security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sysmon rules 'logsource' change

Browse Source
This commit is contained in:
Florian Roth
2017-02-19 09:19:06 +01:00
parent cd6e24c5ff
commit 166f207dc0
10 changed files with 10 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/sysmon/sysmon_vul_java_remote_debugging.yml
+1 -2
View File
@@ -2,8 +2,7 @@ title: Java running with Remote Debugging
description: Detcts a JAVA process running with remote debugging allowing more than just localhost to connect
author: Florian Roth
logsource:
- product: windows
- service: sysmon
- product: sysmon
detection:
selection:
EventLog: Microsoft-Windows-Sysmon/Operational