security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update win_lpe_indicators_tabtip.yml

Browse Source
This commit is contained in:
Florian Roth
2022-10-07 10:48:52 +02:00
parent 6623778a61
commit d76bdf71df
1 changed files with 6 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/builtin/system/win_lpe_indicators_tabtip.yml
+6 -5
View File
@@ -13,11 +13,12 @@ logsource:
product: windows
service: system
detection:
keywords:
- '{054AAE20-4BEA-4347-8A35-64A533254A9D}'
- '2147943140'
- 'C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe'
condition: all of keywords
selection:
EventID: 10001
param1: 'C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe'
param2: '2147943140'
param3: '{054AAE20-4BEA-4347-8A35-64A533254A9D}'
condition: selection
falsepositives:
- Unknown
level: high