security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #3533 from YamatoSecurity/define-security-mitigations-service

Browse Source 
define security-mitigations service
This commit is contained in:
Florian Roth
2022-09-27 23:47:26 +02:00
committed by GitHub
parent f220b72b0a e44e01e106
commit dd115ca74c
3 changed files with 9 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/builtin/security_mitigations/win_security_mitigations_defender_load_unsigned_dll.yml
+2 -2
View File
@@ -6,13 +6,13 @@ references:
- https://www.sentinelone.com/blog/living-off-windows-defender-lockbit-ransomware-sideloads-cobalt-strike-through-microsoft-security-tool
author: Bhabesh Raj
date: 2022/08/02
modified: 2022/08/05
modified: 2022/09/28
tags:
- attack.defense_evasion
- attack.t1574.002
logsource:
product: windows
category: security-mitigations
service: security-mitigations
detection:
selection:
EventID:
rules/windows/builtin/security_mitigations/win_security_mitigations_unsigned_dll_from_susp_location.yml
+2 -2
View File
@@ -6,13 +6,13 @@ references:
- https://github.com/nasbench/EVTX-ETW-Resources/blob/45fd5be71a51aa518b1b36d4e1f36af498084e27/ETWEventsList/CSV/Windows11/21H2/W11_21H2_Pro_20220719_22000.795/Providers/Microsoft-Windows-Security-Mitigations.csv
author: Nasreddine Bencherchali
date: 2022/08/03
modified: 2022/08/05
modified: 2022/09/28
tags:
- attack.defense_evasion
- attack.t1574.002
logsource:
product: windows
category: security-mitigations
service: security-mitigations
detection:
selection:
EventID:
tools/config/generic/windows-services.yml
+5
View File
@@ -176,3 +176,8 @@ logsources:
service: shell-core
conditions:
Channel: 'Microsoft-Windows-Shell-Core/Operational'
security-mitigations:
product: windows
service: security-mitigations
conditions:
Provider_Name: 'Microsoft-Windows-Security-Mitigations'