vulnerability_outlook_flags SCHEMA analysis string JSON object representing the analysis data string Data content of registry value key string Name of the key mtime long time of the most recent registry write...

windows_event_user_account_changed SCHEMA account_expires string The date when the account expires allowed_to_delegate_to string The list of SPNs to which this account can present delegated credentials. description string...

ioc_windows_registry_malware_sdbot this is a scheduled query to detect sdbot malware. https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/W32~Sdbot-MA/detailed-analysis.aspx Sophos protection capabilities should be protecting...

vulnerability_fontblocking Schema analysis string JSON object representing the analysis data string Data content of registry value key string Name of the key mtime long time of the most recent registry write...

vulnerability_safer_flags_missing SCHEMA analysis string JSON object representing the analysis data string Data content of registry value key string Name of the key mtime long time of the most recent registry...

windows_event_audit_log_cleared SCHEMA description string Plugin description text eventid int The Windows event ID provider_name string The Windows event provider source string The Windows event source ...

vulnerability_srp_transparent SCHEMA analysis string JSON object representing the analysis data string Data content of registry value key string Name of the key mtime long time of the most recent registry write...

windows_wsl_installed SCHEMA atime long Last access time ctime long Time of the change event filename string Name of the file that has changed mtime long time of the most recent registry write path string...

Detect disallowed paths, need to get a definition of such from MRT SCHEMA analysis string JSON object representing the analysis data string Data content of registry value key string Name of the key mtime long...

vulnerability_opentype_font SCHEMA data string Data content of registry value key string Name of the key mtime long time of the most recent registry write name string Name of the registry value entry path...