security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[Suspicious PowerShell Engine ImageLoad] Add Ssms.exe to query exceptions (#2831)

Browse Source 
* Add Ssms.exe to query exceptions

* Changed updated_date

---------

Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>
This commit is contained in:
Eric
2023-06-12 13:15:47 -06:00
committed by GitHub
parent 8db42da040
commit 1e404cde34
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/execution_suspicious_powershell_imgload.toml
+2 -1
View File
@@ -4,7 +4,7 @@ integration = ["endpoint", "windows"]
maturity = "production"
min_stack_comments = "New fields added: required_fields, related_integrations, setup"
min_stack_version = "8.3.0"
updated_date = "2023/02/22"
updated_date = "2023/06/06"
[rule]
author = ["Elastic"]
@@ -139,6 +139,7 @@ not process.executable regex~ """C:\\Program Files( \(x86\))?\\*\.exe""" and
"SPCAF.Client.exe",
"SPCAF.SettingsEditor.exe",
"SQLPS.exe",
"Ssms.exe",
"telemetryservice.exe",
"UMWorkerProcess.exe",
"w3wp.exe",