 frack113
|
ecc0fcb082
|
process_creation is a category
|
2021-05-12 08:57:57 +02:00 |
|
|
Anton Kutepov
|
3f45269296
|
Merge branch 'oscd'
B
B
B
B
A
|
2021-03-02 22:58:41 +03:00 |
|
|
ZikyHD
|
8a6b182fee
|
Update win_susp_adfind.yml
|
2020-12-29 14:41:46 +01:00 |
|
|
ZikyHD
|
ece829bb25
|
Update win_susp_adfind.yml
Typo on field name
|
2020-12-29 14:40:36 +01:00 |
|
|
Jonhnathan
|
a9fde0117b
|
Merge branch 'oscd' into oscd_rules_improvement
|
2020-11-28 14:52:31 -03:00 |
|
|
yugoslavskiy
|
c9596d7e30
|
Update win_susp_adfind.yml
|
2020-11-28 12:11:53 +01:00 |
|
|
Jonhnathan
|
d4603d196b
|
Update win_susp_adfind.yml
|
2020-10-15 21:00:15 -03:00 |
|
|
Jonhnathan
|
79951ce104
|
Update win_susp_adfind.yml
|
2020-10-15 18:26:44 -03:00 |
|
|
omkargudhate22
|
e2911a025e
|
added tags and corrected image condition format
|
2020-10-12 17:00:57 +05:30 |
|
|
Florian Roth
|
b8dc8d3f7e
|
reduced to avoid FPs
|
2020-10-12 10:46:34 +02:00 |
|
|
omkar72
|
99d87d60ec
|
updated adfind command line
|
2020-10-12 12:52:54 +05:30 |
|
|
omkar72
|
cf5ad9197c
|
updated adfind command line
|
2020-10-12 12:42:05 +05:30 |
|
|
omkar72
|
d29a28a4a8
|
updated adfind command line
|
2020-10-12 12:40:50 +05:30 |
|
|
Florian Roth
|
8020fe3c40
|
false positive condition
|
2020-09-26 17:03:29 +02:00 |
|
|
Florian Roth
|
60795f7050
|
Update win_susp_adfind.yml
Fear that a simple adfind.exe causes too many false positives
|
2020-09-26 17:02:39 +02:00 |
|
|
Tran Trung Hieu
|
d4dd0600ad
|
Fix logsource service to process_creation
|
2020-09-26 21:45:23 +07:00 |
|
|
Tran Trung Hieu
|
c756fc8576
|
Detect Suspicious AdFind Execution
|
2020-09-26 21:34:06 +07:00 |
|