security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #1475 from wagga40/master

Browse Source 
Modified some field values for case sensitive backends (SQL)
This commit is contained in:
Florian Roth
2021-05-14 08:59:39 +02:00
committed by GitHub
parent 83068416fa 8944ccea04
commit 30bee7204c
2 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/image_load/sysmon_alternate_powershell_hosts_moduleload.yml
+2 -2
View File
@@ -15,8 +15,8 @@ logsource:
category: image_load
detection:
selection:
Description: 'system.management.automation'
ImageLoaded|contains: 'system.management.automation'
Description: 'System.Management.Automation'
ImageLoaded|contains: 'System.Management.Automation'
filter:
Image|endswith: '\powershell.exe'
condition: selection and not filter
rules/windows/image_load/sysmon_powershell_execution_moduleload.yml
+2 -2
View File
@@ -16,8 +16,8 @@ logsource:
product: windows
detection:
selection:
Description: 'system.management.automation'
ImageLoaded|contains: 'system.management.automation'
Description: 'System.Management.Automation'
ImageLoaded|contains: 'System.Management.Automation'
condition: selection
fields:
- ComputerName