security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

rule: moved DebugView rule to process creation category

Browse Source
This commit is contained in:
Florian Roth
2020-05-28 10:13:38 +02:00
parent 76dcc1a16f
commit 39b41b5582
1 changed files with 1 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/sysmon/sysmon_susp_renamed_debugview.yml → rules/windows/process_creation/win_susp_renamed_debugview.yml
+1 -2
View File
@@ -7,11 +7,10 @@ references:
author: Florian Roth
date: 2020/05/28
logsource:
category: process_creation
product: windows
service: sysmon
detection:
selection:
EventID: 1
Product:
- 'Sysinternals DebugView'
- 'Sysinternals Debugview'