security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: PowerShell Defender modifications

Browse Source
This commit is contained in:
Florian Roth
2022-03-03 13:53:06 +01:00
parent 5e76089044
commit b3b5b2cbdd
3 changed files with 54 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/powershell/powershell_script/posh_ps_tamper_defender.yml
+2 -1
View File
@@ -24,10 +24,11 @@ detection:
- DisableBehaviorMonitoring
- DisableScriptScanning
- DisableBlockAtFirstSeen
- DisableIOAVProtection
condition: selection
falsepositives:
- Legitimate PowerShell scripts
level: medium
level: high
tags:
- attack.defense_evasion
- attack.t1562.001