valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 17:58:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update sysmon_susp_office_dotnet_clr_dll_load.yml

Browse Source
This commit is contained in:
Antonlovesdnb 2020-02-19 14:52:09 -05:00 committed by GitHub
parent 328858279f
commit 6234f72a6c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
rules/windows/sysmon/sysmon_susp_office_dotnet_clr_dll_load.yml
View File

@ -7,7 +7,7 @@ references:
author: Antonlovesdnb
date: 2020/02/19
tags:
- attack.initial.access
- attack.initial_access
- attack.t1193
logsource:
product: windows
@ -25,4 +25,4 @@ detection:
condition: selection
falsepositives:
- Alerts on legitimate macro usage as well, will need to filter as appropriate
level: high
level: high