Detection rules › By event

Microsoft-Windows-Sysmon event 6

14 detection rules reference this event. View event page.

Sigma (10)

Driver Load From A Temporary Directory severity high T1543.003
Malicious Driver Load severity high T1068, T1543.003
Malicious Driver Load By Name severity medium T1068, T1543.003
PUA - Process Hacker Driver Load severity high T1543
PUA - System Informer Driver Load severity medium T1543
Vulnerable Driver Load severity high T1068, T1543.003
Vulnerable Driver Load By Name severity low T1068, T1543.003
Vulnerable HackSys Extreme Vulnerable Driver Load severity high T1543.003
Vulnerable WinRing0 Driver Load severity high T1543.003
WinDivert Driver Load severity high T1557.001, T1599.001

Splunk (4)