Skip to main content
Cyberstage :: Threat Detections / Sigma Rules >> Artifacts Overview
Contact Page | Privacy Policy

Artifact: IP addresses

The table below contains IP addresses extracted from all data fields (such as IpAddress, DestAddress etc.) of Windows Events identified by Sigma rules. It excludes private, reserved, and special IP address ranges, including:

  • Private and reserved adress space (192.168.0.0/24, 100.64.0.0/10, 224.0.0.0/4, etc.)
  • Google DNS servers (8.8.8.8, 8.8.4.4)

Country IP Address ASN Company Score Detection Count
(Data loading)

Artifact: Usernames

The table below contains usernames extracted from fields SubjectUserName and TargetUserName of Windows Events identified by Sigma rules. It excludes specific user names such as "None", "NO UUSER", as well as usernames ending with "$".

Username Count
(Data loading)

Artifact: Command Lines and ProcessNames