Home
Security Monitoring Management Pack
All Rules in category: Security Monitoring Management Pack
ID
Management Pack Name
Management Pack Version
Security.Monitoring.Collect.SMBv1Connections
Security.Monitoring
1.0.7.1
Security.Monitoring.CollectionRule.CollectLAPSEvents
Security.Monitoring
1.0.7.1
Security.Monitoring.CollectLegacyTLSEvents
Security.Monitoring
1.0.7.1
Security.Monitoring.Event.4688.GenericCryptoRansomWare
Security.Monitoring
1.0.7.1
Security.Monitoring.Event.ByPassExecutionPolicy
Security.Monitoring
1.0.7.1
Security.Monitoring.Event.InvokeEncodedCommand
Security.Monitoring
1.0.7.1
Security.Monitoring.Event.InvokeRemoteExpression
Security.Monitoring
1.0.7.1
Security.Monitoring.Event.KillWindowsDefender
Security.Monitoring
1.0.7.1
Security.Monitoring.Event.PowerShellRuninMemoryOnly
Security.Monitoring
1.0.7.1
Security.Monitoring.Event.RemoteRegSvr32
Security.Monitoring
1.0.7.1
Security.Monitoring.Event.SeDebugPrivilegeEscalation
Security.Monitoring
1.0.7.1
Security.Monitoring.Event.WMIPersistence
Security.Monitoring
1.0.7.1
Security.Monitoring.Event.WMIRemote.Destination
Security.Monitoring
1.0.7.1
Security.Monitoring.Event.WMIRemote.Source
Security.Monitoring
1.0.7.1
Security.Monitoring.EventCollection.LanMan
Security.Monitoring
1.0.7.1
Security.Monitoring.EventCollection.NTLMV1
Security.Monitoring
1.0.7.1
Security.Monitoring.EventCollection.WdigestAuthentication
Security.Monitoring
1.0.7.1
Security.Monitoring.ExecutableRunFromUserWriteableDirectory
Security.Monitoring
1.0.7.1
Security.Monitoring.ExecutableRuninWriteableDirectoriesExtended
Security.Monitoring
1.0.7.1
Security.Monitoring.ForwardedEvents.4688.GenericCryptoRansomWare
Security.Monitoring
1.0.7.1
Security.Monitoring.ForwardedEvents.ByPassExecutionPolicy
Security.Monitoring
1.0.7.1
Security.Monitoring.ForwardedEvents.CollectLAPSEvents
Security.Monitoring
1.0.7.1
Security.Monitoring.ForwardedEvents.DebugEscalation
Security.Monitoring
1.0.7.1
Security.Monitoring.ForwardedEvents.ExecutableRunFromUserWriteableDirectory
Security.Monitoring
1.0.7.1
Security.Monitoring.ForwardedEvents.FindAVSignature
Security.Monitoring
1.0.7.1
Security.Monitoring.ForwardedEvents.GetDLLLoadPath
Security.Monitoring
1.0.7.1
Security.Monitoring.ForwardedEvents.GetHTTPStatus
Security.Monitoring
1.0.7.1
Security.Monitoring.ForwardedEvents.GetKeystroke
Security.Monitoring
1.0.7.1
Security.Monitoring.ForwardedEvents.InvokeDLLInjection
Security.Monitoring
1.0.7.1
Security.Monitoring.ForwardedEvents.InvokeEncodedCommand
Security.Monitoring
1.0.7.1
Security.Monitoring.ForwardedEvents.InvokeMimikatz
Security.Monitoring
1.0.7.1
Security.Monitoring.ForwardedEvents.InvokeNinjaCopy
Security.Monitoring
1.0.7.1
Security.Monitoring.ForwardedEvents.InvokePortScan
Security.Monitoring
1.0.7.1
Security.Monitoring.ForwardedEvents.InvokeRemoteExpression
Security.Monitoring
1.0.7.1
Security.Monitoring.ForwardedEvents.InvokeShellCodeInUse
Security.Monitoring
1.0.7.1
Security.Monitoring.ForwardedEvents.KillWindowsDefender
