 Roberto Rodriguez
|
328762ed67
|
Update powershell_xor_commandline.yml
Ducplicate names again for https://github.com/Neo23x0/sigma/search?q=Suspicious+Encoded+PowerShell+Command+Line&unscoped_q=Suspicious+Encoded+PowerShell+Command+Line . This brakes elastalert integration since each rule needs to have its own unique name.
|
2018-12-05 05:51:41 +03:00 |
|
|
Sherif Eldeeb
|
23eddafb39
|
Replace "logsource: description" with "definition" to match the specs
|
2018-11-15 09:00:06 +03:00 |
|
|
Thomas Patzke
|
ff98991c80
|
Fixed rule
|
2018-10-18 16:20:51 +02:00 |
|
|
Lurkkeli
|
30fc4bd030
|
powershell xor commandline
New rule to detect -bxor usage in a powershell commandline.
|
2018-09-05 09:21:15 +02:00 |
|