adding additional filter for lsass: ShareName=\\*\IPC$ | ShareLocalPath= | RelativeTargetName=lsass | AccessMask=0x2019f · d90ddc097e - blue-team-tools - GreySec Git

security-tools/blue-team-tools

adding additional filter for lsass: ShareName=\\*\IPC$ | ShareLocalPath= | RelativeTargetName=lsass | AccessMask=0x2019f

This commit is contained in:

Tim Shelton

2021-12-01 18:36:38 +00:00

parent 7626b73b8e

commit d90ddc097e

1 changed files with 1 additions and 0 deletions

									
										rules/windows/builtin/win_lm_namedpipe.yml
									
		+1
		
												View File
												
				@@ -20,6 +20,7 @@ detection:

				      - 'atsvc'

				      - 'samr'

				      - 'lsarpc'

				      - 'lsass'

				      - 'winreg'

				      - 'netlogon'

				      - 'srvsvc'