Security.Monitoring
1.0.7.1
Security.Monitoring.ForwardedEvents.PowerShellRuninMemoryOnly
Security.Monitoring
1.0.7.1
Security.Monitoring.ForwardedEvents.PowerShellStartHiddenProcess
Security.Monitoring
1.0.7.1
Security.Monitoring.ForwardedEvents.RemoteRegSvr32
Security.Monitoring
1.0.7.1
Security.Monitoring.PowerShellLog.FindAVSignature
Security.Monitoring
1.0.7.1
Security.Monitoring.PowerShellLog.GetDLLLoadPath
Security.Monitoring
1.0.7.1
Security.Monitoring.PowerShellLog.GetHTTPStatus
Security.Monitoring
1.0.7.1
Security.Monitoring.PowerShellLog.GetKeystroke
Security.Monitoring
1.0.7.1
Security.Monitoring.PowerShellLog.InvokeDLLInjection
Security.Monitoring
1.0.7.1
Security.Monitoring.PowerShellLog.InvokeMimikatzInUse
Security.Monitoring
1.0.7.1
Security.Monitoring.PowerShellLog.InvokeNinjaCopy
Security.Monitoring
1.0.7.1
Security.Monitoring.PowerShellLog.InvokePortScan
Security.Monitoring
1.0.7.1
Security.Monitoring.PowerShellLog.InvokeShellCodeInUse
Security.Monitoring
1.0.7.1
Security.Monitoring.PowerShellLog.PowerShellStartHiddenProcess
Security.Monitoring
1.0.7.1
Security.Monitoring.SecurityLogClearedv2
Security.Monitoring
1.0.7.1
Security.Monitoring.SecurityMonitoring.Event.DCOUModify
Security.Monitoring
1.0.7.1
Security.Monitoring.SecurityMonitoring.Event.GPOCreation
Security.Monitoring
1.0.7.1
Security.Monitoring.SecurityMonitoring.Event.GPODeletionRule
Security.Monitoring
1.0.7.1
Security.Monitoring.SecurityMonitoring.Event.ScheduledTaskCreatedOnServer
Security.Monitoring
1.0.7.1
Security.Monitoring.SecurityMonitoring.Event.ServiceCreatedonDC
Security.Monitoring
1.0.7.1
Security.Monitoring.SuspiciousUserContext
Security.Monitoring
1.0.7.1
Security.Monitoring.SystemLogClearedv2
Security.Monitoring
1.0.7.1
SecurityMonitoring.Event.FailedLogin
Security.Monitoring
1.0.7.1
SecurityMonitoring.Failed.Login.Attempts.Collection
Security.Monitoring
1.0.7.1
SecurityMonitoringMP.Accounts.DomainAdminChange
Security.Monitoring
1.0.7.1
SecurityMonitoringMP.Accounts.EnterpriseAdminChange
Security.Monitoring
1.0.7.1
SecurityMonitoringMP.Accounts.LocalAdminChange
Security.Monitoring
1.0.7.1
SecurityMonitoringMP.Accounts.SchemaAdminChange
Security.Monitoring
1.0.7.1
SecurityMonitoringMP.APPLocker.Mimikatz
Security.Monitoring
1.0.7.1
SecurityMonitoringMP.APPLocker.ProhibitedApp
Security.Monitoring
1.0.7.1
SecurityMonitoringMP.APPLocker.PSExec
Security.Monitoring
1.0.7.1
SecurityMonitoringMP.APPLocker.WCE
Security.Monitoring
1.0.7.1
SecurityMonitoringMP.APPLocker.WinRar
Security.Monitoring
1.0.7.1
SecurityMonitoringMP.Event.4688.SuspiciousApplockerJava
Security.Monitoring
1.0.7.1
SecurityMonitoringMP.Event.4688.SuspiciousApplockerRegsvr
Security.Monitoring
1.0.7.1
SecurityMonitoringMP.Event.4688.SuspiciousCMD
Security.Monitoring
1.0.7.1
SecurityMonitoringMP.Event.4688.SuspiciousFTPCommand
Security.Monitoring
1.0.7.1
SecurityMonitoringMP.Event.4688.SuspiciousReg
Security.Monitoring
1.0.7.1
SecurityMonitoringMP.Event.4688.SuspiciousWindowsPosition
Security.Monitoring
1.0.7.1
