security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 45 Packages Projects Releases Wiki Activity

Merge PR #5175 from @netgrain - Add WDAC Policy File Creation In CodeIntegrity Folder

Browse Source 
new: WDAC Policy File Creation In CodeIntegrity Folder
---------

Co-authored-by: Andreas Braathen <andreasb@mnemonic.io>
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
Co-authored-by: Nasreddine Bencherchali <nasreddineb@splunk.com>
Co-authored-by: Swachchhanda Shrawan Poudel <87493836+swachchhanda000@users.noreply.github.com>
This commit is contained in:
Andreas Braathen
2025-09-22 11:48:53 +02:00
committed by GitHub
parent 6c26cf1be9
commit 35d80c39bd
2 changed files with 30 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tests/logsource.json
+1 -1
View File
@@ -436,7 +436,7 @@
"SourceParentCommandLine", "TargetCommandLine", "TargetParentProcessId", "TargetParentImage", "TargetParentCommandLine",
"IsInitialThread", "RemoteCreation"],
"file_delete": ["CommandLine", "ParentImage", "ParentCommandLine"],
"file_event": ["CommandLine", "ParentImage", "ParentCommandLine", "MagicHeader"],
"file_event": ["CommandLine", "IntegrityLevel", "MagicHeader", "ParentCommandLine", "ParentImage"],
"image_load": ["CommandLine"],
"process_access": ["SourceCommandLine", "CallTraceExtended"],
"file_access":["Image", "CommandLine", "ParentImage", "ParentCommandLine", "User", "TargetFilename"],