diff --git a/rules/windows/powershell/powershell_module/powershell_alternate_powershell_hosts.yml b/rules/windows/powershell/powershell_module/powershell_alternate_powershell_hosts.yml index 7ab2c9449..0a5dc88cb 100644 --- a/rules/windows/powershell/powershell_module/powershell_alternate_powershell_hosts.yml +++ b/rules/windows/powershell/powershell_module/powershell_alternate_powershell_hosts.yml @@ -14,7 +14,7 @@ tags: logsource: product: windows service: powershell - definition: Module Logging must be enabled + definition: PowerShell Module Logging must be enabled detection: selection: EventID: 4103 diff --git a/rules/windows/powershell/powershell_module/powershell_bad_opsec_artifacts.yml b/rules/windows/powershell/powershell_module/powershell_bad_opsec_artifacts.yml index c5153e216..dc3a6cdd5 100644 --- a/rules/windows/powershell/powershell_module/powershell_bad_opsec_artifacts.yml +++ b/rules/windows/powershell/powershell_module/powershell_bad_opsec_artifacts.yml @@ -19,7 +19,7 @@ tags: logsource: product: windows service: powershell - definition: Module Logging must be enabled + definition: PowerShell Module Logging must be enabled detection: selection_4103: EventID: 4103 diff --git a/rules/windows/powershell/powershell_module/powershell_clear_powershell_history.yml b/rules/windows/powershell/powershell_module/powershell_clear_powershell_history.yml index 48f64acc0..63ab1d2de 100644 --- a/rules/windows/powershell/powershell_module/powershell_clear_powershell_history.yml +++ b/rules/windows/powershell/powershell_module/powershell_clear_powershell_history.yml @@ -17,7 +17,7 @@ tags: logsource: product: windows service: powershell - definition: Module Logging must be enabled + definition: PowerShell Module Logging must be enabled detection: selection_4: EventID: 4103 diff --git a/rules/windows/powershell/powershell_module/powershell_decompress_commands.yml b/rules/windows/powershell/powershell_module/powershell_decompress_commands.yml index d1c7e5644..675257bd0 100644 --- a/rules/windows/powershell/powershell_module/powershell_decompress_commands.yml +++ b/rules/windows/powershell/powershell_module/powershell_decompress_commands.yml @@ -17,7 +17,7 @@ references: logsource: product: windows service: powershell - definition: Module Logging must be enabled + definition: PowerShell Module Logging must be enabled detection: selection2: EventID: 4103 diff --git a/rules/windows/powershell/powershell_module/powershell_get_clipboard.yml b/rules/windows/powershell/powershell_module/powershell_get_clipboard.yml index 61e99ec3a..58e7ce4fb 100644 --- a/rules/windows/powershell/powershell_module/powershell_get_clipboard.yml +++ b/rules/windows/powershell/powershell_module/powershell_get_clipboard.yml @@ -17,7 +17,7 @@ references: logsource: product: windows service: powershell - definition: Module Logging must be enabled + definition: PowerShell Module Logging must be enabled detection: selection2: EventID: 4103 diff --git a/rules/windows/powershell/powershell_module/powershell_invoke_obfuscation_clip.yml b/rules/windows/powershell/powershell_module/powershell_invoke_obfuscation_clip.yml index a825ff6df..98a298b6c 100644 --- a/rules/windows/powershell/powershell_module/powershell_invoke_obfuscation_clip.yml +++ b/rules/windows/powershell/powershell_module/powershell_invoke_obfuscation_clip.yml @@ -18,7 +18,7 @@ tags: logsource: product: windows service: powershell - definition: Module Logging must be enabled + definition: PowerShell Module Logging must be enabled detection: selection_4103: EventID: 4103 diff --git a/rules/windows/powershell/powershell_module/powershell_invoke_obfuscation_obfuscated_iex.yml b/rules/windows/powershell/powershell_module/powershell_invoke_obfuscation_obfuscated_iex.yml index c94e328d8..fe77d74de 100644 --- a/rules/windows/powershell/powershell_module/powershell_invoke_obfuscation_obfuscated_iex.yml +++ b/rules/windows/powershell/powershell_module/powershell_invoke_obfuscation_obfuscated_iex.yml @@ -17,7 +17,7 @@ tags: logsource: product: windows service: powershell - definition: