valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 09:48:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

added att&ck tag

Browse Source
This commit is contained in:
Lurkkeli 2018-08-07 08:45:58 +02:00 committed by GitHub
parent 0bff27ec21
commit 99253763af
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
rules/windows/sysmon/sysmon_susp_powershell_rundll32.yml
View File

@ -14,6 +14,10 @@ detection:
SourceImage: '*\powershell.exe'
TargetImage: '*\rundll32.exe'
condition: selection
tags:
- attack.defense_evasion
- attack.execution
- attack.t1085
falsepositives:
- Unkown
level: high