valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 02:08:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update sysmon_dns_serverlevelplugindll.yml

Browse Source
This commit is contained in:
Jonhnathan 2020-10-15 20:03:29 -03:00 committed by GitHub
parent bdca2febe9
commit c4a44e2376
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
rules/windows/registry_event/sysmon_dns_serverlevelplugindll.yml
View File

@ -30,7 +30,7 @@ logsource:
category: registry_event category: registry_event
detection: detection:
dnsregmod: dnsregmod:
TargetObject: '*\services\DNS\Parameters\ServerLevelPluginDll' TargetObject|endswith: '\services\DNS\Parameters\ServerLevelPluginDll'
condition: 1 of them condition: 1 of them
--- ---
logsource: logsource:
@ -38,5 +38,5 @@ logsource:
product: windows product: windows
detection: detection:
dnsadmin: dnsadmin:
CommandLine: 'dnscmd.exe /config /serverlevelplugindll *' CommandLine|startswith 'dnscmd.exe /config /serverlevelplugindll '
condition: 1 of them condition: 1 of them