Module Logging must be enabled + definition: PowerShell Module Logging must be enabled detection: selection_3: EventID: 4103 diff --git a/rules/windows/powershell/powershell_module/powershell_invoke_obfuscation_stdin.yml b/rules/windows/powershell/powershell_module/powershell_invoke_obfuscation_stdin.yml index ac8200149..ff0cda53b 100644 --- a/rules/windows/powershell/powershell_module/powershell_invoke_obfuscation_stdin.yml +++ b/rules/windows/powershell/powershell_module/powershell_invoke_obfuscation_stdin.yml @@ -17,7 +17,7 @@ tags: logsource: product: windows service: powershell - definition: Module Logging must be enabled + definition: PowerShell Module Logging must be enabled detection: selection_4103: EventID: 4103 diff --git a/rules/windows/powershell/powershell_module/powershell_invoke_obfuscation_var.yml b/rules/windows/powershell/powershell_module/powershell_invoke_obfuscation_var.yml index 3fb82c2ef..f85198ccd 100644 --- a/rules/windows/powershell/powershell_module/powershell_invoke_obfuscation_var.yml +++ b/rules/windows/powershell/powershell_module/powershell_invoke_obfuscation_var.yml @@ -17,7 +17,7 @@ tags: logsource: product: windows service: powershell - definition: Module Logging must be enabled + definition: PowerShell Module Logging must be enabled detection: selection_4103: EventID: 4103 diff --git a/rules/windows/powershell/powershell_module/powershell_invoke_obfuscation_via_compress.yml b/rules/windows/powershell/powershell_module/powershell_invoke_obfuscation_via_compress.yml index 9faa95dfe..1ba4b73ee 100644 --- a/rules/windows/powershell/powershell_module/powershell_invoke_obfuscation_via_compress.yml +++ b/rules/windows/powershell/powershell_module/powershell_invoke_obfuscation_via_compress.yml @@ -18,7 +18,7 @@ tags: logsource: product: windows service: powershell - definition: Module Logging must be enabled + definition: PowerShell Module Logging must be enabled detection: selection_4103: EventID: 4103 diff --git a/rules/windows/powershell/powershell_module/powershell_invoke_obfuscation_via_rundll.yml b/rules/windows/powershell/powershell_module/powershell_invoke_obfuscation_via_rundll.yml index bff58af6c..ccbd2b9a9 100644 --- a/rules/windows/powershell/powershell_module/powershell_invoke_obfuscation_via_rundll.yml +++ b/rules/windows/powershell/powershell_module/powershell_invoke_obfuscation_via_rundll.yml @@ -18,7 +18,7 @@ tags: logsource: product: windows service: powershell - definition: Module Logging must be enabled + definition: PowerShell Module Logging must be enabled detection: selection_4103: EventID: 4103 diff --git a/rules/windows/powershell/powershell_module/powershell_invoke_obfuscation_via_stdin.yml b/rules/windows/powershell/powershell_module/powershell_invoke_obfuscation_via_stdin.yml index ef94a8c32..d5715369d 100644 --- a/rules/windows/powershell/powershell_module/powershell_invoke_obfuscation_via_stdin.yml +++ b/rules/windows/powershell/powershell_module/powershell_invoke_obfuscation_via_stdin.yml @@ -17,7 +17,7 @@ tags: logsource: product: windows service: powershell - definition: Module Logging must be enabled + definition: PowerShell Module Logging must be enabled detection: selection_4103: EventID: 4103 diff --git a/rules/windows/powershell/powershell_module/powershell_invoke_obfuscation_via_use_clip.yml b/rules/windows/powershell/powershell_module/powershell_invoke_obfuscation_via_use_clip.yml index 6e5b5d32c..3c823c366 100644 --- a/rules/windows/powershell/powershell_module/powershell_invoke_obfuscation_via_use_clip.yml +++ b/rules/windows/powershell/powershell_module/powershell_invoke_obfuscation_via_use_clip.yml @@ -17,7 +17,7 @@ tags: logsource: product: windows service: powershell - definition: Module Logging must be enabled + definition: PowerShell Module Logging must be enabled detection: selection_4103: EventID: 4103 diff --git a/rules/windows/powershell/powershell_module/powershell_invoke_obfuscation_via_use_mhsta.yml b/rules/windows/powershell/powershell_module/powershell_invoke_obfuscation_via_use_mhsta.yml index aecbcfcf0..791c900bf 