security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d14e287cdf91e2a8b995de5bfbc3fa8540c1922b
blue-team-tools/rules/windows/builtin/system/win_system_application_sysmon_crash.yml
T
frack113 8b749fb126 Order yaml field
2022-10-25 11:08:51 +02:00

22 lines
514 B
YAML
Raw Blame History

title: Sysmon Crash
id: 4d7f1827-1637-4def-8d8a-fd254f9454df
status: experimental
description: Detects application popup reporting a failure of the Sysmon service
author: Tim Shelton
date: 2022/04/26
tags:
- attack.defense_evasion
- attack.t1562
logsource:
product: windows
service: system
detection:
selection:
Provider_Name: 'Application Popup'
EventID: 26
Caption: 'sysmon64.exe - Application Error'
condition: selection
falsepositives:
- Unknown
level: high
Reference in New Issue View Git Blame Copy Permalink