Detection rules › By event

Microsoft-Windows-Sysmon event 12

46 detection rules reference this event. View event page.

Sigma (33)

Atbroker Registry Change severity medium T1218, T1547
CMSTP Execution Registry Event severity high T1218.003
Creation of a Local Hidden User Account by Registry severity high T1136.001
Disable Security Events Logging Adding Reg Key MiniNt severity high T1112, T1562.002
DLL Load via LSASS severity high T1547.008
Esentutl Volume Shadow Copy Service Keys severity high T1003.002
HybridConnectionManager Service Installation - Registry severity high T1608
Narrator's Feedback-Hub Persistence severity high T1547.001
NetNTLM Downgrade Attack - Registry severity high T1112, T1562.001
New DLL Added to AppCertDlls Registry Key severity medium T1546.009
New DLL Added to AppInit_DLLs Registry Key severity medium T1546.010
New PortProxy Registry Entry Added severity medium T1090
Office Application Startup - Office Test severity medium T1137.002
Path To Screensaver Binary Modified severity medium T1546.002
Potential Credential Dumping Via LSASS SilentProcessExit Technique severity critical T1003.001
Potential Persistence Via Disk Cleanup Handler - Registry severity medium
Potential Qakbot Registry Activity severity high T1112
RedMimicry Winnti Playbook Registry Manipulation severity high T1112
Registry Entries For Azorult Malware severity critical T1112
Registry Persistence Mechanisms in Recycle Bin severity high T1547
Registry Tampering by Potentially Suspicious Processes severity medium T1059.005, T1112
Run Once Task Configuration in Registry severity medium T1112
Security Support Provider (SSP) Added to LSA Configuration severity high T1547.005
Shell Open Registry Keys Manipulation severity high T1546.001, T1548.002
Sticky Key Like Backdoor Usage - Registry severity critical T1546.008
Suspicious Camera and Microphone Access severity high T1123, T1125
Suspicious Run Key from Download severity high T1547.001
UAC Bypass Via Wsreset severity high T1548.002
Wdigest CredGuard Registry Modification severity high T1112
Windows Credential Editor Registry severity critical T1003.001
Windows Defender Threat Severity Default Action Modified severity high T1562.001
Windows Registry Trust Record Modification severity medium T1566.001
WINEKEY Registry Modification severity high T1547

Microsoft-Windows-Sysmon event 12

Sigma (33)

Splunk (13)

Keyboard Shortcuts