Changed category names and remove sysmon log source

2020-06-24 17:41:21 +02:00
parent e5f36dd146
commit f3fedef8f5
77 changed files with 31 additions and 107 deletions
@@ -13,7 +13,6 @@ date: 2017/03/04
 logsource:
    category: process_access
    product: windows
-    service: sysmon
    definition: 'Use the following config to generate the necessary Event ID 10 Process Access events: <ProcessAccess onmatch="include"><CallTrace condition="contains">VBE7.DLL</CallTrace></ProcessAccess><ProcessAccess onmatch="exclude"><CallTrace condition="excludes">UNKNOWN</CallTrace></ProcessAccess>'
 detection:
    selection: