security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 45 Packages Projects Releases Wiki Activity

Merge PR #5660 from @swachchhanda000 - feat: add rule to detect deletion of RunMRU registry key

Browse Source 
new: RunMRU Registry Key Deletion
new: RunMRU Registry Key Deletion - Registry
---------

Co-authored-by: Nasreddine Bencherchali <nasbench@users.noreply.github.com>
This commit is contained in:
Swachchhanda Shrawan Poudel
2025-10-22 18:31:35 +05:45
committed by GitHub
parent 3ae99cfc57
commit d36fc36e08
3 changed files with 61 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tests/thor.yml
+2
View File
@@ -134,6 +134,7 @@ logsources:
product: windows
conditions:
EventID: 12
EventType: CreateKey
rewrite:
product: windows
service: sysmon
@@ -142,6 +143,7 @@ logsources:
product: windows
conditions:
EventID: 12
EventType: DeleteKey
rewrite:
product: windows
service: sysmon