Detects suspicious PowerShell download patterns that are often used in malicious scripts, stagers or downloaders (make sure that your backend applies the strings case-insensitive)
Detects suspicious PowerShell download patterns that are often used in malicious scripts, stagers or downloaders (make sure that your backend applies the strings case-insensitive)
Enable Dynamic Data Exchange protocol (DDE) in all supported editions of Microsoft Word or Excel.
Detects suspicious Windows Update Agent activity in which a wuauclt.exe process command line doesn’t contain any command line flags
Detects suspicious activity in which the MSExchangeMailboxReplication process writes .asp and .apsx files to disk, which could be a sign of ProxyShell exploitation
This rule detects suspicious processes with parent images located in the C:\Users\Public folder