security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Revert "feat: OriginalFileName mapping in MDATP ImageLoad events"

Browse Source 
This reverts commit cdc434cfc4.
This commit is contained in:
Florian Roth
2021-07-08 08:55:33 +02:00
parent cdc434cfc4
commit 84b181d170
1 changed files with 0 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tools/sigma/backends/mdatp.py
-1
View File
@@ -160,7 +160,6 @@ class WindowsDefenderATPBackend(SingleTextQueryBackend):
"DeviceName": (self.id_mapping, self.default_value_mapping),
"EventType": ("ActionType", self.default_value_mapping),
"FileName": (self.id_mapping, self.default_value_mapping),
"OriginalFileName": ("OriginalFileName", self.default_value_mapping),
"Image": ("InitiatingProcessFolderPath", self.default_value_mapping),
"ImageLoaded": ("FolderPath", self.default_value_mapping),
"ParentCommandLine": ("InitiatingProcessCommandLine", self.default_value_mapping),