valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 17:58:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update sysmon_dns_serverlevelplugindll.yml

Browse Source
This commit is contained in:
Jonhnathan 2020-10-15 20:03:29 -03:00 committed by GitHub
parent bdca2febe9
commit c4a44e2376
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
rules/windows/registry_event/sysmon_dns_serverlevelplugindll.yml
View File

@ -30,7 +30,7 @@ logsource:
category: registry_event
detection:
dnsregmod:
TargetObject: '*\services\DNS\Parameters\ServerLevelPluginDll'
TargetObject|endswith: '\services\DNS\Parameters\ServerLevelPluginDll'
condition: 1 of them
---
logsource:
@ -38,5 +38,5 @@ logsource:
product: windows
detection:
dnsadmin:
CommandLine: 'dnscmd.exe /config /serverlevelplugindll *'
condition: 1 of them
CommandLine|startswith 'dnscmd.exe /config /serverlevelplugindll '
condition: 1 of them