valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 02:08:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update sysmon_susp_clr_logs.yml

Browse Source
This commit is contained in:
omkargudhate22 2020-10-14 18:11:49 +05:30 committed by GitHub
parent 75ee2e0f47
commit 23098d042c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
rules/windows/file_event/sysmon_susp_clr_logs.yml
View File

@ -2,7 +2,7 @@ title: Suspcious CLR Logs Creation
id: e4b63079-6198-405c-abd7-3fe8b0ce3263 id: e4b63079-6198-405c-abd7-3fe8b0ce3263
description: Detects suspicious .NET assembly executions description: Detects suspicious .NET assembly executions
references: references:
- https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html - https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html
date: 2020/10/12 date: 2020/10/12
tags: tags:
- attack.execution - attack.execution