Sponsor of the Day:
Jerkmate
https://detection.fyi/sigmahq/sigma/identity/okta/okta_user_session_start_via_anonymised_proxy/
Okta User Session Start Via An Anonymising Proxy Service | Detection.FYI
Detects when an Okta user session starts where the user is behind an anonymising proxy service.
service detection fyiuser sessionoktastartvia
https://seclists.org/nmap-dev/2009/q4/726
Nmap Development: December 2009 service detection highlights
nmap developmentdecember 2009service detectionhighlights
https://detection.fyi/sigmahq/sigma/windows/builtin/terminalservices/win_terminalservices_rdp_ngrok/
Ngrok Usage with Remote Desktop Service | Detection.FYI
Detects cases in which ngrok, a reverse proxy tool, forwards events to the local RDP port, which could be a sign of malicious behaviour
service detection fyiremote desktopngrokusage
https://seclists.org/nmap-announce/2024/0
Nmap Announce: Nmap 7.95 released: OS and service detection signatures galore!
nmap announce 7service detection95releasedos
https://detection.fyi/sigmahq/sigma/emerging-threats/2017/ta/turla/win_system_apt_turla_service_png/
Turla PNG Dropper Service | Detection.FYI
This method detects malicious services mentioned in Turla PNG dropper report by NCC Group in November 2018
service detection fyiturlapngdropper
https://detection.fyi/sigmahq/sigma/windows/registry/registry_set/registry_set_add_load_service_in_safe_mode/
Registry Persistence via Service in Safe Mode | Detection.FYI
Detects the modification of the registry to allow a driver or service to persist in Safe Mode.
persistence viasafe modedetection fyiregistryservice
https://www.trendmicro.com/de_de/business/services/service-one.html
Service One™ – Managed Detection, Response und Support rund um die Uhr | Trend Micro (DE)
Ergänzen Sie Ihre Sicherheitsteams mit Managed Detection, Response und Support – rund um die Uhr an 365 Tagen im Jahr – mit Trend Service One™.
managed detection responsesupport rund umdie uhrtrend microservice
https://detection.fyi/sigmahq/sigma/windows/builtin/security/win_security_meterpreter_or_cobaltstrike_getsystem_service_install/
Meterpreter or Cobalt Strike Getsystem Service Installation - Security | Detection.FYI
Detects the use of getsystem Meterpreter/Cobalt Strike command by detecting a specific service installation
cobalt strikeservice installationsecurity detectionmeterpretergetsystem
https://detection.fyi/sigmahq/sigma/windows/file/file_event/file_event_win_sysinternals_psexec_service/
PsExec Service File Creation | Detection.FYI
Detects default PsExec service filename which indicates PsExec service installation and execution
file creation detectionservicefyi
https://www.bitdefender.com/en-ca/business/products/managed-detection-response-service
Bitdefender Managed Detection and Response (MDR) Service
bitdefender managed detectionresponse mdr service
https://developers.sift.com/docs/curl/apis-overview?_gl=1*1xw17f6*_gcl_au*MTU1MjA1MDc5Ny4xNzI5MDEwMTg3*_ga*NDU5MTA0MjYwLjE3MjkwMTAxODc.*_ga_R8SV2EK5NZ*MTczMjkxMjI5Ny44NS4xLjE3MzI5MTI1ODQuMzguMC4w
Fraud Detection Service Integration Docs | Sift
fraud detection serviceintegration docssift