security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Extended Windows processes

Browse Source
This commit is contained in:
Sander Wiebing
2020-05-26 13:56:51 +02:00
committed by GitHub
parent f9f814f3b3
commit 3681b8cb56
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/process_creation/win_system_exe_anomaly.yml
+7
View File
@@ -30,6 +30,13 @@ detection:
- '*\winlogon.exe'
- '*\explorer.exe'
- '*\taskhost.exe'
- '*\Taskmgr.exe'
- '*\sihost.exe'
- '*\RuntimeBroker.exe'
- '*\smartscreen.exe'
- '*\dllhost.exe'
- '*\audiodg.exe'
- '*\wlanext.exe'
filter:
Image:
- 'C:\Windows\System32\\*'