security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added "logsource" sections and new rule

Browse Source
This commit is contained in:
Florian Roth
2017-02-19 00:31:59 +01:00
parent 9a38d6543f
commit cd6e24c5ff
20 changed files with 84 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/sysmon/sysmon_vul_java_remote_debugging.yml
+4
View File
@@ -1,5 +1,9 @@
title: Java running with Remote Debugging
description: Detcts a JAVA process running with remote debugging allowing more than just localhost to connect
author: Florian Roth
logsource:
- product: windows
- service: sysmon
detection:
selection:
EventLog: Microsoft-Windows-Sysmon/Operational