100644 --- a/rules/windows/powershell/powershell_module/powershell_invoke_obfuscation_via_use_mhsta.yml +++ b/rules/windows/powershell/powershell_module/powershell_invoke_obfuscation_via_use_mhsta.yml @@ -18,7 +18,7 @@ tags: logsource: product: windows service: powershell - definition: Module Logging must be enabledd + definition: PowerShell Module Logging must be enabledd detection: selection_4103: EventID: 4103 diff --git a/rules/windows/powershell/powershell_module/powershell_invoke_obfuscation_via_use_rundll32.yml b/rules/windows/powershell/powershell_module/powershell_invoke_obfuscation_via_use_rundll32.yml index e97a7449e..3c12fe926 100644 --- a/rules/windows/powershell/powershell_module/powershell_invoke_obfuscation_via_use_rundll32.yml +++ b/rules/windows/powershell/powershell_module/powershell_invoke_obfuscation_via_use_rundll32.yml @@ -18,7 +18,7 @@ tags: logsource: product: windows service: powershell - definition: Module Logging must be enabled + definition: PowerShell Module Logging must be enabled detection: selection_4103: EventID: 4103 diff --git a/rules/windows/powershell/powershell_module/powershell_invoke_obfuscation_via_var.yml b/rules/windows/powershell/powershell_module/powershell_invoke_obfuscation_via_var.yml index 4273a2711..2b78501f6 100644 --- a/rules/windows/powershell/powershell_module/powershell_invoke_obfuscation_via_var.yml +++ b/rules/windows/powershell/powershell_module/powershell_invoke_obfuscation_via_var.yml @@ -18,7 +18,7 @@ tags: logsource: product: windows service: powershell - definition: Module Logging must be enabledd + definition: PowerShell Module Logging must be enabledd detection: selection_4103: EventID: 4103 diff --git a/rules/windows/powershell/powershell_module/powershell_powercat.yml b/rules/windows/powershell/powershell_module/powershell_powercat.yml index 3feb349e0..649381c9f 100644 --- a/rules/windows/powershell/powershell_module/powershell_powercat.yml +++ b/rules/windows/powershell/powershell_module/powershell_powercat.yml @@ -15,7 +15,7 @@ tags: logsource: product: windows service: powershell - definition: Module Logging must be enabled + definition: PowerShell Module Logging must be enabled detection: selection: EventID: 4103 diff --git a/rules/windows/powershell/powershell_module/powershell_remote_powershell_session.yml b/rules/windows/powershell/powershell_module/powershell_remote_powershell_session.yml index 39a6161cd..4bd6369c7 100644 --- a/rules/windows/powershell/powershell_module/powershell_remote_powershell_session.yml +++ b/rules/windows/powershell/powershell_module/powershell_remote_powershell_session.yml @@ -17,7 +17,7 @@ tags: logsource: product: windows service: powershell - definition: Module Logging must be enabled + definition: PowerShell Module Logging must be enabled detection: selection: EventID: 4103 diff --git a/rules/windows/powershell/powershell_module/powershell_susp_athremotefxvgpudisablementcommand.yml b/rules/windows/powershell/powershell_module/powershell_susp_athremotefxvgpudisablementcommand.yml index 18f9e127c..c6571b75f 100644 --- a/rules/windows/powershell/powershell_module/powershell_susp_athremotefxvgpudisablementcommand.yml +++ b/rules/windows/powershell/powershell_module/powershell_susp_athremotefxvgpudisablementcommand.yml @@ -14,7 +14,7 @@ tags: logsource: product: windows service: powershell - definition: Module Logging must be enabledd + definition: PowerShell Module Logging must be enabledd detection: selection_id: EventID: 4103 diff --git a/rules/windows/powershell/powershell_module/powershell_susp_zip_compress.yml b/rules/windows/powershell/powershell_module/powershell_susp_zip_compress.yml index 761d66b53..6e9268e74 100644 --- a/rules/windows/powershell/powershell_module/powershell_susp_zip_compress.yml +++ b/rules/windows/powershell/powershell_module/powershell_susp_zip_compress.yml @@ -16,7 +16,7 @@ tags: logsource: product: windows service: powershell - definition: Module Logging must be enabledd + definition: PowerShell Module Logging must be enabledd detection: selection_4103: EventID: 4103