frack113

To check a not egal you have to use `lt` and `gt` together. `neq` is simpler

### Summary of the Pull Request Detect the use of Rustdesk. when use for the fisrt time official binary create rustdesk.exe in the Appdata folder As it can be use...

Add proc_creation_win_parent_run_itself

1

### Summary of the Pull Request In many sandbox result , malicious executable run itself . The new process is launch suspended but this information did exist in the process_creation...

Tamper firewall by Registry

2

### Summary of the Pull Request From the Sandbox , play the reg command  ### Changelog new: Add Exceptions to Microsoft Defender Firewall via Registry new: Enable Exceptions Microsoft...

### Summary of the Pull Request I try EDRSilencer and search for artefact ### Changelog new: FWPUCLNT.DLL Loaded Via Uncommon Process new: Potential WFP Filters to Block Security Tools ###...

When use the `field_name_mapping` to map to a field name the query lose the contrains ```yaml title: Example Rule description: This is an example rule to demonstrate the structure of...

ci: 🤖 Fix URL for sigma_schema_url

1

### Summary of the Pull Request Fix URL for sigma_schema_url with the new specification v2.0 path ### Changelog chore: Fix URL for sigma_schema_url in validate.py ### Example Log Event ###...