feat: check for the existence of a description field
it is not mandatory in the sigma standard but mandatory for this repository
This commit is contained in:
phantinuss
@@ -1,16 +1,17 @@
|
||||
title: AzureHound PowerShell Commands
|
||||
id: 83083ac6-1816-4e76-97d7-59af9a9ae46e
|
||||
status: experimental
|
||||
description:
|
||||
description: Detects the execution of AzureHound in PowerShell, a tool to gather data from Azure for BloodHound
|
||||
references:
|
||||
- https://github.com/BloodHoundAD/BloodHound/blob/master/Collectors/AzureHound.ps1
|
||||
- https://bloodhound.readthedocs.io/en/latest/data-collection/azurehound.html
|
||||
author: Austin Songer (@austinsonger)
|
||||
date: 2021/10/23
|
||||
modified: 2022/01/12
|
||||
logsource:
|
||||
product: windows
|
||||
category: ps_script
|
||||
definition: Script Block Logging must be enable
|
||||
definition: Script Block Logging must be enabled
|
||||
detection:
|
||||
selection:
|
||||
ScriptBlockText|contains: Invoke-AzureHound
|
||||
|
||||
Reference in New Issue
Block a user