Update sysmon_registry_trust_record_modification.yml
This commit is contained in:
Antonlovesdnb
@@ -6,10 +6,10 @@ references:
|
||||
- https://outflank.nl/blog/2018/01/16/hunting-for-evil-detect-macros-being-executed/
|
||||
- http://az4n6.blogspot.com/2016/02/more-on-trust-records-macros-and.html
|
||||
author: Antonlovesdnb
|
||||
date: 2020/2/19
|
||||
modified: 2020/2/19
|
||||
date: 2020/02/19
|
||||
modified: 2020/02/19
|
||||
tags:
|
||||
- attack.initial.access
|
||||
- attack.initial_access
|
||||
- attack.t1193
|
||||
logsource:
|
||||
product: windows
|
||||
@@ -21,4 +21,4 @@ detection:
|
||||
condition: selection
|
||||
falsepositives:
|
||||
- Alerts on legitimate macro usage as well, will need to filter as appropriate
|
||||
level: medium
|
||||
level: medium
|
||||
|
||||
Reference in New Issue
Block a user