Apply automatic changes

SentinelOne_PQ - LOLRMM/247ithelp.com__connectwise__network_sigma.md

@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 (event.category in ("DNS","Url","IP")) and (endpoint.os="windows" and (url.address contains ".247ithelp.com" or event.dns.request contains ".247ithelp.com"))
 ```
 

SentinelOne_PQ - LOLRMM/247ithelp.com__connectwise__processes_sigma.md

@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 event.type="Process Creation" and (endpoint.os="windows" and src.process.image.path contains "Remote Workforce Client.exe")
 ```
 

SentinelOne_PQ - LOLRMM/absolute__computrace__processes_sigma.md

@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 event.type="Process Creation" and (endpoint.os="windows" and (src.process.image.path contains "rpcnet.exe" or src.process.image.path contains "ctes.exe" or src.process.image.path contains "ctespersitence.exe" or src.process.image.path contains "cteshostsvc.exe" or src.process.image.path contains "rpcld.exe"))
 ```
 

SentinelOne_PQ - LOLRMM/addigy_network_sigma.md

@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 (event.category in ("DNS","Url","IP")) and (endpoint.os="windows" and ((url.address contains "prod.addigy.com" or url.address contains "grtmprod.addigy.com" or url.address contains "agents.addigy.com") or (event.dns.request contains "prod.addigy.com" or event.dns.request contains "grtmprod.addigy.com" or event.dns.request contains "agents.addigy.com")))
 ```
 

SentinelOne_PQ - LOLRMM/aeroadmin_processes_sigma.md

@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 event.type="Process Creation" and (endpoint.os="windows" and (src.process.image.path contains "aeroadmin.exe" or src.process.image.path contains "AeroAdmin.exe"))
 ```
 

SentinelOne_PQ - LOLRMM/alpemix_files_sigma.md

@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 event.category="file" and (endpoint.os="windows" and tgt.file.path contains "%localappdata%\Alpemix\Alpemix.ini")
 ```
 

SentinelOne_PQ - LOLRMM/anydesk_files_sigma.md

@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 event.category="file" and (endpoint.os="windows" and (tgt.file.path contains "%programdata%\AnyDesk\ad_svc.trace" or tgt.file.path contains "%programdata%\AnyDesk\connection_trace.txt" or tgt.file.path contains "%APPDATA%\AnyDesk\connection_trace.txt" or tgt.file.path contains "%APPDATA%\AnyDesk\ad.trace" or tgt.file.path contains "%APPDATA%\AnyDesk\chat\*.txt" or tgt.file.path contains "%APPDATA%\AnyDesk\user.conf" or tgt.file.path contains "%PROGRAMDATA%\AnyDesk\service.conf" or tgt.file.path contains "%APPDATA%\AnyDesk\service.conf" or tgt.file.path contains "%APPDATA%\AnyDesk\system.conf" or tgt.file.path contains "%PROGRAMDATA%\AnyDesk\system.conf" or tgt.file.path contains "%PROGRAMDATA%\Microsoft\Windows\Start Menu\Programs\StartUp\AnyDesk.lnk" or tgt.file.path contains "%PROGRAMDATA%\Microsoft\Windows\Start Menu\Programs\AnyDesk\Uninstall AnyDesk.lnk" or tgt.file.path contains "C:\Users\*\Videos\AnyDesk\*.anydesk" or tgt.file.path contains "C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\AnyDesk\*" or tgt.file.path contains "~/Library/Application Support/AnyDesk/Logs/" or tgt.file.path contains "~/.config/AnyDesk/Logs/"))
 ```
 

SentinelOne_PQ - LOLRMM/anydesk_network_sigma.md

@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 (event.category in ("DNS","Url","IP")) and (endpoint.os="windows" and ((url.address contains "boot.net.anydesk.com" or url.address contains "relay-[a-f0-9]{8}.net.anydesk.com:443" or url.address contains ".anydesk.com") or (event.dns.request contains "boot.net.anydesk.com" or event.dns.request contains "relay-[a-f0-9]{8}.net.anydesk.com:443" or event.dns.request contains ".anydesk.com")))
 ```
 

