security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

rule :improved bloodhound rule

Browse Source
This commit is contained in:
Florian Roth
2019-12-20 17:23:40 +01:00
parent 0e82dce2a0
commit 0fa5ba925e
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/process_creation/win_hack_bloodhound.yml
+1
View File
@@ -19,6 +19,7 @@ detection:
selection2:
CommandLine|contains:
- ' -CollectionMethod All '
- '.exe -c All -d '
- 'Invoke-Bloodhound'
- 'Get-BloodHoundData'
selection3: