Detection rules › By event

Microsoft-Windows-Sysmon event 15

12 detection rules reference this event. View event page.

Sigma (9)

Creation Of a Suspicious ADS File Outside a Browser Download severity medium
Exports Registry Key To an Alternate Data Stream severity high T1564.004
HackTool Named File Stream Created severity high T1564.004
Hidden Executable In NTFS Alternate Data Stream severity medium T1564.004
Potential Suspicious Winget Package Installation severity high
Potentially Suspicious File Download From ZIP TLD severity high
Suspicious File Download From File Sharing Websites - File Stream severity high T1564.004
Unusual File Download from Direct IP Address severity high T1564.004
Unusual File Download From File Sharing Websites - File Stream severity medium T1564.004

Splunk (3)