044Z monthly 0.6 https://detectionlint.org/library/spl-linux-csvtool-privilege-escalation-cc4a0f71 2026-04-25T13:49:27.953Z monthly 0.6 https://detectionlint.org/library/kql-svchost-spawning-cmd-e2e2a6b3 2026-04-25T13:49:27.864Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-setuid-using-setcap-utility-ea55a2f5 2026-04-25T13:49:27.776Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-install-kernel-module-using-modprobe-utility-d532d8b3 2026-04-25T13:49:27.683Z monthly 0.6 https://detectionlint.org/library/sigma-aadinternals-powershell-cmdlets-execution---psscript-3b25182b 2026-04-25T13:49:27.135Z monthly 0.6 https://detectionlint.org/library/spl-network-share-discovery-via-dir-command-e2db62ec 2026-04-25T13:49:27.043Z monthly 0.6 https://detectionlint.org/library/spl-linux-stdout-redirection-to-dev-null-file-7287587d 2026-04-25T13:49:26.950Z monthly 0.6 https://detectionlint.org/library/spl-linux-dd-file-overwrite-2533bba6 2026-04-25T13:49:26.769Z monthly 0.6 https://detectionlint.org/library/sigma-shell-execution-via-rsync---linux-7e112d12 2026-04-25T13:49:26.679Z monthly 0.6 https://detectionlint.org/library/kql-first-time-python-accessed-sensitive-credential-files-452f7ae5 2026-04-25T13:49:26.587Z monthly 0.6 https://detectionlint.org/library/sigma-live-memory-dump-using-powershell-5fb92954 2026-04-25T13:49:26.495Z monthly 0.6 https://detectionlint.org/library/spl-conti-common-exec-parameter-26e17c2a 2026-04-25T13:49:26.404Z monthly 0.6 https://detectionlint.org/library/spl-powershell-webrequest-using-memory-stream-87196f69 2026-04-25T13:49:26.316Z monthly 0.6 https://detectionlint.org/library/kql-powershell-keylogging-script-f5740197 2026-04-25T13:49:26.223Z monthly 0.6 https://detectionlint.org/library/sigma-psasyncshell---asynchronous-tcp-reverse-shell-d21602cc 2026-04-25T13:49:26.142Z monthly 0.6 https://detectionlint.org/library/spl-powershell-using-memory-as-backing-store-7b57a3eb 2026-04-25T13:49:26.041Z monthly 0.6 https://detectionlint.org/library/sigma-potential-python-dll-sideloading-6a8d6e90 2026-04-25T13:49:25.953Z monthly 0.6 https://detectionlint.org/library/sigma-potential-sam-database-dump-bf6eb68d 2026-04-25T13:49:25.910Z monthly 0.6 https://detectionlint.org/library/sigma-remote-powershell-session-ps-module-a2956dd6 2026-04-25T13:49:25.745Z monthly 0.6 https://detectionlint.org/library/sigma-python-sql-exceptions-68230e32 2026-04-25T13:49:23.064Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-shellcode-ff77d543 2026-04-25T13:49:22.975Z monthly 0.6 https://detectionlint.org/library/sigma-binary-padding---linux-d4b04043 2026-04-25T13:49:22.882Z monthly 0.6 https://detectionlint.org/library/sigma-java-payload-strings-aba3624d 2026-04-25T13:49:22.793Z monthly 0.6 https://detectionlint.org/library/sigma-python-image-load-by-non-python-process-ef21ecf9 2026-04-25T13:49:22.702Z monthly 0.6 https://detectionlint.org/library/spl-execute-javascript-with-jscript-com-clsid-85a441c9 2026-04-25T13:49:22.610Z monthly 0.6 https://detectionlint.org/library/sigma-capsh-shell-invocation---linux-e2f8ca06 2026-04-25T13:49:22.335Z monthly 0.6 https://detectionlint.org/library/kql-process-started-with-executable-stack-57b1bd83 2026-04-25T13:49:22.243Z monthly 0.6 https://detectionlint.org/library/sigma-python-webserver-execution---linux-f91fbaf8 2026-04-25T13:49:22.061Z monthly 0.6 https://detectionlint.org/library/sigma-python-one-liners-with-base64-decoding---linux-a46c712b 2026-04-25T13:49:21.970Z monthly 0.6 https://detectionlint.org/library/spl-windows-apache-benchmark-binary-e9d4c305 2026-04-25T13:49:21.790Z monthly 0.6 