SentinelOne_PQ - LOLRMM/anydesk_registry_sigma.md

@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 event.category="Registry" and (endpoint.os="windows" and (registry.keyPath contains "HKLM\SOFTWARE\Clients\Media\AnyDesk" or registry.keyPath contains "HKLM\SYSTEM\CurrentControlSet\Services\AnyDesk" or registry.keyPath contains "HKLM\SOFTWARE\Classes\.anydesk\shell\open\command" or registry.keyPath contains "HKLM\SOFTWARE\Classes\AnyDesk\shell\open\command" or registry.keyPath contains "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\AnyDesk Printer\*" or registry.keyPath contains "HKLM\DRIVERS\DriverDatabase\DeviceIds\USBPRINT\AnyDesk" or registry.keyPath contains "HKLM\DRIVERS\DriverDatabase\DeviceIds\WSDPRINT\AnyDesk" or registry.keyPath contains "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AnyDesk"))
 ```
 

SentinelOne_PQ - LOLRMM/atera_files_sigma.md

@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 event.category="file" and (endpoint.os="windows" and (tgt.file.path contains "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRunCommandInteractive\log.txt" or tgt.file.path contains "C:\Program Files\ATERA Networks\AteraAgent\Packages\*" or tgt.file.path contains "C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe" or tgt.file.path contains "C:\Program Files\Atera Networks\AlphaAgent.exe" or tgt.file.path contains "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" or tgt.file.path contains "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" or tgt.file.path contains "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe" or tgt.file.path contains "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageFileExplorer\AgentPackageFileExplorer.exe" or tgt.file.path contains "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRunCommandInteractive\AgentPackageRunCommandInteractive.exe"))
 ```
 

SentinelOne_PQ - LOLRMM/atera_network_sigma.md

@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 (event.category in ("DNS","Url","IP")) and (endpoint.os="windows" and ((url.address contains "pubsub.atera.com" or url.address contains "pubsub.pubnub.com" or url.address contains "agentreporting.atera.com" or url.address contains "getalphacontrol.com" or url.address contains "app.atera.com" or url.address contains "agenthb.atera.com" or url.address contains "packagesstore.blob.core.windows.net" or url.address contains "ps.pndsn.com" or url.address contains "agent-api.atera.com" or url.address contains "cacerts.thawte.com" or url.address contains "agentreportingstore.blob.core.windows.net" or url.address contains "atera-agent-heartbeat.servicebus.windows.net" or url.address contains "ps.atera.com" or url.address contains "atera.pubnubapi.com" or url.address contains "appcdn.atera.com") or (event.dns.request contains "pubsub.atera.com" or event.dns.request contains "pubsub.pubnub.com" or event.dns.request contains "agentreporting.atera.com" or event.dns.request contains "getalphacontrol.com" or event.dns.request contains "app.atera.com" or event.dns.request contains "agenthb.atera.com" or event.dns.request contains "packagesstore.blob.core.windows.net" or event.dns.request contains "ps.pndsn.com" or event.dns.request contains "agent-api.atera.com" or event.dns.request contains "cacerts.thawte.com" or event.dns.request contains "agentreportingstore.blob.core.windows.net" or event.dns.request contains "atera-agent-heartbeat.servicebus.windows.net" or event.dns.request contains "ps.atera.com" or event.dns.request contains "atera.pubnubapi.com" or event.dns.request contains "appcdn.atera.com")))
 ```
 

SentinelOne_PQ - LOLRMM/atera_processes_sigma.md

@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 event.type="Process Creation" and (endpoint.os="windows" and (src.process.image.path contains "\AgentPackageNetworkDiscovery.exe" or src.process.image.path contains "\AgentPackageTaskScheduler.exe" or src.process.image.path contains "\AteraAgent.exe" or src.process.image.path contains "atera_agent.exe" or src.process.image.path contains "atera_agent.exe" or src.process.image.path contains "ateraagent.exe" or src.process.image.path contains "syncrosetup.exe"))
 ```
 

SentinelOne_PQ - LOLRMM/atera_registry_sigma.md

@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 event.category="Registry" and (endpoint.os="windows" and (registry.keyPath contains "HKLM\SOFTWARE\ATERA Networks\AlphaAgent" or registry.keyPath contains "HKLM\SYSTEM\CurrentControlSet\Services\AteraAgent" or registry.keyPath contains "KLM\SOFTWARE\WOW6432Node\Splashtop Inc." or registry.keyPath contains "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Splashtop Software Updater" or registry.keyPath contains "HKLM\SYSTEM\ControlSet\Services\EventLog\Application\AlphaAgent" or registry.keyPath contains "HKLM\SYSTEM\ControlSet\Services\EventLog\Application\AteraAgent" or registry.keyPath contains "HKLM\SOFTWARE\Microsoft\Tracing\AteraAgent_RASAPI32" or registry.keyPath contains "HKLM\SOFTWARE\Microsoft\Tracing\AteraAgent_RASMANCS" or registry.keyPath contains "HKLM\SOFTWARE\ATERA Networks\*"))
 ```
 

SentinelOne_PQ - LOLRMM/azure_storage_explorer_processes_sigma.md

@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 event.type="Process Creation" and (endpoint.os="windows" and src.process.image.path contains "\StorageExplorer.exe")
 ```
 

