Detection rules › SigmaCodeIntegrity - Revoked Kernel Driver LoadedSeverityhighAuthorNasreddine Bencherchali (Nextron Systems)SourceupstreamDetects the load of a revoked kernel driverEvent coverageProviderEvent IDTitleCodeIntegrity3021Code Integrity determined a revoked kernel module FileNameBuffer is loaded into the system.CodeIntegrity3022Code Integrity determined a revoked kernel module FileNameBuffer is loaded into the system.Stages and PredicatesStage 1: selection