https://detectionlint.org/library/spl-vbscript-execution-using-wscript-app-b227dd19 2026-04-25T13:49:21.698Z monthly 0.6 https://detectionlint.org/library/sigma-binary-padding---macos-4233f005 2026-04-25T13:49:21.608Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-execute-batch-script-3522cc21 2026-04-25T13:49:21.517Z monthly 0.6 https://detectionlint.org/library/spl-linux-ssh-remote-services-script-execute-8a14584a 2026-04-25T13:49:21.331Z monthly 0.6 https://detectionlint.org/library/spl-linux-docker-shell-execution-d3deaf79 2026-04-25T13:49:21.239Z monthly 0.6 https://detectionlint.org/library/spl-linux-adding-crontab-using-list-parameter-47c91bcc 2026-04-25T13:49:21.161Z monthly 0.6 https://detectionlint.org/library/sigma-linux-hacktool-execution-a2feefb4 2026-04-25T13:49:21.060Z monthly 0.6 https://detectionlint.org/library/spl-powershell-execute-com-object-b5fae440 2026-04-25T13:49:20.978Z monthly 0.6 https://detectionlint.org/library/sigma-malicious-powershell-commandlets---scriptblock-a637b4f5 2026-04-25T13:49:20.787Z monthly 0.6 https://detectionlint.org/library/spl-jscript-execution-using-cscript-app-055a83c7 2026-04-25T13:49:20.606Z monthly 0.6 https://detectionlint.org/library/sigma-python-function-execution-security-warning-disabled-in-excel-e9825a4d 2026-04-25T13:49:20.514Z monthly 0.6 https://detectionlint.org/library/spl-linux-data-destruction-command-033e5d67 2026-04-25T13:49:20.332Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-xml-execute-command-14b5cb6d 2026-04-25T13:49:20.240Z monthly 0.6 https://detectionlint.org/library/spl-linux-kernel-module-enumeration-c11cfa9b 2026-04-25T13:49:19.875Z monthly 0.6 https://detectionlint.org/library/spl-linux-ruby-privilege-escalation-66cd4647 2026-04-25T13:49:19.693Z monthly 0.6 https://detectionlint.org/library/spl-linux-insert-kernel-module-using-insmod-utility-9f60fd65 2026-04-25T13:49:19.602Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---winpwn-execution---scriptblock-3cfaba80 2026-04-25T13:49:19.331Z monthly 0.6 https://detectionlint.org/library/sigma-unsigned-node-file-loaded-dcbc2bdf 2026-04-25T13:49:19.240Z monthly 0.6 https://detectionlint.org/library/spl-powershell-enable-powershell-remoting-8a6a02da 2026-04-25T13:49:19.149Z monthly 0.6 https://detectionlint.org/library/sigma-shell-invocation-via-ssh---linux-ffc31b99 2026-04-25T13:49:19.056Z monthly 0.6 https://detectionlint.org/library/kql-kill-command-execution-107cbc57 2026-04-25T13:49:18.966Z monthly 0.6 https://detectionlint.org/library/sigma-malicious-shellintel-powershell-commandlets-1ad131b7 2026-04-25T13:49:18.874Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-script-execution-policy-enabled-ef4e4d06 2026-04-25T13:49:18.783Z monthly 0.6 https://detectionlint.org/library/sigma-bash-interactive-shell-99121a43 2026-04-25T13:49:18.510Z monthly 0.6 https://detectionlint.org/library/sigma-django-framework-exceptions-ea4629a1 2026-04-25T13:49:18.326Z monthly 0.6 https://detectionlint.org/library/spl-linux-system-network-discovery-e3ece3ea 2026-04-25T13:49:18.236Z monthly 0.6 https://detectionlint.org/library/sigma-malicious-powershell-commandlets---poshmodule-984dfcdf 2026-04-25T13:49:18.147Z monthly 0.6 https://detectionlint.org/library/spl-malicious-powershell-process---encoded-command-71422c13 2026-04-25T13:49:18.055Z monthly 0.6 https://detectionlint.org/library/kql-powershell-script-with-encryptiondecryption-capabilities-60208fd7 2026-04-25T13:49:17.963Z monthly 0.6 https://detectionlint.org/library/sigma-application-using-device-code-authentication-flow-3e1ac553 2026-04-25T13:49:17.873Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-psattack-72299ccf 