security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update rules/macos/process_creation/proc_creation_macos_susp_installer_child_process.yml

Browse Source
This commit is contained in:
frack113
2023-02-20 06:32:47 +01:00
committed by GitHub
parent c016748316
commit cd16dff85d
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/macos/process_creation/proc_creation_macos_susp_installer_child_process.yml
+1 -1
View File
@@ -1,4 +1,4 @@
title: Suspicious Installer Package child process
title: Suspicious Installer Package Child Process
id: e0cfaecd-602d-41af-988d-f6ccebb2af26
status: experimental
description: Detects the execution of suspicious child processes from macOS installer package parent process. This includes osascript, JXA, curl and wget amongst other interpreters