security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update discovery_remote_system_discovery_commands_windows.toml (#2033)

Browse Source 
(cherry picked from commit c8ff1dc9cb)
This commit is contained in:
Jonhnathan
2022-06-14 10:50:59 -03:00
committed by github-actions[bot]
parent fa5fc6094e
commit 0973ac07ef
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/discovery_remote_system_discovery_commands_windows.toml
+3 -3
View File
@@ -1,7 +1,7 @@
[metadata]
creation_date = "2020/12/04"
maturity = "production"
updated_date = "2022/04/21"
updated_date = "2022/06/14"
[rule]
author = ["Elastic"]
@@ -62,8 +62,8 @@ type = "eql"
query = '''
process where event.type in ("start", "process_started") and
(process.name : "nbtstat.exe" and process.args : ("-n", "-s")) or
(process.name : "arp.exe" and process.args : "-a")
((process.name : "nbtstat.exe" and process.args : ("-n", "-s")) or
(process.name : "arp.exe" and process.args : "-a"))
'''