security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3da07164ce0d651bf72691bac1cfcafbf20249de
blue-team-tools/tools/config/uberagent.yml
T
Sven Scharmentke c7a2cf1abf Add more entries to exclusion configuration.
2022-04-13 15:53:19 +02:00

10 lines
799 B
YAML
Raw Blame History

title: uberAgent configuration
order: 20
backends:
- uberagent
exclusion:
- e6ce8457-68b1-485b-9bdd-3c2b5d679aa9 # 'VBA DLL Loaded Via Microsoft Word': Rule already included in default configuration.
- a457f232-7df9-491d-898f-b5aabd2cbe2f # 'Windows Management Instrumentation DLL Loaded Via Microsoft Word': Rule already included in default configuration.
- 295a59c1-7b79-4b47-a930-df12c15fc9c2 # 'Windows Registry Trust Record Modification': Rule already included in default configuration.
- a166f74e-bf44-409d-b9ba-ea4b2dd8b3cd # 'Detects registry changes to Office macro settings': Rule already included in default configuration.
- e62a9f0c-ca1e-46b2-85d5-a6da77f86d1a # 'Detects suspicious a certutil command that used to encode files, which is sometimes used for data exfiltration'
Reference in New Issue View Git Blame Copy Permalink