Detection Rules
Sigma & YARA Signatures
Pre-built detection rules mapped to MITRE ATT&CK techniques. Deploy these signatures in your SIEM, EDR, and malware analysis tools.
Windows Event Log Cleared
Detects clearing of Windows event logs to hide malicious activity
Suspicious WMIC Execution
Detects suspicious WMIC commands often used for reconnaissance and execution
Registry Run Key Modification
Detects modifications to registry run keys for persistence
Active Directory Enumeration
Detects Active Directory enumeration using common tools
DNS Tunneling
Detects potential DNS tunneling based on query patterns
Scheduled Task Creation
Detects creation of scheduled tasks which may be used for persistence
Remote Desktop Connection
Detects RDP connections which may indicate lateral movement
LSASS Memory Dump
Detects attempts to dump LSASS process memory for credential extraction
Cobalt Strike Beacon
Detects Cobalt Strike beacon communication patterns
Volume Shadow Copy Deletion
Detects deletion of volume shadow copies often performed by ransomware
Mass File Encryption
Detects rapid file modifications indicative of ransomware encryption