SentinelOne_PQ - LOLRMM/bitvise_ssh_client_processes_sigma.md

@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 event.type="Process Creation" and (endpoint.os="windows" and src.process.image.path contains "\BvSshClient-Inst.exe")
 ```
 

SentinelOne_PQ - LOLRMM/bitvise_ssh_server_processes_sigma.md

@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 event.type="Process Creation" and (endpoint.os="windows" and src.process.image.path contains "\BvSshServer-Inst.exe")
 ```
 

SentinelOne_PQ - LOLRMM/chrome_remote_desktop_network_sigma.md

@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 (event.category in ("DNS","Url","IP")) and (endpoint.os="windows" and ((url.address contains "remotedesktop-pa.googleapis.com" or url.address contains "remotedesktop.google.com" or url.address contains "remotedesktop.google.com") or (event.dns.request contains "remotedesktop-pa.googleapis.com" or event.dns.request contains "remotedesktop.google.com" or event.dns.request contains "remotedesktop.google.com")))
 ```
 

SentinelOne_PQ - LOLRMM/chrome_remote_desktop_processes_sigma.md

@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 event.type="Process Creation" and (endpoint.os="windows" and (src.process.image.path contains "remote_host.exe" or src.process.image.path contains "remoting_host.exe" or src.process.image.path contains "\remoting_host.exe"))
 ```
 

SentinelOne_PQ - LOLRMM/cloudflare_tunnel_network_sigma.md

@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 (event.category in ("DNS","Url","IP")) and (endpoint.os="windows" and (url.address contains "cloudflare.com/products/tunnel/" or event.dns.request contains "cloudflare.com/products/tunnel/"))
 ```
 

SentinelOne_PQ - LOLRMM/cloudflare_tunnel_processes_sigma.md

@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 event.type="Process Creation" and (endpoint.os="windows" and src.process.image.path contains "cloudflared.exe")
 ```
 

SentinelOne_PQ - LOLRMM/connectwise_automate__labtech__network_sigma.md

@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 (event.category in ("DNS","Url","IP")) and (endpoint.os="windows" and (url.address contains ".hostedrmm.com" or event.dns.request contains ".hostedrmm.com"))
 ```
 

SentinelOne_PQ - LOLRMM/connectwise_automate__labtech__processes_sigma.md

@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 event.type="Process Creation" and (endpoint.os="windows" and (src.process.image.path contains "ltsvc.exe" or src.process.image.path contains "ltsvcmon.exe" or src.process.image.path contains "lttray.exe"))
 ```
 

SentinelOne_PQ - LOLRMM/connectwise_control_network_sigma.md

@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 (event.category in ("DNS","Url","IP")) and (endpoint.os="windows" and ((url.address contains "live.screenconnect.com" or url.address contains "control.connectwise.com") or (event.dns.request contains "live.screenconnect.com" or event.dns.request contains "control.connectwise.com")))
 ```
 

SentinelOne_PQ - LOLRMM/connectwise_control_processes_sigma.md

@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 event.type="Process Creation" and (endpoint.os="windows" and (src.process.image.path contains "screenconnect.clientservice.exe" or src.process.image.path contains "connectwisecontrol.client.exe" or src.process.image.path contains "screenconnect.windowsclient.exe" or src.process.image.path contains "connectwisechat-customer.exe"))
 ```
 

SentinelOne_PQ - LOLRMM/dameware-mini_remote_control_protocol_network_sigma.md

@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 (event.category in ("DNS","Url","IP")) and (endpoint.os="windows" and (url.address contains "dameware.com" or event.dns.request contains "dameware.com"))
 ```
 

SentinelOne_PQ - LOLRMM/dameware-mini_remote_control_protocol_processes_sigma.md

@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 event.type="Process Creation" and (endpoint.os="windows" and (src.process.image.path="*dntus*.exe" or src.process.image.path contains "dwrcs.exe"))
 ```
 

