valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-06 09:25:17 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

style: minor changes

Browse Source
This commit is contained in:
Florian Roth 2019-12-20 14:59:26 +01:00
parent c8b6b5c556
commit ab038d1ac7
2 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
rules/apt/apt_apt29_tor.yml
View File

@ -21,7 +21,6 @@ detection:
falsepositives:
- Unknown
level: high
---
logsource:
category: process_creation

2
rules/windows/process_creation/win_susp_powershell_enc_cmd.yml
View File

@ -1,6 +1,6 @@
title: Suspicious Encoded PowerShell Command Line
id: ca2092a1-c273-4878-9b4b-0d60115bf5ea
description: Detects suspicious powershell process starts with base64 encoded commands
description: Detects suspicious powershell process starts with base64 encoded commands (e.g. Emotet)
status: experimental
references:
- https://app.any.run/tasks/6217d77d-3189-4db2-a957-8ab239f3e01e