Detection rules › Sigma
Sysmon Blocked Executable
Triggers on any Sysmon "FileBlockExecutable" event, which indicates a violation of the configured block policy
Event coverage
| Provider | Event ID | Title |
|---|---|---|
| Sysmon | 27 | FileBlockExecutable |
Detection rules › Sigma
Triggers on any Sysmon "FileBlockExecutable" event, which indicates a violation of the configured block policy
| Provider | Event ID | Title |
|---|---|---|
| Sysmon | 27 | FileBlockExecutable |
selection