security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Rule Windows 10 scheduled task SandboxEscaper 0-day

Browse Source
This commit is contained in:
Olaf Hartong
2019-05-22 12:32:07 +02:00
parent 544dfe3704
commit e675cdf9c4
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/sysmon/sysmon_win10_sched_task_0day.yml
+1 -1
View File
@@ -11,7 +11,7 @@ logsource:
detection:
selection:
EventID: 1
Image: 'schtasks.exe'
Image: 'schtasks.exe'
CommandLine: '*/change*/TN*/RU*'
filter:
condition: selection