Techniques
Sample rules
Rclone Config File Creation
- source: sigma
- technicques:
- t1567
- t1567.002
Description
Detects Rclone config files being created
Detection logic
condition: selection
selection:
TargetFilename|contains|all:
- :\Users\
- \.config\rclone\