Day 48 #100DaysofSigma Stop those pesky OneNote files before a user can open them with the OneNote Attachment File Dropped In Suspicious Location rule from @nas_bench. github.com/SigmaHQ/sigma/blo…
sigma/file_event_win_one_extension_files_in_susp_locations.yml at 4921c96703cb60dcc54898d9a1f65f5...
Main Sigma Rule Repository. Contribute to SigmaHQ/sigma development by creating an account on GitHub.github.com
Ideally, these files are blocked at the email gateway and firewall, but catch them dropped to these locations for a layered approach. Sometimes a malicious file can lurk on disk, waiting for the user to accidentally interact with them days or weeks later, be proactive.
Jan 27, 2023 · 1:55 PM UTC