valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 09:48:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Removed duplicate status field

Browse Source
This commit is contained in:
Florian Roth 2018-07-16 15:55:31 -06:00 committed by GitHub
parent 3630386230
commit 3f0040b983
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
rules/windows/sysmon/sysmon_cmstp_execution.yml
View File

@ -1,8 +1,7 @@
title: CMSTP Execution
status: experimental
status: stable
description: Detects various indicators of Microsoft Connection Manager Profile Installer execution
author: Nik Seetharaman
status: Stable
references:
- http://www.endurant.io/cmstp/detecting-cmstp-enabled-code-execution-and-uac-bypass-with-sysmon/
logsource:
@ -32,4 +31,4 @@ fields:
- Details
falsepositives:
- Legitimate CMSTP use (unlikely in modern enterprise environments)
level: high
level: high