From 2b776cdfbb916713ec68cb9afff8b08cd251cca6 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Wed, 24 Aug 2022 16:51:12 +0200 Subject: [PATCH] refactor: renamed old sysmon_ file names w/ new prefix --- ...s_executable.yml => create_stream_hash_ads_executable.yml} | 4 ++-- ...o_ads.yml => create_stream_hash_regedit_export_to_ads.yml} | 0 2 files changed, 2 insertions(+), 2 deletions(-) rename rules/windows/create_stream_hash/{sysmon_ads_executable.yml => create_stream_hash_ads_executable.yml} (95%) rename rules/windows/create_stream_hash/{sysmon_regedit_export_to_ads.yml => create_stream_hash_regedit_export_to_ads.yml} (100%) diff --git a/rules/windows/create_stream_hash/sysmon_ads_executable.yml b/rules/windows/create_stream_hash/create_stream_hash_ads_executable.yml similarity index 95% rename from rules/windows/create_stream_hash/sysmon_ads_executable.yml rename to rules/windows/create_stream_hash/create_stream_hash_ads_executable.yml index d88203acf..b5a5a1169 100644 --- a/rules/windows/create_stream_hash/sysmon_ads_executable.yml +++ b/rules/windows/create_stream_hash/create_stream_hash_ads_executable.yml @@ -6,7 +6,7 @@ author: Florian Roth, @0xrawsec references: - https://twitter.com/0xrawsec/status/1002478725605273600?s=21 date: 2018/06/03 -modified: 2021/12/08 +modified: 2022/08/24 logsource: product: windows category: create_stream_hash @@ -22,7 +22,7 @@ fields: - Image falsepositives: - Unknown -level: high +level: medium tags: - attack.defense_evasion - attack.s0139 diff --git a/rules/windows/create_stream_hash/sysmon_regedit_export_to_ads.yml b/rules/windows/create_stream_hash/create_stream_hash_regedit_export_to_ads.yml similarity index 100% rename from rules/windows/create_stream_hash/sysmon_regedit_export_to_ads.yml rename to rules/windows/create_stream_hash/create_stream_hash_regedit_export_to_ads.yml