Thomas Patzke
16 lines
409 B
YAML
16 lines
409 B
YAML
title: Conversion of generic process_creation rules into Security/4688
|
|
order: 10
|
|
logsources:
|
|
process_creation:
|
|
category: process_creation
|
|
product: windows
|
|
conditions:
|
|
EventID: 4688
|
|
rewrite:
|
|
product: windows
|
|
service: security
|
|
fieldmappings:
|
|
Image: NewProcessName
|
|
ParentImage: ParentProcessName
|
|
CommandLine: ProcessCommandLine
|