This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
We have a list of ~500k CIDRs previously used as a lookup table in
Splunk that we would like to replicate as a Reference Table in
Chronicle. Issue is the list far exceeds the bounds of what Chronicle
allowsThere are almost 500k CIDR ranges with no ex...
Hi, Does anyone have a sample rule example for detecting WMIC Suspicious
Scheduled Tasks and WMIC File Download? I am looking for both Scheduled
Task and File Download. My search of Github did not fectch me any
results unfortunately.
Hello Experts, Can someone please provide some sample rules to detect
SharpH0und, Cred Dumping?Is this one of the detection premises for this
detection rule? Look for processes with names matching SharpHound (e.g.,
"SharpHound.exe", "SharpHound.x64.e...
Hello Experts, Can someone please provide some sample rules to detect
WebShell detections?In Essense are trying to look for events related to
file creation, modification, or deletion, particularly in commonly
targeted locations like web application r...
Can someone please provide some guidance on how to go about writing a
YARA-L rule for to detect this?- Randomized powershell executables -
hash is poweshell.exe but file name is different.
Thanks John for the detailed explanation. Yes I am looking for
masquerading solutions for PowerShell. Let me get started with some of
the ideas you shared here and circle back if I have any further
questions!
