Techniques
Sample rules
Failed Code Integrity Checks
- source: sigma
- technicques:
- t1027
- t1027.001
Description
Detects code integrity failures such as missing page hashes or corrupted drivers due unauthorized modification. This could be a sign of tampered binaries.
Detection logic
condition: selection
selection:
EventID:
- 5038
- 6281