security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

reworked rule

Browse Source
This commit is contained in:
Florian Roth
2022-08-02 18:08:39 +02:00
parent afa0d77025
commit e7c57671bd
1 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/builtin/security_mitigations/win_security_mitigations_code_integrity_defender_load_unsigned_dll.yml
+4 -4
View File
@@ -15,10 +15,10 @@ logsource:
detection:
selection:
EventID: 12 # MDE: ExploitGuardNonMicrosoftSignedBlocked
ProcessPath|endswith:
- '\MpCmdRun.exe'
- '\NisSrv.exe'
Image|endswith: '.dll'
ProcessPath|endswith:
- '\MpCmdRun.exe'
- '\NisSrv.exe'
ImageName|endswith: '.dll'
condition: selection
falsepositives:
- Unknown