security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #569 from Neo23x0/devel

Browse Source 
rule: improved bloodhound rule
This commit is contained in:
Florian Roth
2019-12-20 17:32:21 +01:00
committed by GitHub
parent cbebaf637f 0fa5ba925e
commit 1fd4c26005
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/process_creation/win_hack_bloodhound.yml
+1
View File
@@ -19,6 +19,7 @@ detection:
selection2:
CommandLine|contains:
- ' -CollectionMethod All '
- '.exe -c All -d '
- 'Invoke-Bloodhound'
- 'Get-BloodHoundData'
selection3: