Suspicious Scheduled Task Creation

Rule Info

Name
Suspicious Scheduled Task Creation
Author
Nasreddine Bencherchali (Nextron Systems)
Description
Detects suspicious scheduled task creation events. Based on attributes such as paths, commands line flags, etc.
Reference
https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-10/security/threat-protection/auditing/event-4698
Date
2022-12-05 00:00:00
Modified
2022-12-07 00:00:00
Id
3a734d25-df5c-4b99-8034-af1ddb5883a4
Tags
attack.execution attack.privilege-escalation attack.persistence attack.t1053.005
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=3a734d25-df5c-4b99-8034-af1ddb5883a4

Rule History

Author
Title
Date
Commit
Nasreddine Bencherchali
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12
598d29f81
Ryan Plas
Merge PR #4893 from @ryanplasma - Update Microsoft references URLS
2024-07-02
1d40f1d20
frack113
Merge PR #4479 From @frack113 - Upgrade Rules Status
2023-10-17
020fc8061
Nasreddine Bencherchali
chore: add nextron authors tag
2023-02-01
7c38a5c49
Nasreddine Bencherchali
fix: fix unused selection
2022-12-08
0567ca8ca
Nasreddine Bencherchali
feat: new rules and fixes (#3759)
2022-12-06
42b99b165
Nasreddine Bencherchali
fix: apply suggestions from code review
2022-12-06
965744664
Nasreddine Bencherchali
feat: add rules related to scheduled tasks
2022-12-05
dbf114e7c
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022