valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 09:48:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Improved shell spawning rule

Browse Source
This commit is contained in:
Florian Roth 2018-04-11 20:09:28 +02:00
parent ef7fb4cff1
commit 52d405bb1b
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
rules/windows/sysmon/sysmon_shell_spawn_susp_program.yml
View File

@ -24,6 +24,7 @@ detection:
- '*\nslookup.exe'
- '*\certutil.exe'
- '*\bitsadmin.exe'
- '*\mshta.exe'
condition: selection
fields:
- CommandLine