security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix falsepositives list

Browse Source
This commit is contained in:
frack113
2021-05-21 12:38:44 +02:00
parent 1e2f7c7abf
commit dec9e68876
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/process_access/sysmon_lsass_dump_comsvcs_dll.yml
+2 -1
View File
@@ -3,6 +3,7 @@ id: a49fa4d5-11db-418c-8473-1e014a8dd462
description: Detects adversaries leveraging the MiniDump export function from comsvcs.dll via rundll32 to perform a memory dump from lsass.
status: experimental
date: 2020/10/20
modified: 2021/05/21
author: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research)
tags:
- attack.credential_access
@@ -20,5 +21,5 @@ detection:
CallTrace|contains: 'comsvcs.dll'
condition: selection
falsepositives:
- Unknown
- Unknown
level: critical