Detect F5 BIG-IP Critical Vulnerability Exploitation Attempt with Free Sigma Detection Rule
To apply this detection rule, you can convert it to your SIEM language. It is also recommended to update…
Read more
Detect Indicator Blocking with these free splunk Detection Rules
An adversary may attempt to block indicators or events typically captured by sensors from being gathered and analyzed. This could…
Detect Hidden Windows with this free Splunk Detection Rule
Adversaries may implement hidden windows to conceal malicious activity from the plain sight of users. In some cases, windows that…
Detect Hidden Files and Directories with this free Splunk Detection Rule
To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a…
Detect File Deletion with these free Splunk Detection Rules
Malware, tools, or other non-native files dropped or created on a system by an adversary may leave traces behind as…
Detect File and Directory Permissions Modification with this free Splunk Detection Rule
File and directory permissions are commonly managed by discretionary access control lists (DACLs) specified by the file or directory owner.…
Detect Deobfuscate/Decode Files or Information with this free Splunk Detection Rule
Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from the analysis. They may require separate…