SecurityMonitoringMP.Event.GoldenTicketDetection
Security.Monitoring
1.0.7.1
SecurityMonitoringMP.Event.LocalAccountCreatedonServer
Security.Monitoring
1.0.7.1
SecurityMonitoringMP.Event.SecurityLogCleared
Security.Monitoring
1.0.7.1
SecurityMonitoringMP.Event.ServiceCreatedonMemberServer
Security.Monitoring
1.0.7.1
SecurityMonitoringMP.Event.ServiceKnownThreat
Security.Monitoring
1.0.7.1
SecurityMonitoringMP.Event.SmartCardDisabled
Security.Monitoring
1.0.7.1
SecurityMonitoringMP.Event.SoftwareInstallOnServer
Security.Monitoring
1.0.7.1
SecurityMonitoringMP.Event.SoftwareRemovedFromServer
Security.Monitoring
1.0.7.1
SecurityMonitoringMP.Event.SystemLogCleared
Security.Monitoring
1.0.7.1
SecurityMonitoringMP.Event.SystemPoweredOff
Security.Monitoring
1.0.7.1
SecurityMonitoringMP.Event.SystemRestarted
Security.Monitoring
1.0.7.1
SecurityMonitoringMP.Event.UnexpectedShutdown
Security.Monitoring
1.0.7.1
SecurityMonitoringMP.EventCollection.4672
Security.Monitoring
1.0.7.1
SecurityMonitoringMP.EventCollection.BatchLogon
Security.Monitoring
1.0.7.1
SecurityMonitoringMP.EventCollection.GoldenTicket
Security.Monitoring
1.0.7.1
SecurityMonitoringMP.EventCollection.SpecialGroupLogon
Security.Monitoring
1.0.7.1
SecurityMonitoringMP.ForwardedEvents.4688.SuspiciousApplockerJava
Security.Monitoring
1.0.7.1
SecurityMonitoringMP.ForwardedEvents.4688.SuspiciousApplockerRegsvr
Security.Monitoring
1.0.7.1
SecurityMonitoringMP.ForwardedEvents.4688.SuspiciousCMD
Security.Monitoring
1.0.7.1
SecurityMonitoringMP.ForwardedEvents.4688.SuspiciousFTPCommand
Security.Monitoring
1.0.7.1
SecurityMonitoringMP.ForwardedEvents.4688.SuspiciousReg
Security.Monitoring
1.0.7.1
SecurityMonitoringMP.ForwardedEvents.4688.SuspiciousWindowsPosition
Security.Monitoring
1.0.7.1
SecurityMonitoringMP.ForwardedEvents.CredentialSwap
Security.Monitoring
1.0.7.1
SecurityMonitoringMP.ForwardedEvents.LocalUserCreatedDeleted
Security.Monitoring
1.0.7.1
SecurityMonitoringMP.ForwardedEvents.ProhibitedApp
Security.Monitoring
1.0.7.1
SecurityMonitoringMP.ForwardedEvents.PtHTier2
Security.Monitoring
1.0.7.1
SecurityMonitoringMP.ForwardedEvents.SecurityLogCleared
Security.Monitoring
1.0.7.1
SecurityMonitoringMP.ForwardedEvents.ServiceCreation
Security.Monitoring
1.0.7.1
SecurityMonitoringMP.ForwardedEvents.ServiceCreationKnownThreats
Security.Monitoring
1.0.7.1
SecurityMonitoringMP.ForwardedEvents.SpecialGroupLogon
Security.Monitoring
1.0.7.1
SecurityMonitoringMP.ForwardedEvents.SystemLogCleared
Security.Monitoring
1.0.7.1
SecurityMonitoringMP.GPOMonitoring.EventAndScript.Rule
Security.Monitoring
1.0.7.1
SecurityMonitoringMP.Pth.CredentialSwap
Security.Monitoring
1.0.7.1
SecurityMonitoringMP.Pth.PtHAgainstDC
Security.Monitoring
1.0.7.1
SecurityMonitoringMP.Pth.PtHAgainstTier1
Security.Monitoring
1.0.7.1
SecurityMonitoringMP.ThreatHunt.BatchLogonInUse
Security.Monitoring
1.0.7.1
SecurityMonitoringMP.ThreatHunt.SpecialGroupLogon
Security.Monitoring
1.0.7.1
All Rules in category: Security Monitoring Management Pack
Home