fix typo in lateral_movement_remote_services.toml (#3538)
(cherry picked from commit 138447221f)
This commit is contained in:
ALEXANDER MA COTE
committed by
github-actions[bot]
github-actions[bot]
parent
75a0a3f338
commit
e388aaf409
@@ -36,7 +36,7 @@ authenticode.path JOIN hash ON services.path = hash.path WHERE authenticode.resu
|
||||
author = ["Elastic"]
|
||||
description = """
|
||||
Identifies remote execution of Windows services over remote procedure call (RPC). This could be indicative of lateral
|
||||
movement, but will be noisy if commonly done by administrators."
|
||||
movement, but will be noisy if commonly done by administrators.
|
||||
"""
|
||||
from = "now-9m"
|
||||
index = ["logs-endpoint.events.*", "winlogbeat-*", "logs-windows.sysmon_operational-*"]
|
||||
|
||||
Reference in New Issue
Block a user