Update sysmon_susp_powershell_parent_combo.yml

2018-10-09 19:11:17 -05:00
parent b0983047eb
commit 440b0ddffe
1 changed files with 3 additions and 0 deletions
@@ -4,6 +4,9 @@ description: Detects suspicious powershell invocations from interpreters or unus
 author: Florian Roth
 references:
    - https://www.carbonblack.com/2017/03/15/attackers-leverage-excel-powershell-dns-latest-non-malware-attack/
+tags:
+    - attack.execution
+    - attack.t1086
 logsource:
    product: windows
    service: sysmon