Rules

Rules are descriptions of log events to identify security incidents. Rules are written in Sigma format, a generic and open signature format. Rules are very flexible and rules can be translated to a variety of SIEM and EDR formats.

Rule description: Test
Rule Tags:
Group name: SIEM 503c06a2-8d59-404c-b211-b6ee56e07a8d
Created by user: mlsabban
Version: 1.0
Visibility: Public
Rule level: low
Rule UUID: c3514a74-6d5e-4bfb-ada5-222ac7689b96
Theme count: 0 (View themes)
Is clone: False
Clone type: Not Clone
Created date: 2022/05/25
Last update date: 2022/05/25
Rule description: Detects suspicious encoded payloads in WMI Event Consumers
Rule Tags: attack.persistence attack.execution attack.t1546.003 attack.t1047
Group name: test 7d4482a8-962e-42cf-be6c-5b50105d75c3
Created by user: khalafktele
Version: 1.0
Visibility: Public
Rule level: high
Rule UUID: b05f393e-0186-42ae-8753-dacb403c772e
Theme count: 0 (View themes)
Is clone: True 1a26fa48-2c82-4663-90b3-b405bcc7db96
Clone type: Writable
Created date: 2021/09/01
Last update date: 2022/05/12