Update sysmon_uac_bypass_eventvwr.yml

2018-08-07 08:07:49 +02:00
parent f8246e9f49
commit 21bee17ffd
1 changed files with 4 additions and 0 deletions
@@ -21,6 +21,10 @@ detection:
 fields:
    - CommandLine
    - ParentCommandLine
+tags:
+    - attack.defense_Evasion
+    - attack.privelege_Escalation
+    - attack.t1088
 falsepositives:
    - unknown
 level: critical