wikijm
diff --git a/‎SentinelOne_PQ - LOLRMM/247ithelp.com__connectwise__processes_sigma.md‎
Lines changed: 1 addition & 1 deletion b/‎SentinelOne_PQ - LOLRMM/247ithelp.com__connectwise__processes_sigma.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎SentinelOne_PQ - LOLRMM/absolute__computrace__processes_sigma.md‎
Lines changed: 1 addition & 1 deletion b/‎SentinelOne_PQ - LOLRMM/absolute__computrace__processes_sigma.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎SentinelOne_PQ - LOLRMM/access_remote_pc_files_sigma.md‎
Lines changed: 1 addition & 1 deletion b/‎SentinelOne_PQ - LOLRMM/access_remote_pc_files_sigma.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎SentinelOne_PQ - LOLRMM/access_remote_pc_processes_sigma.md‎
Lines changed: 1 addition & 1 deletion b/‎SentinelOne_PQ - LOLRMM/access_remote_pc_processes_sigma.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎SentinelOne_PQ - LOLRMM/acronis_cyber_protect__remotix__network_sigma.md‎
Lines changed: 1 addition & 1 deletion b/‎SentinelOne_PQ - LOLRMM/acronis_cyber_protect__remotix__network_sigma.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎SentinelOne_PQ - LOLRMM/acronis_cyber_protect__remotix__processes_sigma.md‎
Lines changed: 1 addition & 1 deletion b/‎SentinelOne_PQ - LOLRMM/acronis_cyber_protect__remotix__processes_sigma.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎SentinelOne_PQ - LOLRMM/action1_files_sigma.md‎
Lines changed: 1 addition & 1 deletion b/‎SentinelOne_PQ - LOLRMM/action1_files_sigma.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎SentinelOne_PQ - LOLRMM/action1_registry_sigma.md‎
Lines changed: 1 addition & 1 deletion b/‎SentinelOne_PQ - LOLRMM/action1_registry_sigma.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎SentinelOne_PQ - LOLRMM/addigy_network_sigma.md‎
Lines changed: 1 addition & 1 deletion b/‎SentinelOne_PQ - LOLRMM/addigy_network_sigma.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎SentinelOne_PQ - LOLRMM/adobe_connect_processes_sigma.md‎
Lines changed: 1 addition & 1 deletion b/‎SentinelOne_PQ - LOLRMM/adobe_connect_processes_sigma.md‎
Lines changed: 1 addition & 1 deletion
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 08-01-2026 00:57:02):
+// Translated content (automatically translated on 09-01-2026 00:57:51):
 event.type="Process Creation" and (endpoint.os="windows" and (src.process.image.path contains "Remote Workforce Client.exe" or tgt.process.image.path contains "Remote Workforce Client.exe"))
 ```
 
 
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 08-01-2026 00:57:02):
+// Translated content (automatically translated on 09-01-2026 00:57:51):
 event.type="Process Creation" and (endpoint.os="windows" and ((src.process.image.path contains "rpcnet.exe" or src.process.image.path contains "ctes.exe" or src.process.image.path contains "ctespersitence.exe" or src.process.image.path contains "cteshostsvc.exe" or src.process.image.path contains "rpcld.exe") or (tgt.process.image.path contains "rpcnet.exe" or tgt.process.image.path contains "ctes.exe" or tgt.process.image.path contains "ctespersitence.exe" or tgt.process.image.path contains "cteshostsvc.exe" or tgt.process.image.path contains "rpcld.exe")))
 ```
 
 
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 08-01-2026 00:57:02):
+// Translated content (automatically translated on 09-01-2026 00:57:51):
 event.category="file" and (endpoint.os="windows" and (tgt.file.path contains "C:\\Program Files (x86)\\RemotePC\\RemotePCUIU.exe" or tgt.file.path contains "C:\\Program Files (x86)\\RemotePC\*"))
 ```
 
 
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 08-01-2026 00:57:02):
+// Translated content (automatically translated on 09-01-2026 00:57:51):
 event.type="Process Creation" and (endpoint.os="windows" and (src.process.image.path contains "rpcgrab.exe" or src.process.image.path contains "rpcsetup.exe"))
 ```
 
 
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 08-01-2026 00:57:02):
+// Translated content (automatically translated on 09-01-2026 00:57:51):
 (event.category in ("dns","url","ip")) and (endpoint.os="windows" and ((url.address contains "cloud.acronis.com" or url.address="*agents*-cloud.acronis.com" or url.address contains "gw.remotix.com" or url.address contains "connect.acronis.com") or (event.dns.request contains "cloud.acronis.com" or event.dns.request="*agents*-cloud.acronis.com" or event.dns.request contains "gw.remotix.com" or event.dns.request contains "connect.acronis.com")))
 ```
 
 
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 08-01-2026 00:57:02):
+// Translated content (automatically translated on 09-01-2026 00:57:51):
 event.type="Process Creation" and (endpoint.os="windows" and ((src.process.image.path="*AcronisCyberProtectConnectQuickAssist*.exe" or src.process.image.path contains "AcronisCyberProtectConnectAgent.exe") or (tgt.process.image.path="*AcronisCyberProtectConnectQuickAssist*.exe" or tgt.process.image.path contains "AcronisCyberProtectConnectAgent.exe")))
 ```
 
 
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 08-01-2026 00:57:02):
+// Translated content (automatically translated on 09-01-2026 00:57:51):
 event.category="file" and (endpoint.os="windows" and (tgt.file.path contains "C:\\Windows\\Action1\\action1_agent.exe" or tgt.file.path contains "C:\\Windows\\Action1\*" or tgt.file.path contains "C:\\Windows\\Action1\\scripts\*" or tgt.file.path contains "C:\\Windows\\Action1\\rule_data\*" or tgt.file.path="*C:\\Windows\\Action1\\action1_log_*.log"))
 ```
 
 
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 08-01-2026 00:57:02):
+// Translated content (automatically translated on 09-01-2026 00:57:51):
 event.category="registry" and (endpoint.os="windows" and (registry.keyPath contains "HKLM\\System\\CurrentControlSet\\Services\\A1Agent" or registry.keyPath contains "HKLM\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\Windows Error Reporting\\LocalDumps\\action1_agent.exe" or registry.keyPath contains "HKLM\\SOFTWARE\\WOW6432Node\\Action1"))
 ```
 
 
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 08-01-2026 00:57:02):
+// Translated content (automatically translated on 09-01-2026 00:57:51):
 (event.category in ("dns","url","ip")) and (endpoint.os="windows" and ((url.address contains "prod.addigy.com" or url.address contains "grtmprod.addigy.com" or url.address contains "agents.addigy.com") or (event.dns.request contains "prod.addigy.com" or event.dns.request contains "grtmprod.addigy.com" or event.dns.request contains "agents.addigy.com")))
 ```
 
 
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 08-01-2026 00:57:02):
+// Translated content (automatically translated on 09-01-2026 00:57:51):
 event.type="Process Creation" and (endpoint.os="windows" and ((src.process.image.path="*ConnectAppSetup*.exe" or src.process.image.path="*ConnectShellSetup*.exe" or src.process.image.path contains "Connect.exe" or src.process.image.path contains "ConnectDetector.exe") or (tgt.process.image.path="*ConnectAppSetup*.exe" or tgt.process.image.path="*ConnectShellSetup*.exe" or tgt.process.image.path contains "Connect.exe" or tgt.process.image.path contains "ConnectDetector.exe")))
 ```