valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 17:58:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update win_mal_service_installs.yml - Add new Event ID

Browse Source 
Added event ID 4697, which is equivalent to existing event ID 7045.
This commit is contained in:
G Y 2021-07-06 12:11:32 +08:00 committed by GitHub
parent c01ec60e7d
commit a0407cf477
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
rules/windows/builtin/win_mal_service_installs.yml
View File

@ -22,7 +22,9 @@ logsource:
service: system
detection:
selection:
EventID: 7045
EventID:
- 4697
- 7045
malsvc_paexec:
ServiceFileName|contains: '\PAExec'
malsvc_wannacry: