security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add fp note to PortProxy rules

Browse Source
This commit is contained in:
Andreas Hunkeler
2021-06-24 11:21:29 +02:00
committed by GitHub
parent d05e33eb48
commit 366d83ab44
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/registry_event/win_portproxy_registry_key.yml
+1 -1
View File
@@ -21,5 +21,5 @@ detection:
TargetObject: 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PortProxy\v4tov4\tcp'
condition: selection_registry
falsepositives:
- Unlikely
- WSL2 network bridge PowerShell script used for WSL/Kubernetes/Docker (e.g. https://github.com/microsoft/WSL/issues/4150#issuecomment-504209723)
level: medium