SentinelOne_PQ - LOLRMM/dameware_processes_sigma.md

@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 event.type="Process Creation" and (endpoint.os="windows" and (src.process.image.path="*SolarWinds-Dameware-DRS*.exe" or src.process.image.path="*DameWare Mini Remote Control*.exe" or src.process.image.path contains "dwrcs.exe" or src.process.image.path contains "\dwrcst.exe" or src.process.image.path contains "DameWare Remote Support.exe" or src.process.image.path="*SolarWinds-Dameware-MRC*.exe"))
 ```
 

SentinelOne_PQ - LOLRMM/dev_tunnels__aka_visual_studio_dev_tunnel__network_sigma.md

@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 (event.category in ("DNS","Url","IP")) and (endpoint.os="windows" and (url.address contains "learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview" or event.dns.request contains "learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview"))
 ```
 

SentinelOne_PQ - LOLRMM/dropbox_processes_sigma.md

@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 event.type="Process Creation" and (endpoint.os="windows" and src.process.image.path contains "\Dropbox.exe")
 ```
 

SentinelOne_PQ - LOLRMM/eset_remote_administrator_network_sigma.md

@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 (event.category in ("DNS","Url","IP")) and (endpoint.os="windows" and ((url.address contains "user_managed" or url.address contains "eset.com/me/business/remote-management/remote-administrator/") or (event.dns.request contains "user_managed" or event.dns.request contains "eset.com/me/business/remote-management/remote-administrator/")))
 ```
 

SentinelOne_PQ - LOLRMM/filezilla_processes_sigma.md

@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 event.type="Process Creation" and (endpoint.os="windows" and src.process.image.path contains "\FileZilla.exe")
 ```
 

SentinelOne_PQ - LOLRMM/impero_connect_network_sigma.md

@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 (event.category in ("DNS","Url","IP")) and (endpoint.os="windows" and (url.address contains "imperosoftware.com" or event.dns.request contains "imperosoftware.com"))
 ```
 

SentinelOne_PQ - LOLRMM/impero_connect_processes_sigma.md

@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 event.type="Process Creation" and (endpoint.os="windows" and src.process.image.path contains "ImperoClientSVC.exe")
 ```
 

SentinelOne_PQ - LOLRMM/mremoteng_files_sigma.md

@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 event.category="file" and (endpoint.os="windows" and (tgt.file.path contains "C:\Users\*\AppData\Roaming\mRemoteNG\mRemoteNG.log" or tgt.file.path contains "C:\Users\*\AppData\Roaming\mRemoteNG\confCons.xml" or tgt.file.path="*C:\Users\*\AppData\*\mRemoteNG\**10\user.config"))
 ```
 

SentinelOne_PQ - LOLRMM/mremoteng_network_sigma.md

@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 (event.category in ("DNS","Url","IP")) and (endpoint.os="windows" and ((url.address contains "user_managed" or url.address contains "mremoteng.org") or (event.dns.request contains "user_managed" or event.dns.request contains "mremoteng.org")))
 ```
 

SentinelOne_PQ - LOLRMM/mremoteng_processes_sigma.md

@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 event.type="Process Creation" and (endpoint.os="windows" and (src.process.image.path contains "mRemoteNG.exe" or src.process.image.path contains "\mRemoteNG.exe" or src.process.image.path contains "\mRemoteNG.exe"))
 ```
 

SentinelOne_PQ - LOLRMM/ngrok_network_sigma.md

@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 (event.category in ("DNS","Url","IP")) and (endpoint.os="windows" and ((url.address contains "user_managed" or url.address contains "ngrok.com") or (event.dns.request contains "user_managed" or event.dns.request contains "ngrok.com")))
 ```
 

SentinelOne_PQ - LOLRMM/ngrok_processes_sigma.md

@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 event.type="Process Creation" and (endpoint.os="windows" and src.process.image.path contains "ngrok.exe")
 ```
 

SentinelOne_PQ - LOLRMM/nomachine_network_sigma.md

@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 (event.category in ("DNS","Url","IP")) and (endpoint.os="windows" and ((url.address contains "user_managed" or url.address contains "nomachine.com") or (event.dns.request contains "user_managed" or event.dns.request contains "nomachine.com")))
 ```
 

SentinelOne_PQ - LOLRMM/nomachine_processes_sigma.md

@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 event.type="Process Creation" and (endpoint.os="windows" and (src.process.image.path="*nomachine*.exe" or src.process.image.path contains "nxd.exe"))
 ```