Manual
CtrlK
  • BluSapphire Manuals
  • BluSapphire
    • Detections
    • Roles & Permissions
    • Knowledge Base
  • BluGenie
    • Full Function List
    • Functions by Category
    • Artifacts
      • Example Template
      • Tactical Artifacts by Category
        • Combination Query
        • EventLog Query
          • Query for Process execution from unusual directories
          • Query suspicious programs processed by the Task Scheduler using the Event Log
          • Query for unusual instances of rundll32.exe via the Event Log
          • Query for Unusual Instances of rundll32.exe making outbound network connections using SysMon Data
          • Query Suspicious Powershell Command Line Executions
          • Query the Windows System Log for 104, 517, 1102
        • File and Folder Query
        • Network Query
        • Process Query
        • Registry Query
Powered by GitBook
On this page
  1. BluGenie
  2. Artifacts
  3. Tactical Artifacts by Category

EventLog Query

Query for Process execution from unusual directoriesQuery suspicious programs processed by the Task Scheduler using the Event LogQuery for unusual instances of rundll32.exe via the Event LogQuery for Unusual Instances of rundll32.exe making outbound network connections using SysMon DataQuery Suspicious Powershell Command Line ExecutionsQuery the Windows System Log for 104, 517, 1102
PreviousQuery Autorun locations for any item nested that is not digitally signedNextQuery for Process execution from unusual directories

Last updated 3 years ago