MicroSOC
MB

Muath Al Badi

Security Analyst

Detection Rules

Browse and manage SIEM and Sigma detection rules

Filters
Refine detection rules
Detection Rules
Browse and manage detection rules from various security tools
NameToolSeverityStatusUpdatedActions
PowerShell Encoded Command Execution
Detects PowerShell execution with encoded commands, which is commonly used by attackers to obfuscate malicious code.
SplunkSIEM
High
Active
2023-11-15
Multiple Failed Logins from Same Source IP
Detects multiple failed login attempts from the same source IP address, which may indicate a brute force attack.
SplunkSIEM
Medium
Active
2023-10-28
Suspicious Registry Modifications
Detects suspicious modifications to registry keys that are commonly used for persistence.
QRadarSIEM
Medium
Active
2023-11-08
Unusual User Agent in Web Requests
Detects web requests with unusual user agent strings that may indicate malicious activity.
ElasticSIEM
Low
Active
2023-10-30
Suspicious Process Creation via WMIC
Detects suspicious process creation via Windows Management Instrumentation Command-line (WMIC), a technique used by attackers for execution.
SigmaSigma
Medium
Active
2023-10-20
Suspicious PowerShell Download Cradle
Detects PowerShell download cradles that are commonly used to download and execute malicious code.
SigmaSigma
High
Active
2023-11-12
Suspicious Service Installation
Detects suspicious service installation commands that may indicate persistence or privilege escalation.
SigmaSigma
High
Active
2023-11-05