Detection rules › SigmaCodeIntegrity - Revoked Image LoadedSeverityhighAuthorNasreddine Bencherchali (Nextron Systems)SourceupstreamDetects image load events with revoked certificates by code integrity.Event coverageProviderEvent IDTitleCodeIntegrity3032Code Integrity determined a revoked image FileNameBuffer is loaded into the system.CodeIntegrity3035Code Integrity determined a revoked image FileNameBuffer is loaded into the system.Stages and PredicatesStage 1: selection