valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 01:45:21 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix logsource to get accurate detection

Browse Source
This commit is contained in:
frack113 2021-05-30 08:22:38 +02:00
parent 503df46968
commit 33a5137bc7
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
rules/windows/other/win_defender_history_delete.yml
View File

@ -6,12 +6,13 @@ author: Cian Heasley
references: references:
- https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus - https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus
date: 2020/08/13 date: 2020/08/13
modified: 2021/05/30
tags: tags:
- attack.defense_evasion - attack.defense_evasion
- attack.t1070.001 - attack.t1070.001
logsource: logsource:
category: windows product: windows
product: windef service: windefend
detection: detection:
selection: selection:
EventID: 1013 EventID: 1013