2026-04-25T13:49:17.779Z monthly 0.6 https://detectionlint.org/library/sigma-shell-invocation-via-env-command---linux-c3c83587 2026-04-25T13:49:17.717Z monthly 0.6 https://detectionlint.org/library/sigma-potential-php-reverse-shell-0585ef7a 2026-04-25T13:49:17.557Z monthly 0.6 https://detectionlint.org/library/spl-disabling-cmd-application-6490184d 2026-04-25T13:49:17.325Z monthly 0.6 https://detectionlint.org/library/spl-getadcomputer-with-powershell-script-block-7fc78060 2026-04-25T13:49:17.233Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---rubeus-execution---scriptblock-c980a655 2026-04-25T13:49:17.144Z monthly 0.6 https://detectionlint.org/library/spl-linux-install-kernel-module-using-modprobe-utility-b0445c2f 2026-04-25T13:49:17.052Z monthly 0.6 https://detectionlint.org/library/sigma-root-certificate-installed---powershell-e951a55d 2026-04-25T13:49:16.960Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-obfuscated-powershell-code-e4d9aca8 2026-04-25T13:49:16.870Z monthly 0.6 https://detectionlint.org/library/sigma-disable-windowsoptionalfeature-command-powershell-14aa0083 2026-04-25T13:49:16.779Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-data-destruction-command-3ded4e68 2026-04-25T13:49:16.687Z monthly 0.6 https://detectionlint.org/library/spl-linux-shred-overwrite-command-d505be97 2026-04-25T13:49:16.596Z monthly 0.6 https://detectionlint.org/library/sigma-powerview-powershell-cmdlets---scriptblock-130330cd 2026-04-25T13:49:16.504Z monthly 0.6 https://detectionlint.org/library/sigma-apache-threading-error-257c6414 2026-04-25T13:49:16.234Z monthly 0.6 https://detectionlint.org/library/spl-powershell-invoke-cimmethod-cimsession-fa4deb4b 2026-04-25T13:49:16.141Z monthly 0.6 https://detectionlint.org/library/spl-ms-scripting-process-loading-ldap-module-bf8207a1 2026-04-25T13:49:16.050Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-web-access-installation---psscript-995bb2ba 2026-04-25T13:49:15.948Z monthly 0.6 https://detectionlint.org/library/spl-firewall-allowed-program-enable-8d07ac84 2026-04-25T13:49:15.849Z monthly 0.6 https://detectionlint.org/library/sigma-dns-over-https-enabled-by-registry-d2aeb80d 2026-04-25T13:49:15.748Z monthly 0.6 https://detectionlint.org/library/sigma-shell-execution-via-git---linux-d4b5ccea 2026-04-25T13:49:15.649Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-downgrade-attack---powershell-ab0fe7d4 2026-04-25T13:49:15.551Z monthly 0.6 https://detectionlint.org/library/spl-ms-scripting-process-loading-wmi-module-decea106 2026-04-25T13:49:15.330Z monthly 0.6 https://detectionlint.org/library/spl-linux-setuid-using-setcap-utility-61b2ea26 2026-04-25T13:49:15.103Z monthly 0.6 https://detectionlint.org/library/spl-verclsid-clsid-execution-5ab9e664 2026-04-25T13:49:14.990Z monthly 0.6 https://detectionlint.org/library/spl-linux-edit-cron-table-parameter-ba9ec6ae 2026-04-25T13:49:14.877Z monthly 0.6 https://detectionlint.org/library/spl-github-workflow-file-creation-or-modification-7ffbe68b 2026-04-25T13:49:14.764Z monthly 0.6 https://detectionlint.org/library/spl-suspicious-mshta-spawn-e2bdf480 2026-04-25T13:49:14.650Z monthly 0.6 https://detectionlint.org/library/spl-linux-setuid-using-chmod-utility-a66bbf2e 2026-04-25T13:49:14.523Z monthly 0.6 https://detectionlint.org/library/sigma-potential-persistence-using-debugpath-726f2687 2026-04-25T13:49:14.391Z monthly 0.6 https://detectionlint.org/library/kql-potential-powershell-hacktool-script-by-function-names-19aa632d 2026-04-25T13:49:14.264Z monthly 0.6 https://detectionlint.org/library/spl-getdomaincontroller-with-powershell-script-block-2a797d62 