Samirbous
2e067562f1
[New Rule] Potential Credential Access via LSASS Memory Dump (#1533)
* [New Rule] Potential Credential Access via LSASS Memory Dump
* Update credential_access_suspicious_lsass_access_memdump.toml
* fix typo in calltrace and event.code type
* Update rules/windows/credential_access_suspicious_lsass_access_memdump.toml
Co-authored-by: Jonhnathan <jonhnathancesar@gmail.com>
* Update credential_access_suspicious_lsass_access_memdump.toml
* added TargetImage to non ecs schema
* Update non-ecs-schema.json
* format
* Update credential_access_suspicious_lsass_access_memdump.toml
* Update credential_access_suspicious_lsass_access_memdump.toml
Co-authored-by: Jonhnathan <jonhnathancesar@gmail.com>
(cherry picked from commit c18c08a976)
2021-11-17 07:38:39 +00:00
..
2021-11-15 18:41:47 +00:00
2021-10-28 11:24:28 -05:00
2021-10-28 11:24:28 -05:00
2020-12-18 12:46:16 -09:00
2020-12-18 12:46:16 -09:00
2021-08-04 14:16:10 -08:00
2021-11-16 09:33:36 +00:00
2021-08-26 14:17:34 -06:00
2021-11-17 07:38:39 +00:00
2021-11-15 21:48:07 -09:00
2021-09-03 13:35:59 -07:00
2020-07-07 15:10:06 -06:00
2021-06-15 07:54:50 -06:00
2021-11-15 18:41:47 +00:00
2020-06-29 23:17:42 -06:00
2021-11-16 09:33:36 +00:00
