mirror of
https://github.com/valitydev/SigmaHQ.git
synced 2024-11-07 09:48:58 +00:00
ImageLoaded mapping added
This commit is contained in:
bar
parent
80e6e933a9
commit
da30266c60
@ -84,7 +84,7 @@ fieldmappings:
|
|||||||
Image:
|
Image:
|
||||||
- process:image_ref.name
|
- process:image_ref.name
|
||||||
ImageLoadedTempPath:
|
ImageLoadedTempPath:
|
||||||
- process:image_ref.x_temp_path
|
- process:extensions.windows-service-ext.service_dll_refs[*].x_temp_path
|
||||||
ImageName:
|
ImageName:
|
||||||
- process:image_ref.name
|
- process:image_ref.name
|
||||||
ImagePath:
|
ImagePath:
|
||||||
@ -101,9 +101,9 @@ fieldmappings:
|
|||||||
IntegrityLevel:
|
IntegrityLevel:
|
||||||
- x-windows:integritylevel
|
- x-windows:integritylevel
|
||||||
LoadedImage:
|
LoadedImage:
|
||||||
- process:image_ref.name
|
- process:extensions.windows-service-ext.service_dll_refs[*].name
|
||||||
LoadedImageName:
|
LoadedImageName:
|
||||||
- process:image_ref.name
|
- process:extensions.windows-service-ext.service_dll_refs[*].name
|
||||||
LogonType:
|
LogonType:
|
||||||
- x-windows:logontype
|
- x-windows:logontype
|
||||||
MD5Hash:
|
MD5Hash:
|
||||||
@ -248,9 +248,9 @@ fieldmappings:
|
|||||||
event_data.Image:
|
event_data.Image:
|
||||||
- process:image_ref.name
|
- process:image_ref.name
|
||||||
event_data.ImageLoaded:
|
event_data.ImageLoaded:
|
||||||
- process:image_ref.name
|
- process:extensions.windows-service-ext.service_dll_refs[*].name
|
||||||
ImageLoaded:
|
ImageLoaded:
|
||||||
- process:image_ref.name
|
- process:extensions.windows-service-ext.service_dll_refs[*].name
|
||||||
event_data.ImagePath:
|
event_data.ImagePath:
|
||||||
- process:image_ref.name
|
- process:image_ref.name
|
||||||
event_data.ParentCommandLine:
|
event_data.ParentCommandLine:
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user