valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 17:58:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update sysmon_susp_download_run_key.yml

Browse Source
This commit is contained in:
Jonhnathan 2020-10-15 20:07:53 -03:00 committed by GitHub
parent 6fc6409c7f
commit 17ade8e5f5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
rules/windows/registry_event/sysmon_susp_download_run_key.yml
View File

@ -16,11 +16,11 @@ logsource:
product: windows
detection:
selection:
Image:
- '*\Downloads\\*'
- '*\Temporary Internet Files\Content.Outlook\\*'
- '*\Local Settings\Temporary Internet Files\\*'
TargetObject: '*\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\*'
Image|contains:
- '\Downloads\\'
- '\Temporary Internet Files\Content.Outlook\\'
- '\Local Settings\Temporary Internet Files\\'
TargetObject|contains: '\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\'
condition: selection
falsepositives:
- Software installers downloaded and used by users