valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 09:48:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

ImageLoaded mapping added

Browse Source
This commit is contained in:
bar 2020-07-21 17:21:14 +03:00
parent 80e6e933a9
commit da30266c60
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
tools/config/stix-windows.yml
View File

@ -84,7 +84,7 @@ fieldmappings:
Image:
- process:image_ref.name
ImageLoadedTempPath:
- process:image_ref.x_temp_path
- process:extensions.windows-service-ext.service_dll_refs[*].x_temp_path
ImageName:
- process:image_ref.name
ImagePath:
@ -101,9 +101,9 @@ fieldmappings:
IntegrityLevel:
- x-windows:integritylevel
LoadedImage:
- process:image_ref.name
- process:extensions.windows-service-ext.service_dll_refs[*].name
LoadedImageName:
- process:image_ref.name
- process:extensions.windows-service-ext.service_dll_refs[*].name
LogonType:
- x-windows:logontype
MD5Hash:
@ -248,9 +248,9 @@ fieldmappings:
event_data.Image:
- process:image_ref.name
event_data.ImageLoaded:
- process:image_ref.name
- process:extensions.windows-service-ext.service_dll_refs[*].name
ImageLoaded:
- process:image_ref.name
- process:extensions.windows-service-ext.service_dll_refs[*].name
event_data.ImagePath:
- process:image_ref.name
event_data.ParentCommandLine: