security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Improved shell spawning rule

Browse Source
This commit is contained in:
Florian Roth
2018-04-11 20:09:28 +02:00
parent ef7fb4cff1
commit 52d405bb1b
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/sysmon/sysmon_shell_spawn_susp_program.yml
+1
View File
@@ -24,6 +24,7 @@ detection:
- '*\nslookup.exe'
- '*\certutil.exe'
- '*\bitsadmin.exe'
- '*\mshta.exe'
condition: selection
fields:
- CommandLine