Tag
This rule identifies the creation of ASPX files in web server directories, commonly targeted by attackers to deploy web shells for persistence, by monitoring file creation events and excluding known legitimate processes.