mirror of
https://github.com/valitydev/SigmaHQ.git
synced 2024-11-09 02:26:48 +00:00
24 lines
795 B
YAML
24 lines
795 B
YAML
title: Audit CVE Event
|
|
id: 48d91a3a-2363-43ba-a456-ca71ac3da5c2
|
|
status: experimental
|
|
description: Detects events generated by Windows to indicate the exploitation of a known vulnerability (e.g. CVE-2020-0601)
|
|
references:
|
|
- https://twitter.com/mattifestation/status/1217179698008068096
|
|
- https://twitter.com/VM_vivisector/status/1217190929330655232
|
|
- https://twitter.com/davisrichardg/status/1217517547576348673
|
|
- https://twitter.com/DidierStevens/status/1217533958096924676
|
|
- https://twitter.com/FlemmingRiis/status/1217147415482060800
|
|
author: Florian Roth
|
|
date: 2020/01/15
|
|
logsource:
|
|
product: windows
|
|
service: application
|
|
detection:
|
|
selection:
|
|
Source: 'Microsoft-Windows-Audit-CVE'
|
|
condition: selection
|
|
falsepositives:
|
|
- Unknown
|
|
level: critical
|
|
|