mhaag-spl b3b37719e7 Update sysmon_lsass_memdump.yml ...

Updated Sysmon Lsass Memdump to detect other memory dumping techniques from mimikatz, nanodump, invoke-mimikatz, and so forth. This adds additional GrantedAccess permissions and adds ntdll.dll to CallTrace. Tested with Atomic Red Team T1003.001, MimiKatz, Invoke-Mimikatz and Cobalt Strike.

2022-01-26 08:12:49 -07:00

..

application

Merge pull request #2572 from zeronetworks/master

2022-01-24 18:18:22 +01:00

apt

remove invalid tag

2022-01-19 18:23:30 +01:00

cloud

remove invalid tag

2022-01-19 18:23:30 +01:00

compliance

Change double quote to quote

2022-01-06 14:02:35 +01:00

generic

Change status for old rules

2021-11-27 11:33:14 +01:00

linux

Adding new linux auditd rule - Disable Dystem Firewall

2022-01-22 15:12:24 +01:00

network

remove invalid tag

2022-01-19 18:23:30 +01:00

proxy

remove invalid tag

2022-01-19 18:23:30 +01:00

web

remove invalid tag

2022-01-19 18:23:30 +01:00

windows

Update sysmon_lsass_memdump.yml

2022-01-26 08:12:49 -07:00