blue-team-tools/tests/test-base64offset-all.yml at 3da07164ce0d651bf72691bac1cfcafbf20249de - blue-team-tools - GreySec Git

security-tools/blue-team-tools

Files

T

Thomas Patzke 184b6bb244 Wrapping base64offset modified expansion group into ConditionOR

2022-05-01 23:07:25 +02:00

10 lines

212 B

YAML

Raw Blame History

 title: Testrule
 logsource:
     category: process_creation
     product: windows
 detection:
     selection:
         CommandLine|base64offset|contains|all:
             - foo
             - bar
     condition: selection