2026-04-25T13:49:14.132Z monthly 0.6 https://detectionlint.org/library/sigma-exploit-framework-user-agent-892606b2 2026-04-25T13:49:14.014Z monthly 0.6 https://detectionlint.org/library/sigma-remove-immutable-file-attribute-ef475db3 2026-04-25T13:49:13.850Z monthly 0.6 https://detectionlint.org/library/spl-wermgr-process-create-executable-file-43002452 2026-04-25T13:49:13.737Z monthly 0.6 https://detectionlint.org/library/sigma-potential-ruby-reverse-shell-3b3a7c51 2026-04-25T13:49:13.551Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-write-eventlog-usage-da62ddf7 2026-04-25T13:49:13.399Z monthly 0.6 https://detectionlint.org/library/spl-disabling-task-manager-548102e7 2026-04-25T13:49:13.247Z monthly 0.6 https://detectionlint.org/library/spl-linux-gdrive-binary-activity-83d125ee 2026-04-25T13:49:13.098Z monthly 0.6 https://detectionlint.org/library/sigma-inline-python-execution---spawn-shell-via-os-system-library-069a5038 2026-04-25T13:49:12.947Z monthly 0.6 https://detectionlint.org/library/sigma-python-reverse-shell-execution-via-pty-and-socket-modules-4fab8055 2026-04-25T13:49:12.783Z monthly 0.6 https://detectionlint.org/library/sigma-webshell-remote-command-execution-9ef1058a 2026-04-25T13:49:12.585Z monthly 0.6 https://detectionlint.org/library/spl-logon-script-event-trigger-execution-232adcf6 2026-04-25T13:49:12.401Z monthly 0.6 https://detectionlint.org/library/spl-getdomaincomputer-with-powershell-9fbca153 2026-04-25T13:49:12.221Z monthly 0.6 https://detectionlint.org/library/spl-windows-diskcryptor-usage-47527f98 2026-04-25T13:49:12.040Z monthly 0.6 https://detectionlint.org/library/spl-linux-stop-services-995ddc4c 2026-04-25T13:49:11.859Z monthly 0.6 https://detectionlint.org/library/kql-react2shell-network-security-alert-3ca6b1c2 2026-04-25T13:49:11.633Z monthly 0.6 https://detectionlint.org/library/sigma-hacktool---evil-winrm-execution---powershell-module-5f9962f6 2026-04-25T13:49:11.410Z monthly 0.6 https://detectionlint.org/library/sigma-suspicious-git-clone---linux-70b61cf2 2026-04-25T13:49:11.182Z monthly 0.6 https://detectionlint.org/library/kql-powershell-psreflect-script-2a53e6ec 2026-04-25T13:49:10.974Z monthly 0.6 https://detectionlint.org/library/spl-linux-node-privilege-escalation-89495618 2026-04-25T13:49:10.729Z monthly 0.6 https://detectionlint.org/library/spl-linux-auditd-kernel-module-enumeration-dcf6182a 2026-04-25T13:49:10.504Z monthly 0.6 https://detectionlint.org/library/spl-windows-executable-in-loaded-modules-b09a050c 2026-04-25T13:49:10.201Z monthly 0.6 https://detectionlint.org/library/spl-clop-common-exec-parameter-ca7d3a71 2026-04-25T13:49:09.900Z monthly 0.6 https://detectionlint.org/library/spl-getdomaincomputer-with-powershell-script-block-ac968754 2026-04-25T13:49:09.600Z monthly 0.6 https://detectionlint.org/library/spl-linux-at-application-execution-9162af44 2026-04-25T13:49:09.301Z monthly 0.6 https://detectionlint.org/library/spl-windows-computerdefaults-spawning-a-process-4694d400 2026-04-25T13:49:08.997Z monthly 0.6 https://detectionlint.org/library/kql-application-id-uri-changed-e080ec71 2026-04-25T13:49:08.697Z monthly 0.6 https://detectionlint.org/library/sigma-linux-sudo-chroot-execution-db8911e3 2026-04-25T13:49:08.197Z monthly 0.6 https://detectionlint.org/library/spl-powershell-creating-thread-mutex-4ae1448d 2026-04-25T13:49:07.192Z monthly 0.6 https://detectionlint.org/library/spl-sqlite-module-in-temp-folder-c9d84500 2026-04-25T13:49:06.692Z monthly 0.6 https://detectionlint.org/library/sigma-powershell-msxml-com-object-ceee9e0f 2026-04-25T13:49:06.057Z monthly 0.6