security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Tune false positive

Browse Source
This commit is contained in:
frack113
2021-07-27 10:05:57 +02:00
parent cf221c08c8
commit 7287a46f2f
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/registry_event/sysmon_taskcache_entry.yml
+2
View File
@@ -6,6 +6,7 @@ tags:
- attack.t1053
- attack.t1053.005
date: 2021/06/18
modified: 2021/07/27
references:
- https://thedfirreport.com/2021/03/29/sodinokibi-aka-revil-ransomware/
author: Syed Hasan (@syedhasan009)
@@ -17,5 +18,6 @@ logsource:
product: windows
detection:
selection:
EventType: SetValue
TargetObject|contains: 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\'
condition: selection