security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix typo in lateral_movement_remote_services.toml (#3538)

Browse Source
This commit is contained in:
ALEXANDER MA COTE
2024-03-27 06:38:57 -04:00
committed by GitHub
parent 760b99bcc1
commit 138447221f
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/lateral_movement_remote_services.toml
+1 -1
View File
@@ -36,7 +36,7 @@ authenticode.path JOIN hash ON services.path = hash.path WHERE authenticode.resu
author = ["Elastic"]
description = """
Identifies remote execution of Windows services over remote procedure call (RPC). This could be indicative of lateral
movement, but will be noisy if commonly done by administrators."
movement, but will be noisy if commonly done by administrators.
"""
from = "now-9m"
index = ["logs-endpoint.events.*", "winlogbeat-*", "logs-windows.sysmon_operational-*"]