security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7b64ab552f94de507753860b6ff0268d4a656321
blue-team-tools/tools/config/generic/sysmon.yml
T

80 lines
1.9 KiB
YAML
Raw Normal View History

fix: wording on sysmon mapping file
2020-06-24 17:49:42 +02:00
title: Conversion of Generic Rules into Sysmon Specific Rules
Configuration order checking
2019-04-23 00:54:10 +02:00
order: 10
Added generic sysmon configuration with process_execution config
2018-08-13 23:50:44 +02:00
logsources:
process_creation:
category: process_creation
product: windows
conditions:
EventID: 1
Added rewrite config to generic sysmon configuration
2018-08-14 21:28:17 +02:00
rewrite:
Stacked configurations
2018-09-12 23:31:51 +02:00
product: windows
Added rewrite config to generic sysmon configuration
2018-08-14 21:28:17 +02:00
service: sysmon
Added rules for different sysmon categories and added the category definition
2020-06-10 15:02:15 +02:00
network_connection:
category: network_connection
product: windows
conditions:
Introduced dns_query log source category
2020-07-05 23:29:51 +02:00
EventID: 3
rewrite:
product: windows
service: sysmon
dns_query:
category: dns_query
product: windows
conditions:
EventID: 22
Added rules for different sysmon categories and added the category definition
2020-06-10 15:02:15 +02:00
rewrite:
product: windows
service: sysmon
registry_event:
category: registry_event
product: windows
conditions:
EventID:
- 12
- 13
- 14
rewrite:
product: windows
service: sysmon
file_creation:
Changed category names and remove sysmon log source
2020-06-24 17:41:21 +02:00
category: file_event
Added rules for different sysmon categories and added the category definition
2020-06-10 15:02:15 +02:00
product: windows
conditions:
EventID: 11
rewrite:
product: windows
service: sysmon
process_access:
category: process_access
product: windows
conditions:
EventID: 10
rewrite:
product: windows
service: sysmon
image_loaded:
Changed category names and remove sysmon log source
2020-06-24 17:41:21 +02:00
category: image_load
Added rules for different sysmon categories and added the category definition
2020-06-10 15:02:15 +02:00
product: windows
conditions:
EventID: 7
rewrite:
product: windows
service: sysmon
driver_loaded:
Changed category names and remove sysmon log source
2020-06-24 17:41:21 +02:00
category: driver_load
Added rules for different sysmon categories and added the category definition
2020-06-10 15:02:15 +02:00
product: windows
conditions:
EventID: 6
rewrite:
product: windows
service: sysmon
process_terminated:
fix: wording on sysmon mapping file
2020-06-24 17:49:42 +02:00
category: process_termination
Added rules for different sysmon categories and added the category definition
2020-06-10 15:02:15 +02:00
product: windows
conditions:
EventID: 5
rewrite:
product: windows
service: sysmon
Reference in New Issue Copy Permalink