Sponsor of the Day:
Jerkmate
https://detection.fyi/sigmahq/sigma/linux/auditd/syscall/lnx_auditd_create_account/
Creation Of An User Account | Detection.FYI
Detects the creation of a new user account. Such accounts may be used for persistence that do not require persistent remote access tools to be deployed on the …
account detection fyicreationuser
https://detection.fyi/sigmahq/sigma/cloud/azure/audit_logs/azure_user_password_change/
Password Reset By User Account | Detection.FYI
Detect when a user has reset their password in Azure AD
account detection fyipassword resetuser
https://detection.fyi/sigmahq/sigma/windows/builtin/security/win_security_susp_dsrm_password_change/
Password Change on Directory Service Restore Mode (DSRM) Account | Detection.FYI
Detects potential attempts made to set the Directory Services Restore Mode administrator password. The Directory Service Restore Mode (DSRM) account is a local...
account detection fyipassword changedirectory servicerestoremode
https://detection.fyi/sigmahq/sigma/linux/process_creation/proc_creation_lnx_esxcli_permission_change_admin/
ESXi Admin Permission Assigned To Account Via ESXCLI | Detection.FYI
Detects execution of the
admin permissionaccount viadetection fyiesxiassigned