valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 18:23:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
0bbf40fb14
SigmaHQ/rules/windows/builtin/win_audit_cve.yml
Florian Roth 4066ae6371 rule: added a reference
2020-01-24 15:31:06 +01:00

24 lines
795 B
YAML
Raw Blame History

title: Audit CVE Event
id: 48d91a3a-2363-43ba-a456-ca71ac3da5c2
status: experimental
description: Detects events generated by Windows to indicate the exploitation of a known vulnerability (e.g. CVE-2020-0601)
references:
- https://twitter.com/mattifestation/status/1217179698008068096
- https://twitter.com/VM_vivisector/status/1217190929330655232
- https://twitter.com/davisrichardg/status/1217517547576348673
- https://twitter.com/DidierStevens/status/1217533958096924676
- https://twitter.com/FlemmingRiis/status/1217147415482060800
author: Florian Roth
date: 2020/01/15
logsource:
product: windows
service: application
detection:
selection:
Source: 'Microsoft-Windows-Audit-CVE'
condition: selection
falsepositives:
- Unknown
level: critical
Reference in New Issue View Git Blame Copy Permalink