valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 17:58:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add modified field in WinRM rule

Browse Source
This commit is contained in:
Andreas Hunkeler 2021-05-21 09:28:45 +02:00 committed by GitHub
parent 93241e7fc6
commit d8ec5fa6af
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
rules/windows/builtin/win_remote_powershell_session.yml
View File

@ -3,6 +3,7 @@ id: 13acf386-b8c6-4fe0-9a6e-c4756b974698
description: Detects basic PowerShell Remoting (WinRM) by monitoring for network inbound connections to ports 5985 OR 5986 description: Detects basic PowerShell Remoting (WinRM) by monitoring for network inbound connections to ports 5985 OR 5986
status: experimental status: experimental
date: 2019/09/12 date: 2019/09/12
modified: 2021/05/21
author: Roberto Rodriguez @Cyb3rWard0g author: Roberto Rodriguez @Cyb3rWard0g
references: references:
- https://github.com/Cyb3rWard0g/ThreatHunter-Playbook/tree/master/playbooks/windows/02_execution/T1086_powershell/powershell_remote_session.md - https://github.com/Cyb3rWard0g/ThreatHunter-Playbook/tree/master/playbooks/windows/02_execution/T1086_powershell/powershell_remote_session.md