Wietze

Hi @frack113 , Thanks for your message. You're right that for Eventlog/Sysmon-based targets, there is a single field for both registry key and value. A lot of (most?) other technologies...

Just to reiterate, my proposal is **not** to remove/reduce functionality - all existing rules would still work with Sysmon and related targets. e.g. Sigma YAML files referencing `RegistryKey` would generate...

I agree with your analysis @nighttardis , although it has to be said that for the example given by @GeeG33 : ```yml filter: TargetFilename|endswith: - CacheCleanup.bin - .txt - .log...

Related: #1653

Do you happen to know from which version it stopped doing so? We can add a precondition on the entry.

Hey strangerdanger010, glad to see you found this research and doing some testing yourself. Regarding the final `KeyError`, it suggests you have a CSV file generated for `msdrm.dll` but does...

I found this, it appears to be called _Acrylic Blur_ in Windows 10v1803: https://withinrafael.com/2018/02/01/adding-acrylic-blur-to-your-windows-10-apps-redstone-4-desktop-apps/ Code: https://github.com/riverar/sample-win32-acrylicblur

Hey, it complained because if you specify a vendor, you have to create the file in the vendor's folder. I have created a `cyberark/` folder and put the file in...

Hey @DemanNL , thanks for opening this issue! The first one would be in scope for this project; the problem is that there are many vulnerable programs. Perhaps if you...

With a .exe file, i got this: I could not get the .exe to execute. With a .msi file, i got this: I was able to get the .msi to...