Detection rules › By event
Microsoft-Windows-Security-Auditing event 4698
Sigma (1)
Elastic (3)
Splunk (10)
- Randomly Generated Scheduled Task Name
- Schedule Task with HTTP Command Arguments
- Schedule Task with Rundll32 Command Trigger
- Short Lived Scheduled Task
- Windows Hidden Schedule Task Settings
- Windows Scheduled Task with Suspicious Command
- Windows Scheduled Task with Suspicious Name
- Windows Scheduled Tasks for CompMgmtLauncher or Eventvwr
- WinEvent Scheduled Task Created to Spawn Shell
- WinEvent Scheduled Task Created Within Public Path